[asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

bruce bruce bruceb444 at gmail.com
Sat Oct 2 18:28:29 CDT 2010


Yeah, you are missing all :-)

Sorry, read the thread again.

On Sat, Oct 2, 2010 at 5:05 PM, sean darcy <seandarcy2 at gmail.com> wrote:

> On 10/02/2010 04:09 PM, bruce bruce wrote:
> > Can't I in my ip tables just accept the pap2t.dyndns.org
> > <http://pap2t.dyndns.org> if that is bind to the PAP2T? do you think the
> > devices comes in with it's external IP rather than the dyndns domain?
> >
> > Thanks
> >
> > On Sat, Oct 2, 2010 at 3:43 PM, bruce bruce <bruceb444 at gmail.com
> > <mailto:bruceb444 at gmail.com>> wrote:
> >
> >     I was confusing the asterisk server side of sip_nat with the PAP2T.
> >     So, PAP2T can only register to DynDNS and that's all.
> >
> >     What sort of a script would I be looking for? something to query
> >     DynDNS for the new IP of the device to add to firewall? This might
> >     however bring down time if inquiry is not successful.
> >
> >     Or can I setup my own Dyndns server on the Asterisk server and have
> >     those PAP2T units registered to it and then work it from there when
> >     their IPs change?
> >
> >     Thanks
> >
> >     On Sat, Oct 2, 2010 at 3:32 PM, jon pounder <jonp at inline.net
> >     <mailto:jonp at inline.net>> wrote:
> >
> >         On 10/02/2010 03:31 PM, bruce bruce wrote:
> >>         Hi,
> >>
> >>         Can you please explain the DynDNS part. How would I put that
> >>         in my Asterisk server as an identified party? Usually it comes
> >>         to me with IP address (dynamic). Or do add something like this
> >>         in sip_nat.conf:
> >>
> >>         externip=mybox.dyndns.org <http://mybox.dyndns.org>
> >>         localnet=192.168.0.0/255.255.255.0
> >>         <http://192.168.0.0/255.255.255.0>
> >
> >         every time the address changes you have to have some script to
> >         make the change in your firewall.
> >
> >>
> >>         ???
> >>
> >>         Thansk again,
> >>
> >>         On Sat, Oct 2, 2010 at 2:59 PM, jon pounder <jonp at inline.net
> >>         <mailto:jonp at inline.net>> wrote:
> >>
> >>             On 10/02/2010 02:56 PM, bruce bruce wrote:
> >>             > Hi Everyone
> >>             >
> >>             > I think PAP2T supports DynDNS and other Dynamic DNS
> >>             providers. I have
> >>             > a box that needs to be secured at all times. Currently
> >>             it's not
> >>             > connected to the internet. If it were connected, I would
> >>             have iptables
> >>             > block any and all traffic from outside but I want a
> >>             single device -
> >>             > Linksys PAP2T - to be able to connect back to the
> >>             server. That is a
> >>             > stand alone device and doesn't support VPN and I don't
> >>             have the luxury
> >>             > of putting a VPN client on the PAP2T side to connect
> >>             back to the
> >>             > server. Is there any way I can DynDNS on the PAP2T to
> >>             somehow notify
> >>             > the Asterisk Server that it's a safe device coming in?
> >>             >
> >>             > I do use fail2ban but that is not what I am looking for
> >>             at this
> >>             > moment. And since the IP is dynamic on the PAP2T, I
> >>             can't just use the
> >>             > iptables to let it in as it might change all a sudden.
> >>             >
> >>             > Thanks
> >>             do the dyndns on whatever router is in front of the pap2t
> >>             or
> >>             get some other box that supports it.
> >>
> >>
> >>             other than that you are looking for some sort of magic
> bullet
> >>
> >>             --
> >>
> _____________________________________________________________________
> >>             -- Bandwidth and Colocation Provided by
> >>             http://www.api-digital.com --
> >>             New to Asterisk? Join us for a live introductory webinar
> >>             every Thurs:
> >>             http://www.asterisk.org/hello
> >>
> >>             asterisk-users mailing list
> >>             To UNSUBSCRIBE or update options visit:
> >>             http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>
> >
> >
> >         --
> >
> _____________________________________________________________________
> >         -- Bandwidth and Colocation Provided by
> >         http://www.api-digital.com --
> >         New to Asterisk? Join us for a live introductory webinar every
> >         Thurs:
> >         http://www.asterisk.org/hello
> >
> >         asterisk-users mailing list
> >         To UNSUBSCRIBE or update options visit:
> >         http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >
> >
>
> I'm puzzled. Do you want the pap2t to connect directly to the internet?
> If so, then what does this have to do with asterisk or your box?
>
> If you want the pap2t to be connected to asterisk on your box, then the
> box has two interfaces. One is internal and open to a static address on
> pap2t, the other on the internet and subject to iptables. You can port
> forward to the pap2t.
>
> Or am I missing something?
>
> sean
>
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101002/64b319c6/attachment.htm 


More information about the asterisk-users mailing list