Re: [asterisk-users] Asterisk Behind Firewall
I have a /29 to use for the network. My immediate go-to set-up will be to put the asterisk server on a public IP off the /29 and harden the IPtables along with other monitoring scripts and lock down methods. Then add the router on a different /29 IP and have all the phones register through the router to the public asterisk server and limit only registrations from that router's IP address. I then would add the three trunks I need such as inbound/outbound, international, and 911 to the asterisk box However, I do think this is best practices. It is my understanding to move the asterisk box behind a router/firewall and have the phones on the same subnet of the asterisk box. Then the router/firewall will do the trunking to the vendors. I dont know which is best nor do I know the hardware for the router/firewall device. On Mon, Jan 4, 2016 at 1:31 PM, Ron Wheelerwrote: > Both work. > If you have enough IP addresses to dedicate one to your Asterisk server, > that removes one node in the path from the world. > You will need a firewall on the Asterisk server to protect it from outside > meddling. > If you can put the Asterisk server on the same network as the SIP devices > (using a second NIC) that should help performance. > > Is the SIP network on the same network as your internet/data LAN? > > Ron > > > On 04/01/2016 1:15 PM, IPN Comm wrote: > > I was wondering if anyone can give me any pointers or insights of whether > or not to have an asterisk server behind a firewall. > > I have always ran Asterisk on a public IP but was wondering if I should > move it to a local IP behind a firewall. > > I am looking to set up a location with 300 SIP phones. > > Normally, I would put the Asterisk server on one public IP and let the SIP > phones get DHCP from a router on a different IP and they would register to > the Public Asterisk server from that IP address. > > Should I move the asterisk server behind the same router? > > If so, how should the server be set up and what is the best > router/firewall hardware to accomplish this environment? > > Thanks, > -H > > > > > -- > Ron Wheeler > President > Artifact Software Inc > email: rwhee...@artifact-software.com > skype: ronaldmwheeler > phone: 866-970-2435, ext 102 > > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: >http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk Behind Firewall
Hi, I have used a sonicwall Firewall, it has a sip transformation feature. It is necessary to use a firewall to protect your server Best Regards, Madushan On Mon, Jan 4, 2016 at 11:45 PM, IPN Commwrote: > I was wondering if anyone can give me any pointers or insights of whether > or not to have an asterisk server behind a firewall. > > I have always ran Asterisk on a public IP but was wondering if I should > move it to a local IP behind a firewall. > > I am looking to set up a location with 300 SIP phones. > > Normally, I would put the Asterisk server on one public IP and let the SIP > phones get DHCP from a router on a different IP and they would register to > the Public Asterisk server from that IP address. > > Should I move the asterisk server behind the same router? > > If so, how should the server be set up and what is the best > router/firewall hardware to accomplish this environment? > > Thanks, > -H > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: >http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk Behind Firewall
I was wondering if anyone can give me any pointers or insights of whether or not to have an asterisk server behind a firewall. I have always ran Asterisk on a public IP but was wondering if I should move it to a local IP behind a firewall. I am looking to set up a location with 300 SIP phones. Normally, I would put the Asterisk server on one public IP and let the SIP phones get DHCP from a router on a different IP and they would register to the Public Asterisk server from that IP address. Should I move the asterisk server behind the same router? If so, how should the server be set up and what is the best router/firewall hardware to accomplish this environment? Thanks, -H -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk Behind Firewall
Both work. If you have enough IP addresses to dedicate one to your Asterisk server, that removes one node in the path from the world. You will need a firewall on the Asterisk server to protect it from outside meddling. If you can put the Asterisk server on the same network as the SIP devices (using a second NIC) that should help performance. Is the SIP network on the same network as your internet/data LAN? Ron On 04/01/2016 1:15 PM, IPN Comm wrote: I was wondering if anyone can give me any pointers or insights of whether or not to have an asterisk server behind a firewall. I have always ran Asterisk on a public IP but was wondering if I should move it to a local IP behind a firewall. I am looking to set up a location with 300 SIP phones. Normally, I would put the Asterisk server on one public IP and let the SIP phones get DHCP from a router on a different IP and they would register to the Public Asterisk server from that IP address. Should I move the asterisk server behind the same router? If so, how should the server be set up and what is the best router/firewall hardware to accomplish this environment? Thanks, -H -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Asterisk behind firewall and IAX
I have my Asterisk server behind a Cisco firewall. I am trying to set up IAX but I cannot work out which ports I need to open up on my firewall. I have opened 4569, 5036, and 5060 but IAX calls will not proceed unless I turn off all access lists on the firewall. I have searched all the Asterisk documentation but cannot find the answer. Any help will be greatly appreciated. Simon Brown - This mail was content checked for malicious code and viruses by GFI MailSecurity. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind firewall and IAX
On Mon, 2004-03-22 at 20:42, Simon Brown wrote: I have my Asterisk server behind a Cisco firewall. I am trying to set up IAX but I cannot work out which ports I need to open up on my firewall. I have opened 4569, 5036, and 5060 but IAX calls will not proceed unless I turn off all access lists on the firewall. 4569 is IAX2, 5036 is IAX, 5060 is SIP Signaling. Remember these are all UDP. Looks at the logs from your Cisco, they will tell you exactly which packets are being blocked. Assuming you put deny ip any any log at the end of your access list (having the router log to a syslog server somewhere is also helpful. -- Useful Asterisk Docs (BOOKMARK THEM!): http://www.digium.com/index.php?menu=documentation (look at the Unofficial Links) and http://www.voip-info.org/wiki-Asterisk and http://www.fnords.org/~eric/asterisk/ (my site) and http://asteriskdocs.org/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk behind firewall and IAX
I have my Asterisk server behind a Cisco firewall. I am trying to set up IAX but I cannot work out which ports I need to open up on my firewall. I have opened 4569, 5036, and 5060 but IAX calls will not proceed unless I turn off all access lists on the firewall. I have searched all the Asterisk documentation but cannot find the answer. Depends on how you've set up asterisk... using iax: open udp 5036 using iax2: open udp 4569 (most common) (not sure whether iax or iax2, open both) using sip: need more info... a. sip uses udp 5060 to set up a call, and, b. other udp ports (generally above 16,000) to transport the voice (rtp protocol). Both a and b are required for sip phones to function. The sip protocol is used to negotiate the rtp ports. Some firewalls are aware of the sip protocol and will monitor that port negotiation while other firewalls do not. It's my understanding (although possibley incorrect) that certain versions of PIX do monitor the sip protocol; don't have a clue which versions though. Depending upon whether asterisk is behind the firewall, or a sip phone is behind it (or both), the parameters needed within the sip.conf file can be a little tough to get right. The exact parameters are pretty much dependent upon your exact implementation, and a packet sniffer (ethereal) can be a big help. Iax and iax2 are very straight-forward and easy to implement since they use the same port number in both directions. Even the cheapest firewalls can usually handle that. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users