[asterisk-users] Digium TDM400P in Soekris net5501-70?

Darrick Hartman dhartman at djhsolutions.com
Mon Jul 20 22:09:35 CDT 2009 

Brian McEntire wrote:
> Darrick -
> You seem adamant, and I will look deeper into the firewall in Astlinux!  :-)

Brian,

I am one of the developers, so I happen to like what we've done.  There 
have been some huge changes to the web interface and the overall project 
in the past year or so.  http://www.astlinux.org

> The one thing running monowall in a VM would do for me is (in theory)
> make it very simple to move my existing, working m0n0wall
> configuration. I've been running it for a while, it serves a bunch of
> DHCP clients, does a little NAT, and has 20 or so specific rules for
> what can talk to what across the LAN, WAN, and DMZ segments of the
> firewall. If Astlinux can do all that, and I can grok it easily, it
> might be easier than running m0n0wall inside a VM.

The firewall part of Astlinux is Arno's IPtables firewall.  The web 
interface can handle most (if not all) of what you're trying to do. 
We've exposed a few more options in our svn trunk, but that's undergoing 
some big changes right now to support dahdi.  I'm running an image based 
on that right now, but it will probably be another week or so before 
trunk is stable enough for general use.  If there's something you need 
that's not exposed in the web interface, ask and someone on our mailing 
list can get you going in the right direction.

If you have any problems/questions, ask over on our mailing list or in 
the #astlinux channel on freenode.

> I suppose the other thing running m0n0wall inside a VM might do is a
> little extra security. If the firewall is in a VM and the asterisk
> part is running on the hardware without access to the LAN ports (which
> are all owned by the VM) then it *might* make the asterisk install a
> little more secure or less exposed to automated attacks. Not saying
> this is a high payoff for me, but another potential pro for a VM
> setup.

That could very well be the case, but I highly doubt you're going to 
like the results of using a net5501 as a virtual machine host.  The 
hardware was never really intended for that purpose.

Darrick

More information about the asterisk-users mailing list