[Asterisk-Users] Asterisk in a DMZ
Andres Tello Abrego
criptos at aullox.com
Tue Aug 10 08:42:12 MST 2004
a) use a transparent bridge firewall
b) Use redirect with multiport of the sip ports to the * box IP.
c) And the most effective for your topology, don't use nat, use only
the routing properties of linux...
can u post ur firewall rules and routing table?
Bastian Schern wrote:
> Hello *,
>
> I try to establish a Asterisk-Server for internal and external usage.
> Perfect use case for a DMZ, or not?
>
> My configuration:
>
>
> I N T E R N E T |
> | | E
> | | X
> | | T
> | | E
> | 213.xxx.xx.68 | R
> +-----#----+ | N
> | Firewall | |
> +-----#----+ - - - - - - - - - - - - - - - - - - - -+-
> | 192.168.40.68 |
> | |
> +--------#--------+ |
> | Switch | |
> +--#---#---#---#--+ |
> | | |
> | +-----------------+ | D
> | | | M
> +--+ | | Z
> | (213.xxx.xx.66) | (213.xxx.xx.70) |
> | 192.168.40.66 | 192.168.40.70 |
> +-----#----+ +-----#----+ |
> | Firewall | | Asterisk | |
> +----------+ +----------+ |
> | Server | |
> +-----#----+ - - - - - - - - - - - - - - - - - - - - -+-
> | 192.168.0.1 |
> | |
> +--+ |
> | |
> +--------#--------+ |
> | Switch | | I
> +--#--#--#--#--#--+ | N
> | | | | T
> | | | | E
> | | | | R
> | | | | N
> | | +-----------------------------+ |
> | +--------------+ | |
> | | | |
> | 192.168.0.101 | 192.168.0.102 | 192.168.0.103 |
> +--#---+ +--#---+ +--#---+ |
> | Tel1 | | Tel2 | | Tel3 | |
> +------+ +------+ +------+ |
>
>
> But now the IP-Phones could not communicate with Asterisk because the
> Server (a Linux host) will NAT the internal IP-Addresses.
>
> Is there a good way to solve this Problem?
>
> Regards
> Bastian
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list