[asterisk-users] Suggestion for a new asterisk setup.
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sat Jan 13 14:30:43 MST 2007
On Fri, Jan 12, 2007 at 01:59:27PM -0600, Andy Hester wrote:
> In the current setup, asterisk is behind a different nat/firewall than
> the LAN phones. The phones are using sccp. If the asterisk box is
> compromised, it is not on the local LAN. This is what I think he
> doesn't want to give up.
Firewall != NAT.
You only need SCCP (and RTP?) transport between the Asterisk server and
the LAN. Block anything else. But keep it in the same address space.
Start with a configuration where everything is blocked. Punch specific
and understandable holes. You'll practically need the same holes to get
SCCP past NAT.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir at jabber.org
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list