I assume you have a very good reason for complicating your life by running two internal network segments ... I probably would not do something like this in first place unless I was trying to isolate two departmental networks for some reason ... But that is my preference and there is no technical reason that would keep you from putting phones and/or workstations on both segments if that is what you want to do ... But I can only think of a few very unique scenarios where such a thing is desireable ...
I understood your original description to be a hard wired LAN to support workstations/phones, and a secondary WiFi LAN to support a wireless "guest Internet access" scenario ... WiFi users on INT2IF could use the Internet, but could not see network resources located on INTIF ... I have setup scenarios like this for a number of clients so this was first thing that came to mind ... I guess I should have figured that maybe your intent was to use WiFi SIP phones which I hear are getting to be quite popular these days ... I think that if you actually want your WiFi devices to be able to see the network resources located on INTIF, you should just make life simple and connect your access point to the same network as the other INTIF resources ... Having your WiFi on the secondary LAN interface will have the effect of isolating them from resources located on your primary LAN interface ... They can see Asterisk and see the Internet, but they will not be able to see any of the resources connected to the primary network ... Astlinx's method of handling INTIF and INT2IF assumes your intent is to keep the two separate ... If you are on INTIF, you cannot see resources that reside on INT2IF and the reverse is also true ... However, both INTIF and INT2IF CAN see the Astlinux server ... So phones on both segments can register to Asterisk if Asterisk has been told to "bind" to both network cards ... I think you got the point that we are dealing with two entirely separate networks here. The only point where the two networks meet, is at the Astlinux server. They should not share cable plants or your routing will be screwed up. We are talking about having a separate switch/hub connected to each of the internal network interfaces on the Astlinux box to keep the cabling segragated. Example: [Network1 = 192.168.101.0/255.255.255.0] Astlinux NIC=INTIF (eth1) Astlinux IP=192.168.101.1 [Network2 = 192.168.102.0/255.255.255.0] Astlinux NIC=INT2IF (eth2) Astlinux IP=192.168.102.1 [Phone1] IP=192.168.101.100 Physically connected to Network1 Registers with Asterisk at 192.168.101.1 [Phone2] IP=192.168.102.100 Physically connected to Network2 Registers with Asterisk at 192.168.102.1 Phone1 can call Phone2; and Phone2 can call Phone1; because Asterisk can see them both and is controling the route. [Computer1] IP=192.168.101.5 Physically connected to Network1 Internet Gateway=192.168.101.1 [Computer2] IP=192.168.102.5 Physically connected to Network2 Internet Gateway=192.168.102.1 Both Computer1 and Computer2 can see the internet and can see the Astlinux server. However, Computer1 cannot see Computer2 and Computer1 cannot see Computer2 because the firewall by default keeps the two networks seperate. It may be possible to setup what is called a "bridge" between INTIF and INT2IF. I have not experimented with this but would assume that it is possible to do. This would override the default seperation imposed by the firewall in Astlinux and permit the two networks to be treated as if they were one large network. But doing this sort of defeats the purpose having two separate networks in the first place so I am not sure why it would be desireable. The most recent versions of Astlinux have an option to activate what is called the Arno's firewall script ... The Arno firewall is VERY flexible but is a pain to setup ... Using the Arno firewall script, it is possible to let workstations on INTIF and INT2IF see each other in a very controlled way ... But this is getting into some pretty complex esoteric stuff that I suspect is way beyond what you are looking to get done ... I suggest you reconsider your topology ... Decide if there is really some significant advantage to be gained by making use of the secondary internal network ... The requirement for this level of complexity is pretty rare and may end up causing you more trouble than it is worth ... Regards G.Hendershot -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael A Sent: Tuesday, December 05, 2006 5:30 PM To: Discussion of AstLinux - Asterisk on Compact Flash Subject: Re: [Astlinux-users] Configuring Astlinux eth1 & eth for SIP clients I have a more simple query: If I want to use both eth1ð2 to connect SIP clients what server address should I use to register? If eth1 is 192.168.101.1 eth2 is 192.168.102.1 The netmask is the same, 255.255.255.0 I can connect to each port sip client registering with the respective ip address, but I can't connect sip clients conencted the those eth ports in between them. Should I uncomment extip and use that address for server registration or any other advice? --- Peter Bowyer <[EMAIL PROTECTED]> wrote: > On 03/12/06, Mark van Berkel <[EMAIL PROTECTED]> > wrote: > > > > INTIF=ap0 > > INTIP=192.168.2.1 > > INTNM=255.255.255.0 > > > > INT2IF=eth1 > > INT2IP=192.168.2.2 > > INT2NM=255.255.255.0 > > Can't solve your specific problem, but slightly more generally - you > have defined 2 different interfaces on the same network > (192.168.2.0/24) - this will lead to brokenness. I suggest you > separate these out as a first step - eg move the > eth1 network to > 192.168.3.0 or something with a similar effect. > > Peter > > > > -- > Peter Bowyer > Email: [EMAIL PROTECTED] > _______________________________________________ > Astlinux-users mailing list > [email protected] > http://lists.kriscompanies.com/mailman/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [EMAIL PROTECTED] > ____________________________________________________________________________ ________ Yahoo! Music Unlimited Access over 1 million songs. http://music.yahoo.com/unlimited _______________________________________________ Astlinux-users mailing list [email protected] http://lists.kriscompanies.com/mailman/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED] _______________________________________________ Astlinux-users mailing list [email protected] http://lists.kriscompanies.com/mailman/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
