If all the services are for internal use and authorized external use then there would be no problem with doing this. Deny all ports on the external facing interface except 1194 or whatever you want to run OpenVPN on and you can connect remotely over the VPN and be totally safe from the outside world. You could also open up SSH and use tunneling for your needs.
Thanks, Steve SIP wrote: > Nonsense! I'm a Security Expert (TM) and I say run EVERYthing on your > firewall.... > > And...uh... what was your IP again? ;) > > N. > > > Steve Prior wrote: > >>> GNUbie wrote: >>> >>> >>> >>>> By the way, my Asterisk PBX server is also my wireless access point, >>>> web server, file server, music server, VPN server, database server, >>>> firewall and router. >>>> >>>> >>>> >> Repeat after me - NEVER NEVER NEVER run other servers on your >> router/firewall machine!!! That machine needs to be a maximum security >> low vulnerability box and running all sorts of stuff on it conflicts >> with that. Your web server is probably your weakest link in security, >> so I wouldn't put your file server, music server, or database server on >> that same box because if someone hacks through some webapp you've >> installed (it's happened to me with both the TWiki and awstats packages) >> then if they've got root on your web server box you don't want them >> messing with the other stuff. >> >> I know it sounds like overkill, but I see three boxes here: >> >> 1 - firewall/router >> 2 - web server and other public facing services (sendmail for example) >> 3 - internal facing services - database, asterisk, file/music server >> >> Some day when box #2 gets rooted (and it will eventually) you'll thank >> me... >> >> Steve >> >> >> >> _______________________________________________ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> >> > > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
