Isn't putting asterisk on the public IP network a bad idea?Is it a bad idea?, Not really if you take the right precautions..From how you described your setup you have connected your server directly to the internet anyway.. If you nominated you Asterisk box as the DMZ host in your router it effectively is directly on the internet.. if you havent secured the box itself I suggest you do.. :)
What about security?This is somthing that you will need to take care of.. Of course some people's opinions on securing a PC is to not connect it to the internet at all, of course that is a little silly.. You will have to decied on the level of security you are happy with..
This is a topic that can be debated for days so I will not get into it any further than that..
And how will all us newbies make the linux box as secure as possible?The quickest way is to setup an IPTABLES firewall.. You will need ports 5060 and 10000 to 20000 open for a default Asterisk install using SIP only..
(NOTE: make sure you know how to activate and deactivate IPTABLES from a command line because while you are playing there is a good chance you will lock yourself out of the server from any remote PC and you can even break Xwindows running locally with a firewall..)
Later..
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WipeOut Sent: Monday, November 03, 2003 11:05 AM To: [EMAIL PROTECTED] Subject: Re: [Asterisk-Users] Asterisk behind LinkSys NAT Routing
Robert Mann wrote:
Problem I have is this. outside firewall (extension 2003) can call me inside firewall (extension 2000) and all is fine. If I call from inside firewall (extension 2000) to outside firewall (extension 2003) I hear no ringing and person at other end can pick up and I hear for maybe a half second then I go to voicemail. If I add another extension on the outside then communication between outside and outside through * is not possible at all. I know I can not be the only one who has tried to do this. Please any help would be greatly appreciated.
Robert,
You need to get Asterisk onto a public IP address.. Using the DMZ function on the router will not work.. If you search the archives you will see that it has been attempted many times..
The reason is not in the IP but in the SIP headers.. they will be sent out from the Asterisk server with the internal IP address of the server, this means that when the SIP UA reads the SIP message and responds it will respond to the incorrect IP address..
So the basic rules where NAT is involved are..
Asterisk server must always be on a public IP address..
SIP UA's can be behind NAT but need "nat=yes", "canreinvite=no" and "qualify=yes" set in the phone configuration in sip.conf..
Hope that helps..
Later..
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
