Difference between revisions of "UCoIP DNS/firewall configuration"
(→Firewall/Router configuration) |
|||
| Line 7: | Line 7: | ||
<pre> | <pre> | ||
DNS domain: domain.com | DNS domain: domain.com | ||
| − | IPBrick FQDN: | + | IPBrick FQDN: srv001.domain.com |
| − | Public IP associated to IPBrick: | + | Public IP associated to IPBrick: 85.86.87.88 |
User UCoIP page to create: jsmith.domain.com | User UCoIP page to create: jsmith.domain.com | ||
</pre> | </pre> | ||
| Line 17: | Line 17: | ||
<pre> | <pre> | ||
| − | + | srv001 IN A 85.86.87.88 | |
| − | webrtc | + | voip IN A 85.86.87.88 |
| − | cafe | + | webrtc IN A 85.86.87.88 |
| − | ucoip | + | cafe IN A 85.86.87.88 |
| − | im | + | ucoip IN A 85.86.87.88 |
| + | im IN A 85.86.87.88 | ||
</pre> | </pre> | ||
| Line 27: | Line 28: | ||
<pre> | <pre> | ||
| − | jwchat CNAME | + | jwchat IN CNAME srv001 |
| − | webphone CNAME | + | webphone IN CNAME srv001 |
| − | groupware CNAME | + | groupware IN CNAME srv001 |
| − | jsmith CNAME | + | webmail IN CNAME srv001 |
| − | webrtcproxy CNAME | + | jsmith IN CNAME srv001 |
| + | webrtcproxy IN CNAME srv001 | ||
</pre> | </pre> | ||
| Line 72: | Line 74: | ||
<pre> | <pre> | ||
| − | domain.com MX 5 | + | domain.com. IN MX 5 srv001.domain.com. |
</pre> | </pre> | ||
Costumer ISP must add this PTR record at reverse DNS zone: | Costumer ISP must add this PTR record at reverse DNS zone: | ||
| − | 88. | + | 88.87.86.85.in-addr.arpa. IN PTR srv001.domain.com. |
=Firewall/Router configuration= | =Firewall/Router configuration= | ||
Revision as of 17:04, 13 April 2016
DNS configuration
In order to get the full UCoIP concept working at LAN/Internet it's necessary to configure some DNS records at internal and external DNS servers of the company domain.
Next is given an example for the public DNS zone configuration. In that example lets suppose that:
DNS domain: domain.com IPBrick FQDN: srv001.domain.com Public IP associated to IPBrick: 85.86.87.88 User UCoIP page to create: jsmith.domain.com
So in this case we need to configure the following DNS records:
A records:
srv001 IN A 85.86.87.88 voip IN A 85.86.87.88 webrtc IN A 85.86.87.88 cafe IN A 85.86.87.88 ucoip IN A 85.86.87.88 im IN A 85.86.87.88
CNAME records:
jwchat IN CNAME srv001 webphone IN CNAME srv001 groupware IN CNAME srv001 webmail IN CNAME srv001 jsmith IN CNAME srv001 webrtcproxy IN CNAME srv001
SRV records for VoIP (SIP):
_sips._tcp.domain.com. IN SRV 1 0 5061 voip.domain.com. _sip._tcp.domain.com. IN SRV 1 0 5060 voip.domain.com. _sip._udp.domain.com. IN SRV 1 0 5060 voip.domain.com.
SRV records for chat (Jabber/XMPP):
_jabber._tcp.domain.com. 86400 IN SRV 5 0 5269 im.domain.com. _xmpp-server._tcp.domain.com. 86400 IN SRV 5 0 5269 im.domain.com. _xmpp-client._tcp.domain.com. 86400 IN SRV 5 0 5222 im.domain.com.
SRV record for UCoIP:
_ucoip._tcp.domain.com. 86400 IN SRV 1 0 80 ucoip.domain.com.
SRV record for CAFE:
_cafe._tcp.domain.com. 86400 IN SRV 1 0 443 cafe.domain.com.
SRV record for WebRTC:
_webrtc._tcp.domain.com. 86400 IN SRV 1 0 8888 webrtc.domain.com.
If IPBrick will be the email server, we need to modify/add the MX record:
domain.com. IN MX 5 srv001.domain.com.
Costumer ISP must add this PTR record at reverse DNS zone:
88.87.86.85.in-addr.arpa. IN PTR srv001.domain.com.
Firewall/Router configuration
UCoIP concept uses many services running on their standard ports. IPBrick firewall is prepared to accept all this traffic at public interface (eth1).
But if IPBrick public interface is behind a NAT at Router/Firewall, its necessary to forward the necessary traffic to IPBrick. The list is:
HTTP - 80 TCP HTTPS - 443 TCP SMTP - 25 TCP SIP - 5060 UDP/TCP SIPS - 5061 TCP RTP - 40000:45000 UDP RTP - 50000:55000 UDP RTP - 60000:65000 UDP XMPP - 5222 TCP XMPP - 5269 TCP XMPPS - 5223 TCP WebRTC - 8888 TCP Webphone - 10060 UDP/TCP Webphone - 10062 TCP
NOTE: With update04_6.1, it's crucial too to have a Wildcard SSL Certificate. More information here:
