<br>Totally agree *IF* the SIP elements behind your "router/firewall" have real IP addresses and you are not using NAT in your router.<br><br>With NAT scenarios, I prefer to have a copy of Asterisk running on "firewall/NAT router" so it at least has one public IP address to make various SIP games a little easier.
<br><br>iptables can really protect asterisk from uninvited (npi) SIP / RTP packets if you are really paranoid<br><br>also the asterisk running on your "firewall/NAT router" can be dedicated to just gateway functions and have your important and private asterisk pbx behind the NAT/firewall using the gateway as needed
<br><br><br><br><br><div><span class="gmail_quote">On 10/10/07, <b class="gmail_sendername">Steve Prior</b> <<a href="mailto:sprior@geekster.com">sprior@geekster.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><br>Repeat after me - NEVER NEVER NEVER run other servers on your<br>router/firewall machine!!! <br></blockquote></div><br>