[asterisk-users] Suggestion for a new asterisk setup.
Andy Hester
ahester at architel.com
Fri Jan 12 12:59:27 MST 2007
In the current setup, asterisk is behind a different nat/firewall than
the LAN phones. The phones are using sccp. If the asterisk box is
compromised, it is not on the local LAN. This is what I think he
doesn't want to give up.
Andy
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-
> bounces at lists.digium.com] On Behalf Of Colin Anderson
> Sent: Friday, January 12, 2007 12:20 PM
> To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
> Subject: RE: [asterisk-users] Suggestion for a new asterisk setup.
>
> >I am not sure that the security guy for this network will allow me to
put
> up the asterisk box dual homed to the public IP and the LAN.
>
> Your security guy needs to go back to school. If eth0 is on the LAN
and
> eth1
> is on the WAN, and the WAN connection is properly secured with only
the
> ports you need, and your SIP passwords arent 1234 or something that
can be
> guessed, what difference is there between this configuration and port
> forwarding? The footprint you are exposing to the public internet is
> exactly
> the same. The only thing that I can think of is for IDS, you may have
a
> firewall that does this. Optionally, one could run a "soft" firewall
on
> the
> WAN side that supports IDS if that is the issue. Otherwise, why not?
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list