ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    What Are You Doing Right Now

    Scheduled Pinned Locked Moved Water Closet
    time waster
    88.9k Posts 285 Posters 42.4m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • EddieJenningsE
      EddieJennings
      last edited by

      I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.

      JaredBuschJ 1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch @EddieJennings
        last edited by

        @eddiejennings said in What Are You Doing Right Now:

        I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.

        My point was why are you needing to open something INBOUND

        EddieJenningsE 1 Reply Last reply Reply Quote 0
        • EddieJenningsE
          EddieJennings @JaredBusch
          last edited by EddieJennings

          @jaredbusch said in What Are You Doing Right Now:

          @eddiejennings said in What Are You Doing Right Now:

          I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.

          My point was why are you needing to open something INBOUND

          The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @EddieJennings
            last edited by

            @eddiejennings said in What Are You Doing Right Now:

            @jaredbusch said in What Are You Doing Right Now:

            @eddiejennings said in What Are You Doing Right Now:

            I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.

            My point was why are you needing to open something INBOUND

            The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?

            Then you need 443, 5061, and some range of ports for RTP.

            Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.

            For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.

            EddieJenningsE 1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch
              last edited by

              The PBX itself does not needs SSL installed (self signed is already there).

              1 Reply Last reply Reply Quote 0
              • EddieJenningsE
                EddieJennings @JaredBusch
                last edited by

                @jaredbusch said in What Are You Doing Right Now:

                @eddiejennings said in What Are You Doing Right Now:

                @jaredbusch said in What Are You Doing Right Now:

                @eddiejennings said in What Are You Doing Right Now:

                I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.

                My point was why are you needing to open something INBOUND

                The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?

                Then you need 443, 5061, and some range of ports for RTP.

                Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.

                For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.

                That was the plan. I like the idea of reducing the range of ports for RTP. 🙂

                JaredBuschJ 1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @EddieJennings
                  last edited by JaredBusch

                  @eddiejennings said in What Are You Doing Right Now:

                  @jaredbusch said in What Are You Doing Right Now:

                  @eddiejennings said in What Are You Doing Right Now:

                  @jaredbusch said in What Are You Doing Right Now:

                  @eddiejennings said in What Are You Doing Right Now:

                  I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.

                  My point was why are you needing to open something INBOUND

                  The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?

                  Then you need 443, 5061, and some range of ports for RTP.

                  Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.

                  For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.

                  That was the plan. I like the idea of reducing the range of ports for RTP. 🙂

                  Note, I said 5061 and not 5060. That is the TLS port for PJSIP.

                  You don't' want your phone sending its login over clear text do you?

                  EddieJenningsE 1 Reply Last reply Reply Quote 1
                  • EddieJenningsE
                    EddieJennings @JaredBusch
                    last edited by

                    @jaredbusch said in What Are You Doing Right Now:

                    @eddiejennings said in What Are You Doing Right Now:

                    @jaredbusch said in What Are You Doing Right Now:

                    @eddiejennings said in What Are You Doing Right Now:

                    @jaredbusch said in What Are You Doing Right Now:

                    @eddiejennings said in What Are You Doing Right Now:

                    I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.

                    My point was why are you needing to open something INBOUND

                    The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?

                    Then you need 443, 5061, and some range of ports for RTP.

                    Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.

                    For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.

                    That was the plan. I like the idea of reducing the range of ports for RTP. 🙂

                    Note, I said 5061 and not 5060. That is the TLS port for PJSIP.

                    You don't' want your phone sending it's login over clear text do you?

                    I do not, another good idea. On that note, will Yealink phones gripe about the fact that the PBX is presenting a self-signed cert?

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @EddieJennings
                      last edited by

                      @eddiejennings said in What Are You Doing Right Now:

                      @jaredbusch said in What Are You Doing Right Now:

                      @eddiejennings said in What Are You Doing Right Now:

                      @jaredbusch said in What Are You Doing Right Now:

                      @eddiejennings said in What Are You Doing Right Now:

                      @jaredbusch said in What Are You Doing Right Now:

                      @eddiejennings said in What Are You Doing Right Now:

                      I suppose I could attach the NIC of FreePBX to the NIC on my host using macvtap, and bypass my firewall VM.

