Joseph: We have setup systems for clients with a single (even dynamic) IP. We typically put a QoS router behind their cable modem, then direct certain ports to the PBX, the rest to their firewall. This offers a reasonable level of protection with 1 IP.
By dual homing the PBX, web/mail services on the PBX can be visible internally and protected by the firewall, while the broad range of SIP ports & IAX can be visible externally without NAT. MD -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joseph Tanner Sent: Wednesday, February 08, 2006 11:04 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot? On 2/8/06, Paul <[EMAIL PROTECTED]> wrote: > Maybe some people think that a PBX should come with a few games just > like so many cell phones these days :) Unfortunately, mine has to sit on the front line, it can't hide behind a firewall. I only have one IP, and it's either assign it to asterisk (and thus force it to serve as a nat server, occassional ftp server, etc.) or have to deal with having asterisk behind nat. Configuring sip without nat is soooooo easy. Yes, I took the easy way out! Of course, in my situation I make sure to keep it fairly up to date. Joseph Tanner > Technical Support wrote: > > >I think that some people try to make their asterisk box a > >do-everything super server. Can you image a traditional PBX with > >direct access via the internet, serving web pages via apache, running sendmail, etc. > > > >Our approach has been keep it simple. We lock each Asterisk PBX down > >has hard as possible. This includes no direct internet connection > >(it should sit behind a real firewall), minimal services running, > >etc. With this philosophy, one can treat the PBX as an appliance: > >don't touch it if it's working. > > > >If you must run host web pages, run mail servers, offer SQLnet > >connections, make visible to the internet, etc. then other users are > >correct - you better continually patch/update ASAP. > > > >MD > > > > > > > >-----Original Message----- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On Behalf Of Alex > >Barnes > >Sent: Wednesday, February 08, 2006 4:04 AM > >To: Asterisk Users Mailing List - Non-Commercial Discussion > >Subject: RE: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum > >update ornot? > > > > > > > > > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:asterisk-users- [EMAIL PROTECTED] On Behalf Of Rich > >>Adamson > >>Sent: 08 February 2006 08:41 > >>To: Asterisk Users Mailing List - Non-Commercial Discussion > >>Subject: Re: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum > >> > >> > >update > > > > > >>ornot? > >> > >>However, if you expose the box to the internet, you might want to > >> > >> > >upgrade > > > > > >>those components that are known to have vulnerabilities. If you > >>don't, count on the box being compromised sooner or later. > >> > >>------------------------ > >> > >> > >>>This is sound advice worth taking. If you get a system stable in > >>>production, LEAVE IT ALONE!! > >>> > >>> > >>> > > > > > >We have just switched from SUSE to Fedora4 for our new installs and > >are very happy with it. Personally I much prefer it and bonus is it's free. > > > >Something that might be of interest is before I deployed the box live > >I did a full yum update I guess it must have updated the kernel or > >something as after I rebooted the box zap stopped working with some weird errors. > > > >Quick recompile of zaptel had everything working a charm but its > >something worth keeping in mind. > > > >I think the "once it's working, leave it alone" advice is very sound > >indeed > >:) > > > > > >HTH > > > >Alex > > > > > >Information contained in this e-mail and any attachments are intended > >for the use of the addressee only, and may contain confidential > >information of Ubiquity Software Corporation. All unauthorized use, > >disclosure or distribution is strictly prohibited. If you are not > >the addressee, please notify the sender immediately and destroy all > >copies of this email. Unless otherwise expressly agreed in writing > >signed by an officer of Ubiquity Software Corporation, nothing in > >this communication shall be deemed to be legally binding. Thank you. > > > >_______________________________________________ > >--Bandwidth and Colocation provided by Easynews.com -- > > > >Asterisk-Users mailing list > >To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > > >_______________________________________________ > >--Bandwidth and Colocation provided by Easynews.com -- > > > >Asterisk-Users mailing list > >To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
