Just a few words on where we stand...
While you were sleeping, there was a major cleanup of the IPtables setup. The firewall now is pretty much locked down to your server's IP address as well as your public IP address where you installed everything and, of course, the 192.168 and 10.0 (non-routable) private subnets. SIP has been restricted to the Incredible PBX Trusted Providers List. IPv6 is locked down to localhost access only! If you attempt to connect to a provider and get nowhere, chances are they're not in "The List." Let me know and we'll add them. You can edit
/etc/iptables/rules.v4 and add them yourself as necessary until we get Travelin' Man 3 reworked. Also be sure to add other safe IP addresses if you move around and need access from different IP addresses. You don't want to get locked out of your own server. And don't forget to restart IPtables to load your updates. The magic command:
Code:
/etc/init.d/iptables-persistent restart
If you add new rules, run the restart command above, and get a
fail instead of
OK, then you can debug the problem with the following commands for v4 and v6 rules:
Code:
iptables-restore < /etc/iptables/rules.v4
ip6tables-restore < /etc/iptables/rules.v6
If you need to verify whether IPtables is the culprit in blocking something you need, you can momentarily turn off IPtables with the following command.
Don't forget to restart it!
Code:
/etc/init.d/iptables-persistent flush
Here's a quick summary of how the Incredible PBX installation pieces all fit together. The
incrediblepbx11.4.ubuntu14 script kicks off the installation. It loads the
expect app which watches for keystrokes and then performs some task (such as pressing the Enter key). The script then downloads the
incrediblepbx11-ubuntu.tar.gz tarball which includes
IncrediblePBX11.sh and the expect script,
incredible-installer.sh. It then runs the expect script which kicks off the
IncrediblePBX11.sh script which houses the entire build system for Incredible PBX. If you make changes in the build system, you need to be careful to add your stuff at the end and just before Have a nice day! The install dies as soon as the expect script sees "Have a nice day!" If there are prompts for your added pieces, then these need to be added to the expect script as well (just above the Have a nice day! entry). In other words, it gets complicated. This is what bit us in the butt yesterday when we added the
mailutils app in the wrong place. Ubuntu was smart enough to figure out that there was no mail server in place so it went about installing postfix even though we didn't want it. That threw up a bunch of unexpected (by me) prompts. By adding it
after sendmail is up and running, all of these prompts go away. That's now been fixed. All we wanted was the Plain Old mail app to read internal mail on the server. And now it's there by typing:
mail.
Later this morning we'll be adding AsteriDex, and then we'll turn our attention to getting the automatic update utility in place so that, when you log in as root, it brings your server current. I was reluctant to implement this until we got to a fairly stable build so that there's not a constant upgrade bombardment of your server. Once we turn this on, it pretty much freezes the install components because we have to have a known system in order to keep the updates straight.
For those that want Speech Recognition and voice dialing and Wolfram Alpha and Weather forecasts by saying the name of a city, you'll need to jump through the (already documented)
Google Speech Recognition hoops to get it working. The wolfram installer is in the /root directory once you have your Wolfram credentials. Wolfram Alpha obviously won't work until you have speech recognition working on your server.
If you're new to all of this, you can review what's in place within FreePBX by choosing
Applications -> Misc Destinations. That will tell you what number to dial to trigger the various apps. More to come!
Next, we need to tackle Travelin' Man 3 and 4 to get WhiteLists implemented so that it's simple to add new addresses. It's worth noting that this really is the first product we've released that comes locked down out of the box whether you like it or not. Given the security issues on the Internet, I really think that's the way to go, but I'm all ears if there is a different point of view.
Stay tuned and thanks to our pioneers!!!