For those who have their trixbox Pro server open to the Internet, or who just love locking things down…this article is for you. Enjoy!
http://sureteq.com/asterisk/trixbox_Pro_firewall.htm
-Chris
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
By default, trixbox Pro’s DNS server (BIND v9) comes enabled, but is only configured to answer requests on the localhost address (127.0.0.1). This guide will show you how to enable DNS for all ethernet interfaces, and also how to set up a forwarder to another DNS server to handle unresolved requests. (more…)
I have been going through the process of beefing up the trixbox Reseller wiki lately, and I have just added a new article entitled ‘DHCP 101′ which details the configuration of DHCP services on the trixbox Pro.
If you are a trixbox Pro Reseller, but don’t have a logon to the new wiki, please let me know! Based on your permissions, the reseller section will appear or not. http://help.trixbox.com.
Ok, so I’ve been a big fan of both Amazon S3 and JungleDisk for a long time now, and it struck me as the perfect solution to backing up trixbox Pro. By default, only system configuration files are backed up by Fonality’s Hybrid-Hosted model…but what about system recordings, ACD recordings, and voicemails? By utilizing the power of Amazon S3, you can safely and securely back up your trixbox Pro (and with very little cost).
Here’s how it’s done: http://sureteq.com/asterisk/jungledisk.htm
Enjoy!
-Schwood
Ok, so most of the legwork for this blog post was done by Ricardo Villa who posted this article detailing how to install trixbox CE v2.2 from a USB flash drive. I took most of the information below from that article, but made a few tweaks for trixbox Pro. Mad props to Ricardo for his original article.
That being said, the reason for this article is that I had a customer ask me recently about how to reinstall the trixbox Pro ISO on his trixbox Appliance (which has no optical media). He was trying to get it to work, but was crunched for time, and ended up purchasing a USB CDROM to get it installed (which, by the way, is the preferred method of reinstalling trixbox CE or Pro on an Appliance). If, however, you don’t have a USB CDROM, I have figured out the necessary tweaks to Ricardo’s article to get this working with trixbox Pro. Here we go… (more…)
Ok, so I’ve been doing a lot of testing with a trixbox Appliance running trixbox Pro CCE v2.0. The Appliance is configured with a Sangoma A200 (4 FXO) card, an onboard NIC, and a 4 port NIC card. By default, the onboard NIC is the WAN, and the 4 port NIC card is the LAN. In my case, I have the onboard NIC plugged into my LAN, and I am using the 4 port card as a separate LAN for my phones.
One of the issues I ran into was that I couldn’t get to the web interfaces of my phones through my Appliance. I could ping the ‘WAN’ side of my Appliance (the onboard NIC), but none of my traffic could get through to the back-end LAN. Phones were working fine, but sometimes I need to get to their GUIs…and I don’t want to have to put a computer on the other side of the Appliance in order to do so.
To do this, I had to enable IP forwarding which is turned off by default. This is done in the sysctl.conf file…but I’m getting ahead of myself. First, I had to make sure that my NICs were properly set up. (more…)
EDIT 2/11/09 – For the latest and most complete set of instructions on setting security for trixbox CE v2.6, please see chapter 5 of my trixbox CE v2.6.2 Complete Setup Guide for Small Business located at http://sureteq.com/asterisk/trixboxv2.6.2.htm.
Back to the post…
——————————–
So, when you log into trixbox CE v2.6 and go to ‘PBX Settings,’ you are told that your default admin and mysql passwords should be changed…here’s how to do it. A cleaner, HTML version of these instructions can be found at http://sureteq.com/asterisk/trixbox_CE_v2.6_security.htm. (more…)
So, like most folks out there, I’m concerned with security, but I love having remote access to servers so that I can work from anywhere. Opening up SSH (TCP port 22) is fairly common when administering trixbox, or any Linux server for that matter, but leaving it open also increases your chances that someone can exploit that service and compromise your server.
One way to stop a hacker from having their way with your SSH port is to disallow password authentication, and allow RSA public/private key pair authentication only. A key pair in conjunction with a strong passphrase brings the chances of being compromised to almost zero.
I have posted a new article on how to create your public/private key pairs in two popular SSH programs (PuTTY and SecureCRT), how to install the public key on your Linux server, and finally, how to configure SSH to accept key pair authentication only.
Configuring secure RSA authentication for Linux
Enjoy!
-Schw00d
If you are as impatient as I am, you are sick and tired of waiting 30 seconds for Kudzu (the Linux hardware detection wizard) to time out every time you reboot your Trixbox. Here’s how to change the Kudzu timeout:
From your Linux CLI, do the following:
nano /etc/rc.d/init.d/kudzu
Scroll down to line 50 and change:
/usr/sbin/kudzu $KUDZU_ARGS -t 30
to
/usr/sbin/kudzu $KUDZU_ARGS -t 5
CTRL+X to exit and then Y when asked to save.
The -t option is the timeout value. I set it to 5 seconds instead of 30, but set it to whatever timeout you feel comfortable with. Use the extra 25 seconds wisely!
-Schw00d