On Fri, Jan 12, 2007 at 01:59:27PM -0600, Andy Hester wrote:
> In the current setup, asterisk is behind a different nat/firewall than
> the LAN phones. The phones are using sccp. If the asterisk box is
> compromised, it is not on the local LAN. This is what I think he
> doesn't want to give up.
Firewall != NAT.
You only need SCCP (and RTP?) transport between the Asterisk server and
the LAN. Block anything else. But keep it in the same address space.
Start with a configuration where everything is blocked. Punch specific
and understandable holes. You'll practically need the same holes to get
SCCP past NAT.
--
Tzafrir Cohen
icq#16849755 jabber:[EMAIL PROTECTED]
+972-50-7952406 mailto:[EMAIL PROTECTED]
http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
