- •Table of Contents
- •Introduction
- •What This Book Covers
- •Conventions
- •Reader Feedback
- •Customer Support
- •Errata
- •Questions
- •What is Asterisk?
- •Asterisk is a PBX
- •Station-To-Station Calls
- •Line Trunking
- •Telco Features
- •Advanced Call Distribution
- •Call Detail Records
- •Call Recording
- •Asterisk is an IVR System
- •Asterisk is a Voicemail System
- •Asterisk is a Voice over IP (VoIP) System
- •What Asterisk Isn't
- •Asterisk is Not an Off-the-Shelf Phone System
- •Asterisk is Not a SIP Proxy
- •Asterisk Does Not Run on Windows
- •Is Asterisk a Good Fit for Me?
- •Trade-Offs
- •Flexibility versus Ease of Use
- •Graphical versus Configuration File Management
- •Calculating Total Cost of Ownership
- •Return on Investment
- •Summary
- •The Public Switched Telephony Network (PSTN)
- •Connection Methods
- •Plain Old Telephone Service (POTS) Line
- •Integrated Services Digital Network (ISDN)
- •Voice over IP Connections
- •Determining Our Needs
- •Terminal Equipment
- •Types of Terminal Devices
- •Hard Phones
- •Soft Phones
- •Communications Devices
- •Another PBX
- •Choosing a Device
- •Features, Features, and More Features…
- •Determining True Cost
- •Compatibility with Asterisk
- •Sound Quality Analysis
- •Usability Issues
- •Recording Decisions
- •How Much Hardware do I Need?
- •Choosing the Extension Length
- •Summary
- •Preparing to Install Asterisk
- •Obtaining the Source Files
- •Installing Zaptel
- •Installing libpri
- •Installing Asterisk
- •Getting to Know Asterisk
- •Summary
- •Zaptel Interfaces
- •zaptel.conf
- •Lines
- •Terminals
- •zapata.conf
- •Lines
- •Terminals
- •SIP Interfaces
- •IAX Interfaces
- •Voicemail
- •Music On Hold
- •Queues
- •Conference Rooms
- •Summary
- •Creating a Context
- •Creating an Extension
- •Creating Outgoing Extensions
- •Advanced Call Distribution
- •Call Queues
- •Call Parking
- •Direct Inward Dialing (DID)
- •Automated Attendants
- •System Services
- •Summary
- •Call Detail Records
- •Flat-File CDR Logging
- •Database CDR Logging
- •Monitoring Calls
- •Recording Calls
- •Legal Concerns
- •Summary
- •CentOS
- •Preparation and Installation
- •The Asterisk Management Portal (AMP)
- •Maintenance
- •Setup
- •Flash Operator Panel (FOP)
- •Flash Operator Configuration Files
- •Web MeetMe
- •Flexibility When Needed
- •A Simple One-to-One PBX
- •Extensions
- •Trunks
- •Routes
- •Customer Relationship Management/SugarCRM
- •Adding Contacts
- •Call Scheduling
- •Administration of SugarCRM
- •Configure Settings
- •User Management
- •User Roles
- •Summary
- •Small Office/Home Office
- •The Scenario
- •The Discussion
- •The Configuration
- •zaptel.conf
- •zapata.conf
- •musiconhold.conf
- •voicemail.conf
- •modules.conf
- •extensions.conf
- •Conclusions
- •Small Business
- •The Scenario
- •The Discussion
- •The Configuration
- •zaptel.conf
- •zapata.conf
- •musiconhold.conf
- •agents.conf
- •queues.conf
- •sip.conf
- •meetme.conf
- •voicemail.conf
- •extensions.conf
- •Conclusions
- •Hosted PBX
- •The Scenario
- •The Discussion
- •The Configuration
- •zaptel.conf
- •zapata.conf
- •musiconhold.conf
- •sip.conf
- •voicemail.conf
- •extensions.conf
- •Conclusions
- •Summary
- •Backup and System Maintenance
- •Backing Up Configurations
- •Backing Up Log Files
- •Backup Scripts
- •Time Synchronization
- •Adding It All to cron
- •Rebuilding and Restoring the Asterisk Server
- •Disaster Recovery Plan (DRP)
- •Asterisk Server Security
- •Internal Access Control
- •Host Security Hardening for Asterisk
- •Integrity Checker
- •Root-Kit Detection
- •Automated Hardening
- •Role Based Access Control (RBAC)
- •Network Security for Asterisk
- •Firewalling the Asterisk Protocols
- •SIP (Session Initiation Protocol)
- •RTP—The Real-Time Transport Protocol
- •Controlling Administration of Asterisk
- •Asterisk Scalability
- •Load Balancing with DNS
- •Support Channels for Asterisk
- •Mailing Lists
- •Forums
- •IRC (Internet Relay Chat)
- •Digium
- •Summary
- •Index
Chapter 9
To firewall H.323, we need to permit incoming and outbound connections on ports 1720 TCP and UDP ports 5000-5014.
IAX
IAX is a lot more straightforward than either H.323 or SIP as it was designed with the limits imposed by NAT in mind. You can easily allow this traffic through your firewall NAT with minimal fuss.
IAX uses port 4569 UDP outbound and inbound for communication. The old IAX protocol, mentioned in an earlier chapter and succeeded by the current IAX (IAX2), used 5036 UDP.
IAX is also more powerful than either H.323 or SIP and has several features that make VoIP administration and use much easier. For example, it has enhanced signaling capabilities and separates signaling and data more effectively. Also as IAX is not a standard and therefore has no standards body monitoring the decision process, modifications can be made more easily.
RTP—The Real-Time Transport Protocol
RTP is the protocol often used to carry the audio data in a VoIP conversation; it is a standard developed by the IETF (Internet Engineering Task Force). It can also be used to carry video data and is designed specifically to handle this sort of real-time data. It attempts to guarantee that the data will be transmitted and received in a short period of time. Obviously latency in voice conversations can be problem, so RTP avoids this latency as much as possible and concentrates on timely delivery of data.
To allow RTP to function, we would have to allow the following ports inbound and outbound from our Asterisk server: 10000 to 20000 UDP
Controlling Administration of Asterisk
As we have set up Asterisk to access files owned by the root user and Asterisk group, this means that the Asterisk service can read and write only to the files it requires. We, however, may have to perform additional maintenance tasks such as adding extensions, creating new voicemail boxes and so on.
As Asterisk configuration is managed by modifying flat files, we manage this configuration by logging on to the server with an interactive session, at the local console or remotely. To follow best practice, we wouldn't login directly as the root user, but more likely as the Asterisk user. If we did need to edit any files the Asterisk user doesn't have privileges for, then we would switch user to root using the su command:
$ su -
Password:[root password]
151