[asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

bruce bruce bruceb444 at gmail.com
Sat Oct 2 14:43:02 CDT 2010 

I was confusing the asterisk server side of sip_nat with the PAP2T. So,
PAP2T can only register to DynDNS and that's all.

What sort of a script would I be looking for? something to query DynDNS for
the new IP of the device to add to firewall? This might however bring down
time if inquiry is not successful.

Or can I setup my own Dyndns server on the Asterisk server and have those
PAP2T units registered to it and then work it from there when their IPs
change?

Thanks

On Sat, Oct 2, 2010 at 3:32 PM, jon pounder <jonp at inline.net> wrote:

>  On 10/02/2010 03:31 PM, bruce bruce wrote:
>
> Hi,
>
>  Can you please explain the DynDNS part. How would I put that in my
> Asterisk server as an identified party? Usually it comes to me with IP
> address (dynamic). Or do add something like this in sip_nat.conf:
>
>  externip=mybox.dyndns.org
> localnet=192.168.0.0/255.255.255.0
>
>
> every time the address changes you have to have some script to make the
> change in your firewall.
>
>
>  ???
>
>  Thansk again,
>
> On Sat, Oct 2, 2010 at 2:59 PM, jon pounder <jonp at inline.net> wrote:
>
>>  On 10/02/2010 02:56 PM, bruce bruce wrote:
>> > Hi Everyone
>> >
>> > I think PAP2T supports DynDNS and other Dynamic DNS providers. I have
>> > a box that needs to be secured at all times. Currently it's not
>> > connected to the internet. If it were connected, I would have iptables
>> > block any and all traffic from outside but I want a single device -
>> > Linksys PAP2T - to be able to connect back to the server. That is a
>> > stand alone device and doesn't support VPN and I don't have the luxury
>> > of putting a VPN client on the PAP2T side to connect back to the
>> > server. Is there any way I can DynDNS on the PAP2T to somehow notify
>> > the Asterisk Server that it's a safe device coming in?
>> >
>> > I do use fail2ban but that is not what I am looking for at this
>> > moment. And since the IP is dynamic on the PAP2T, I can't just use the
>> > iptables to let it in as it might change all a sudden.
>> >
>> > Thanks
>>  do the dyndns on whatever router is in front of the pap2t
>> or
>> get some other box that supports it.
>>
>>
>> other than that you are looking for some sort of magic bullet
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101002/d595d046/attachment.htm

More information about the asterisk-users mailing list