[Asterisk-Users] Asterisk in a DMZ

Bastian Schern ml01 at in-bln.de
Tue Aug 10 07:55:00 MST 2004


Hello *,

I try to establish a Asterisk-Server for internal and external usage. 
Perfect use case for a DMZ, or not?

My configuration:


   I N T E R N E T                                      |
          |                                             | E
          |                                             | X
          |                                             | T
          |                                             | E
          | 213.xxx.xx.68                               | R
    +-----#----+                                        | N
    | Firewall |                                        |
    +-----#----+ - - - - - - - - - - - - - - - - - - - -+-
          | 192.168.40.68                               |
          |                                             |
+--------#--------+                                    |
|     Switch      |                                    |
+--#---#---#---#--+                                    |
    |   |                                               |
    |   +-----------------+                             | D
    |                     |                             | M
    +--+                  |                             | Z
       | (213.xxx.xx.66)  | (213.xxx.xx.70)             |
       | 192.168.40.66    | 192.168.40.70               |
+-----#----+       +-----#----+                        |
| Firewall |       | Asterisk |                        |
+----------+       +----------+                        |
|  Server  |                                           |
+-----#----+  - - - - - - - - - - - - - - - - - - - - -+-
       | 192.168.0.1                                    |
       |                                                |
       +--+                                             |
          |                                             |
+--------#--------+                                    |
|     Switch      |                                    | I
+--#--#--#--#--#--+                                    | N
    |  |  |                                             | T
    |  |  |                                             | E
    |  |  |                                             | R
    |  |  |                                             | N
    |  |  +-----------------------------+               |
    |  +--------------+                 |               |
    |                 |                 |               |
    | 192.168.0.101   | 192.168.0.102   | 192.168.0.103 |
+--#---+          +--#---+          +--#---+           |
| Tel1 |          | Tel2 |          | Tel3 |           |
+------+          +------+          +------+           |


But now the IP-Phones could not communicate with Asterisk because the 
Server (a Linux host) will NAT the internal IP-Addresses.

Is there a good way to solve this Problem?

Regards
	Bastian



More information about the asterisk-users mailing list