On Wed, Apr 27, 2011 at 1:16 PM, Myles Wakeham <my...@techsol.org> wrote: > It kinda scares me though. I know that SIP is an attractive attack-vector, > and that there are scripts out there that target SIP devices. I know I > could run Fail2Ban on the server, which is fine (we're doing that anyway > now), but before I go down this path, I wanted to get general feedback if we > are using our Asterisk system using 'best practices' or whether it should > never be sitting behind a Firewall, despite the fact that it is working > pretty close to perfect as it is right now. I just want to find a way to > reduce the latency.
I have placed Asterisk outside the firewall / nat router to avoid the translation. I usually will setup the server with dual NICs. One has the public IP and another has the internal private IP. Set the default gateway to the public IP gateway. Then just configure iptables to firewall the server interfaces accordingly. This configuration allows Asterisk to sit directly on the Internet while keeping your internal phones from going out your nat router and back to Asterisk. Basically the best of both worlds. Ryan -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users