                      My point was why are you needing to open something INBOUND

                      The IP phone at my home will need to grab a configuration over the Internet. Also, it will send traffic outbound (inbound to the PBX) to register the extension, will it not?

                      Then you need 443, 5061, and some range of ports for RTP.

                      Obviously 443 should hit your reverse proxy. The rest are straight to your PBX.

                      For the RTP ports, I suggest setting a small range in your phone's config to force it to use a known set of port and then only forward those to reduce the exposure.

                      That was the plan. I like the idea of reducing the range of ports for RTP. 🙂

                      Note, I said 5061 and not 5060. That is the TLS port for PJSIP.

                      You don't' want your phone sending it's login over clear text do you?

                      I do not, another good idea. On that note, will Yealink phones gripe about the fact that the PBX is presenting a self-signed cert?

                      No.

                      1 Reply Last reply Reply Quote 0
                      • siringoS
                        siringo
                        last edited by

                        Signing up as a new user & typing this!

                        1 Reply Last reply Reply Quote 2
                        • jt1001001J
                          jt1001001
                          last edited by

                          Headed to Syracuse office today to install network gear

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            Good morning!

                            1 Reply Last reply Reply Quote 0
                            • EddieJenningsE
                              EddieJennings
                              last edited by

                              An observation: I don't know how folks effectively tested stuff before there were VMs. It's so nice to make a change, and if something breaks, apply a snapshot.

                              scottalanmillerS black3dynamiteB 3 Replies Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller @EddieJennings
                                last edited by

                                @eddiejennings said in What Are You Doing Right Now:

                                An observation: I don't know how folks effectively tested stuff before there were VMs. It's so nice to make a change, and if something breaks, apply a snapshot.

                                We had second hardware.

                                1 Reply Last reply Reply Quote 3
                                • scottalanmillerS
                                  scottalanmiller @EddieJennings
                                  last edited by

                                  @eddiejennings said in What Are You Doing Right Now:

                                  VMs. It's so nice to make a change, and if something breaks, apply a snapshot.

                                  That's a storage thing, not a VM thing. VMs didn't give us snapshots. We used snapshots the same before VMs.

                                  1 Reply Last reply Reply Quote 0
                                  • black3dynamiteB
                                    black3dynamite @EddieJennings
                                    last edited by

                                    @eddiejennings said in What Are You Doing Right Now:

                                    An observation: I don't know how folks effectively tested stuff before there were VMs. It's so nice to make a change, and if something breaks, apply a snapshot.

                                    We use to setup a small recovery partition in case we needed to do a restore.

                                    We also used software like deep freeze too.

                                    Having a second computer help with testing as well.

                                    1 Reply Last reply Reply Quote 2
                                    • RojoLocoR
                                      RojoLoco
                                      last edited by

                                      So yeah... we got power back about an hour ago finally. And now I have a dev server's RAID card acting up. Hopefully the rebuild will go well.

                                      Also, eat a dick Georgia Power. Clumsy bastards.

                                      1 Reply Last reply Reply Quote 1
                                      • travisdh1T
                                        travisdh1
                                        last edited by

                                        Just got a wazuh server up and verified that a client actually connected to it. Tomorrow I get to do the rest of the clients on the managed network.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Been a crazy busy day here, just poured some whiskey.

                                          1 Reply Last reply Reply Quote 0
                                          • EddieJenningsE
                                            EddieJennings
                                            last edited by

                                            Following https://mangolassi.it/topic/16651/install-nginx-as-a-reverse-proxy-on-fedora-27 and actually understanding why the steps are what they are 😄

                                            JaredBuschJ 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 2904
                                            • 2905
                                            • 2906
                                            • 2907
                                            • 2908
                                            • 4443
                                            • 4444
                                            • 2906 / 4444
                                            • First post
                                              Last post