On Mon, 13 Dec 2004 22:29:16 -0800 (PST), Gianni Veloce wrote: >Hi all, >I plan to install Asterisk at home and would like to >ask some question re firewalls(perhaps it sounds >stupid for experts, sorry�.) > >I plan to connect Asterisk box to a ADSL line. >What Router/Firewall system to buy? >I think I need a "VoIP capable" device for this. Any >advice?
You'll need something that accomodates port forwarding and some form of QoS or traffic shaping. Don't need to buy anything if you prefer. Use something like m0n0wall running on an old PC with two network cards as a router/firewall. >But, really should Asterisk be placed behind the >Firewall? What ports to open? Need port forwarding? >Or perhaps place it in the DMZ? >Does * need a REAL Internet IP address? Do I need to >ask more IP subnets from the provider? No, * does not need a real IP. You can port forward to its internal IP without any issues. Placing its in the DMZ might have advantages but in my mind it on exposes the server to a greater extent. For IAX2 you open only port 4569. For SIP there are a number of ports that you have to open includes 5060, 5061 and a large series of ports designates for RTP streams, usually 10000-20000. This is one reason why I use termination providers that offer IAX based services. I use four separate providers who all squeeze through one open port. See www.voip-info.org for greater detail. I only have one fixed IP. All traffic to port 4569 on my fixed ip is forwarded to my * server. I also forward an arbitrary port through my m0n0wall to the * box, port translating to reach the SSH port on *. In this way I can remote manage the server. Michael -- Michael Graves [EMAIL PROTECTED] Sr. Product Specialist www.pixelpower.com Pixel Power Inc. [EMAIL PROTECTED] o713-861-4005 o800-905-6412 c713-201-1262 _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
