[Asterisk-Users] Re: Asterisk Box as a Router, Firewall and DHCP Server

[Ing CIP Alejandro Celi Mariátegui]

El jue, 02-06-2005 a las 02:14, Tony Mountifield escribió:
> > Thank you for the valuable advice, I'll do exactly
> > what you are suggesting, No DHCP
> 
> I find DHCP on my LAN extremely useful for both my and visiting laptops.
> Any machine that will be using my LAN regularly gets a static entry in
> /etc/dhcpd.conf so it will always get the same IP address. It also gets
> an entry in my local DNS.

That's right, and work great for me, full secure, users can't take
reserved IPs etc.

I have this:


- Internal DNS server configuring direct and reverse lookup to all my
sip phones

phone403.cipher.com.pe.         in      a       192.168.100.183

and in zone 192.168.100

183     IN      PTR     phone403.cipher.com.pe.


- DHCP server giving static IP for the phones:

host phone403.cipher.com.pe  {  hardware ethernet 00:0B:82:01:A4:70 ; 
fixed-address phone403.cipher.com.pe ; }


- IPTables, matching IP and MAC Adress

#!/bin/sh
cat /etc/dhcpd.conf | grep ^host > /tmp/host-ip.txt
while read u
do
        HOST=$(echo $u | awk '{ print $9 }' )
        MAC=$(echo $u | awk '{ print $6 }' )
        iptables -t nat -A PREROUTING -m mac -s $HOST -d $TODAS
--mac-source ! $MAC -j DROP
        iptables -t nat -A PREROUTING -m mac -s ! $HOST -d $TODAS
--mac-source $MAC -j DROP
done <  "/tmp/host-ip.txt"


And is and excellent for full secure PBX without conflict errors, and
working fine with my firewall.

Regards,

-- 
Ing CIP Alejandro Celi Mariátegui 
<alex at linux.org.pe>