Revision as of 16:12, 9 August 2016

DNS configuration

In order to get the full UCoIP concept working at LAN/Internet it's necessary to configure some DNS records at internal and external DNS servers of the company domain.

Next is given an example for the public DNS zone configuration. In that example lets suppose that:

DNS domain: domain.com
IPBrick FQDN: srv001.domain.com
Public IP associated to IPBrick: 85.86.87.88
User UCoIP page to create: jsmith.domain.com

So in this case we need to configure the following DNS records:

A records:

srv001.domain.com.        IN A     85.86.87.88
voip.domain.com.          IN A     85.86.87.88
webrtc.domain.com.        IN A     85.86.87.88
cafe.domain.com.          IN A     85.86.87.88
ucoip.domain.com.         IN A     85.86.87.88
im.domain.com.            IN A     85.86.87.88

CNAME records:

jwchat.domain.com.             IN CNAME   srv001.domain.com.
webphone.domain.com.           IN CNAME   srv001.domain.com.
groupware.domain.com.	   IN CNAME   srv001.domain.com.
webmail.domain.com. 	   IN CNAME   srv001.domain.com.
jsmith.domain.com.             IN CNAME   srv001.domain.com.
webrtcproxy.domain.com.        IN CNAME   srv001.domain.com.

SRV records for VoIP (SIP):

_sips._tcp.domain.com.     IN     SRV   1   0   5061   voip.domain.com.
_sip._tcp.domain.com.      IN     SRV   1   0   5060   voip.domain.com.
_sip._udp.domain.com.      IN     SRV   1   0   5060   voip.domain.com.

SRV records for chat (Jabber/XMPP):

_jabber._tcp.domain.com.       IN SRV 5 0 5269 im.domain.com.
_xmpp-server._tcp.domain.com.  IN SRV 5 0 5269 im.domain.com.
_xmpp-client._tcp.domain.com.  IN SRV 5 0 5222 im.domain.com.

SRV record for UCoIP:

_ucoip._tcp.domain.com.        IN SRV 1 0 80   ucoip.domain.com.

SRV record for CAFE:

_cafe._tcp.domain.com.         IN SRV 1 0 443  cafe.domain.com.

SRV record for WebRTC:

_webrtc._tcp.domain.com.       IN SRV 1 0 8888 webrtc.domain.com.

If IPBrick will be the email server, we need to modify/add the MX record:

domain.com.         IN MX       5     srv001.domain.com.

Costumer ISP must add this PTR record at reverse DNS zone:

88.87.86.85.in-addr.arpa.     IN PTR      srv001.domain.com.

Firewall/Router configuration

UCoIP concept uses many services running on their standard ports. IPBrick firewall is prepared to accept all this traffic at public interface (eth1).

But if IPBrick public interface is behind a NAT at Router/Firewall, its necessary to forward the necessary traffic to IPBrick. The list is:

HTTP           - 80 TCP
HTTPS          - 443 TCP
SMTP           - 25 TCP
SIP            - 5060 UDP/TCP
SIPS           - 5061 TCP
RTP            - 40000:45000 UDP
RTP            - 50000:55000 UDP
RTP            - 60000:65000 UDP
XMPP-client    - 5222 TCP
XMPP-server    - 5269 TCP
XMPPS          - 5223 TCP
WebRTC         - 8888 TCP
Webphone       - 10060 UDP/TCP
Webphone       - 10062 TCP

NOTE: With update04_6.1, it's crucial too to have a Wildcard SSL Certificate. More information here:

Update04 security guide

How to buy and configure a SSL certificate at IPBrick

@@ Line 17: / Line 17: @@
 <pre>
-srv001        IN A     85.86.87.88
+srv001.domain.com.        IN A     85.86.87.88
-voip          IN A     85.86.87.88
+voip.domain.com.          IN A     85.86.87.88
-webrtc        IN A     85.86.87.88
+webrtc.domain.com.        IN A     85.86.87.88
-cafe          IN A     85.86.87.88
+cafe.domain.com.          IN A     85.86.87.88
-ucoip         IN A     85.86.87.88
+ucoip.domain.com.         IN A     85.86.87.88
-im            IN A     85.86.87.88
+im.domain.com.            IN A     85.86.87.88
 </pre>
@@ Line 28: / Line 28: @@
 <pre>
-jwchat             IN CNAME   srv001
+jwchat.domain.com.             IN CNAME   srv001.domain.com.
-webphone           IN CNAME   srv001
+webphone.domain.com.           IN CNAME   srv001.domain.com.
-groupware	   IN CNAME   srv001
+groupware.domain.com.	   IN CNAME   srv001.domain.com.
-webmail 	   IN CNAME   srv001
+webmail.domain.com. 	   IN CNAME   srv001.domain.com.
-jsmith             IN CNAME   srv001
+jsmith.domain.com.             IN CNAME   srv001.domain.com.
-webrtcproxy        IN CNAME   srv001
+webrtcproxy.domain.com.        IN CNAME   srv001.domain.com.
 </pre>
@@ Line 47: / Line 47: @@
 <pre>
-_jabber._tcp.domain.com.      86400 IN SRV 5 0 5269 im.domain.com.
+_jabber._tcp.domain.com.       IN SRV 5 0 5269 im.domain.com.
-_xmpp-server._tcp.domain.com. 86400 IN SRV 5 0 5269 im.domain.com.
+_xmpp-server._tcp.domain.com.  IN SRV 5 0 5269 im.domain.com.
-_xmpp-client._tcp.domain.com. 86400 IN SRV 5 0 5222 im.domain.com.
+_xmpp-client._tcp.domain.com.  IN SRV 5 0 5222 im.domain.com.
 </pre>
@@ Line 55: / Line 55: @@
 <pre>
-_ucoip._tcp.domain.com.       86400 IN SRV 1 0 80   ucoip.domain.com.
+_ucoip._tcp.domain.com.        IN SRV 1 0 80   ucoip.domain.com.
 </pre>
@@ Line 61: / Line 61: @@
 <pre>
-_cafe._tcp.domain.com.        86400 IN SRV 1 0 443  cafe.domain.com.
+_cafe._tcp.domain.com.         IN SRV 1 0 443  cafe.domain.com.
 </pre>
@@ Line 67: / Line 67: @@
 <pre>
-_webrtc._tcp.domain.com.      86400 IN SRV 1 0 8888 webrtc.domain.com.
+_webrtc._tcp.domain.com.       IN SRV 1 0 8888 webrtc.domain.com.
 </pre>

Difference between revisions of "UCoIP DNS/firewall configuration"

Revision as of 16:12, 9 August 2016

DNS configuration

Firewall/Router configuration

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

IPBRICK Magic Quad

IPBrick Support

FAQS

Tools