[sipx-users] dual nics

Wed, 27 Jan 2010 06:04:22 -0800

From MY perspective, I am glad this came up. we have our primary box natted behind a firewall that doesn't like SIP, and were about to move one of the incs to the public side, leaving the phones behind in a separate internal network (don't have enough public ip's for all the phones :-).
There are lots of reasons for wanting to put the sipxbridge ip on the public side, mostly to circumvent those nasty firewall issues, and keep the phones on a private ip block. 


if done, yes, would like to see the gui have ability to select which 
interface to bind what on.  maybe I don't want external port 80 (can do 
via iptables if I want), maybe don't want external ssh, or user web gui.



I would assume Id want sipx (port 5060 stuff) external, and the phones 
internal.
I would assume a GUI based dhcpd based support, with all the nice vendor 
codes supported.
DNS dual zone would be nice (so 'sip.example.com' comes out external ip, 
sip.example.com come out internal, different ip's)



I do understand routing AND SECURITY ISSUES in bridging across the 
firewall.  poorly protected network, bad ssh root passwords (since 
default sshd_config allows root ) could allow a hacker full access to 
your internal network (unless that internal network was just phones.. 
and no one plugged a laptop into the back of the phone).


just some thoughts for the future.


priority might be to solve some of these random call forwarding external 
issues that I have seen crop up in the group.



--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best Anti-Spam Product 2008, Network Products Guide
   * King of Spam Filters, SC Magazine 2008


______________________________________________________________________

This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/

______________________________________________________________________  
_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/





















					Reply via email to