[asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
sean darcy
seandarcy2 at gmail.com
Sat Oct 2 16:05:38 CDT 2010
On 10/02/2010 04:09 PM, bruce bruce wrote:
> Can't I in my ip tables just accept the pap2t.dyndns.org
> <http://pap2t.dyndns.org> if that is bind to the PAP2T? do you think the
> devices comes in with it's external IP rather than the dyndns domain?
>
> Thanks
>
> On Sat, Oct 2, 2010 at 3:43 PM, bruce bruce <bruceb444 at gmail.com
> <mailto:bruceb444 at gmail.com>> wrote:
>
> I was confusing the asterisk server side of sip_nat with the PAP2T.
> So, PAP2T can only register to DynDNS and that's all.
>
> What sort of a script would I be looking for? something to query
> DynDNS for the new IP of the device to add to firewall? This might
> however bring down time if inquiry is not successful.
>
> Or can I setup my own Dyndns server on the Asterisk server and have
> those PAP2T units registered to it and then work it from there when
> their IPs change?
>
> Thanks
>
> On Sat, Oct 2, 2010 at 3:32 PM, jon pounder <jonp at inline.net
> <mailto:jonp at inline.net>> wrote:
>
> On 10/02/2010 03:31 PM, bruce bruce wrote:
>> Hi,
>>
>> Can you please explain the DynDNS part. How would I put that
>> in my Asterisk server as an identified party? Usually it comes
>> to me with IP address (dynamic). Or do add something like this
>> in sip_nat.conf:
>>
>> externip=mybox.dyndns.org <http://mybox.dyndns.org>
>> localnet=192.168.0.0/255.255.255.0
>> <http://192.168.0.0/255.255.255.0>
>
> every time the address changes you have to have some script to
> make the change in your firewall.
>
>>
>> ???
>>
>> Thansk again,
>>
>> On Sat, Oct 2, 2010 at 2:59 PM, jon pounder <jonp at inline.net
>> <mailto:jonp at inline.net>> wrote:
>>
>> On 10/02/2010 02:56 PM, bruce bruce wrote:
>> > Hi Everyone
>> >
>> > I think PAP2T supports DynDNS and other Dynamic DNS
>> providers. I have
>> > a box that needs to be secured at all times. Currently
>> it's not
>> > connected to the internet. If it were connected, I would
>> have iptables
>> > block any and all traffic from outside but I want a
>> single device -
>> > Linksys PAP2T - to be able to connect back to the
>> server. That is a
>> > stand alone device and doesn't support VPN and I don't
>> have the luxury
>> > of putting a VPN client on the PAP2T side to connect
>> back to the
>> > server. Is there any way I can DynDNS on the PAP2T to
>> somehow notify
>> > the Asterisk Server that it's a safe device coming in?
>> >
>> > I do use fail2ban but that is not what I am looking for
>> at this
>> > moment. And since the IP is dynamic on the PAP2T, I
>> can't just use the
>> > iptables to let it in as it might change all a sudden.
>> >
>> > Thanks
>> do the dyndns on whatever router is in front of the pap2t
>> or
>> get some other box that supports it.
>>
>>
>> other than that you are looking for some sort of magic bullet
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by
>> http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar
>> every Thurs:
>> http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by
> http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every
> Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
I'm puzzled. Do you want the pap2t to connect directly to the internet?
If so, then what does this have to do with asterisk or your box?
If you want the pap2t to be connected to asterisk on your box, then the
box has two interfaces. One is internal and open to a static address on
pap2t, the other on the internet and subject to iptables. You can port
forward to the pap2t.
Or am I missing something?
sean
More information about the asterisk-users
mailing list