Blocking all non-local IPs?

T

techietype

New Member
Joined
Jan 6, 2010
Messages
6
Reaction score
0
Hi there,

This is kind of a newbie question, but I just set up PIAF on an old pc, and I wanted to know the best way to ensure that only users who are on the same physical network as the box can administer it (from SSH access to FreePBX and everything in between). I'm just starting to learn about iptables, but what that be the way to go to ensure that only local IPs/computers can access the box? If so, any pointers as to what steps need to be taken to set that up?

Thanks in advanced for any help!
- Jake
 
Also, what is the best way to take regular (monthly) backups of the entire system? Is there any automatic backup feature?
 
hi

IP tables are easiest controlled via Webmin, but you could sidestep this, and just put your box behind an external firewall or router.

Look at Mondo backup. I've never used it, as creating a new install is quick and easy, so making sure you have regular offsite freepbx backups and other relevant files is usually sufficient to restore a system in short order from bare metal.

Joe
 
Thanks for your suggestions! The box is currently behind a router that has a built in firewall. What ports should I specifically block to it? Which ones should I make sure are open?

I'll look into Mondo - while freepbx backups are very good, I want to make a backup of the entire system once everything is set up for the first time, just in case :)
 
What ports should I specifically block to it?
Click to expand...

That would depend on what services you would like to allow the outside world to access.

Start by blocking everything, then open up one service at a time until you have the desired result.

Joe
 
I don't want any computers that are not on my local network to be able to administer the machine what so ever (no ssh, no access to FreePBX or web voicemail, etc...). Opening ports one at a time sounds like a good plan, but which ports (other than 5060 and 5090) do I need to keep open for sip trunking (vitelity) and for postfix to send out voicemail-to-email messages?

Thanks for your help!
 
Anything going out does not need a port open, only stuff coming in uninvited.

Joe
 
Ok then technically the only port that would need to be open is 5090, right? (for inbound sip signaling)?

Sorry to sound like such a newb!
 
You must log in or register to reply here.

Members online

Total: 48 (members: 3, guests: 45)

Latest Posts

Forum statistics

Threads
26,686
Messages
174,406
Members
20,257
Latest member
Dempan
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top