[Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?

Technical Support support at ocg.ca
Wed Feb 8 09:28:06 MST 2006 

Joseph:

We have setup systems for clients with a single (even dynamic) IP.  We
typically put a QoS router behind their cable modem, then direct certain
ports to the PBX, the rest to their firewall.  This offers a reasonable
level of protection with 1 IP.

By dual homing the PBX, web/mail services on the PBX can be visible
internally and protected by the firewall, while the broad range of SIP ports
& IAX can be visible externally without NAT.

MD

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Joseph Tanner
Sent: Wednesday, February 08, 2006 11:04 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update
ornot?

On 2/8/06, Paul <ast2005 at 9ux.com> wrote:
> Maybe some people think that a PBX should come with a few games just 
> like so many cell phones these days :)

Unfortunately, mine has to sit on the front line, it can't hide behind a
firewall.  I only have one IP, and it's either assign it to asterisk (and
thus force it to serve as a nat server, occassional ftp server,
etc.) or have to deal with having asterisk behind nat.  Configuring sip
without nat is soooooo easy.  Yes, I took the easy way out!

Of course, in my situation I make sure to keep it fairly up to date.

Joseph Tanner

> Technical Support wrote:
>
> >I think that some people try to make their asterisk box a 
> >do-everything super server.  Can you image a traditional PBX with 
> >direct access via the internet, serving web pages via apache, running
sendmail, etc.
> >
> >Our approach has been keep it simple.  We lock each Asterisk PBX down 
> >has hard as possible.  This includes no direct internet connection 
> >(it should sit behind a real firewall), minimal services running, 
> >etc.  With this philosophy, one can treat the PBX as an appliance: 
> >don't touch it if it's working.
> >
> >If you must run host web pages, run mail servers, offer SQLnet 
> >connections, make visible to the internet, etc. then other users are 
> >correct - you better continually patch/update ASAP.
> >
> >MD
> >
> >
> >
> >-----Original Message-----
> >From: asterisk-users-bounces at lists.digium.com
> >[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Alex 
> >Barnes
> >Sent: Wednesday, February 08, 2006 4:04 AM
> >To: Asterisk Users Mailing List - Non-Commercial Discussion
> >Subject: RE: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum 
> >update ornot?
> >
> >
> >
> >
> >>-----Original Message-----
> >>From: asterisk-users-bounces at lists.digium.com 
> >>[mailto:asterisk-users- bounces at lists.digium.com] On Behalf Of Rich 
> >>Adamson
> >>Sent: 08 February 2006 08:41
> >>To: Asterisk Users Mailing List - Non-Commercial Discussion
> >>Subject: Re: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum
> >>
> >>
> >update
> >
> >
> >>ornot?
> >>
> >>However, if you expose the box to the internet, you might want to
> >>
> >>
> >upgrade
> >
> >
> >>those components that are known to have vulnerabilities. If you 
> >>don't, count on the box being compromised sooner or later.
> >>
> >>------------------------
> >>
> >>
> >>>This is sound advice worth taking.  If you get a system stable in 
> >>>production, LEAVE IT ALONE!!
> >>>
> >>>
> >>>
> >
> >
> >We have just switched from SUSE to Fedora4 for our new installs and 
> >are very happy with it.  Personally I much prefer it and bonus is it's
free.
> >
> >Something that might be of interest is before I deployed the box live 
> >I did a full yum update I guess it must have updated the kernel or 
> >something as after I rebooted the box zap stopped working with some weird
errors.
> >
> >Quick recompile of zaptel had everything working a charm but its 
> >something worth keeping in mind.
> >
> >I think the "once it's working, leave it alone" advice is very sound 
> >indeed
> >:)
> >
> >
> >HTH
> >
> >Alex
> >
> >
> >Information contained in this e-mail and any attachments are intended 
> >for the use of the addressee only, and may contain confidential 
> >information of Ubiquity Software Corporation.  All unauthorized use, 
> >disclosure or distribution is strictly prohibited.  If you are not 
> >the addressee, please notify the sender immediately and destroy all 
> >copies of this email.  Unless otherwise expressly agreed in writing 
> >signed by an officer of Ubiquity Software Corporation, nothing in 
> >this communication shall be deemed to be legally binding.  Thank you.
> >
> >_______________________________________________
> >--Bandwidth and Colocation provided by Easynews.com --
> >
> >Asterisk-Users mailing list
> >To UNSUBSCRIBE or update options visit:
> >   http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >
> >_______________________________________________
> >--Bandwidth and Colocation provided by Easynews.com --
> >
> >Asterisk-Users mailing list
> >To UNSUBSCRIBE or update options visit:
> >   http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> Asterisk-Users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

Asterisk-Users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list