[CentOS] ASTERISK BOX behind a filewall

Thu Sep 13 01:45:20 UTC 2007
Ross S. W. Walker <rwalker at medallion.com>

gjgowey at tmo.blackberry.net wrote:
> I hate to reply to my own reply but...  I meant third 
> ethernet card, not second.
> gjgowey at tmo.blackberry.net wrote:
> > 
> > Why not put a second ethernet card in the ISA connected 
> > directly to the asterix server and have all inbound and 
> > outbound sip calls through it?  You could then preserve the 
> > IP addresses for both your internal and external addresses.  
> > You wouldn't even have to nat to the asterix box since the 
> > ISA server could handle the routing and obviously if the 
> > source or dest is an internal IP then the packet gets sent to 
> > the internal interface and vice versa.

Damn top-posting is killing the thread, you may want to try
the gmail client for the BB. It's getting a little OT now so
let me add:

Well actually I am using GNU Gk as I'm still on H.323 not SIP,
but same thing really (besides being a completely different

I would have put it in the DMZ, but for this application it
didn't really pay to have a whole other box, the internal
GNU Gk is in a VM. I suppose I could have created a vlan to
the VM and put that in the DMZ, but vlans with shared VM
ports requires 802.1q support on the VM guests and it just
keeps getting more and more complex from there.


> -----Original Message-----
> From: "Ross S. W. Walker" <rwalker at medallion.com>
> Date: Wed, 12 Sep 2007 20:46:39 
> To:"CentOS mailing list" <centos at centos.org>
> Subject: RE: [CentOS] ASTERISK BOX behind a filewall
> gjgowey at tmo.blackberry.net wrote:
> >
> > What nat box are you running?  Cable/DSL modem, Cisco router
> > or firewall, or just a plain old home gateway?
> >
> > Geoff
> >
> Well I had initially done it on CentOS, but then moved it to Microsoft
> ISA as managing both a CentOS and an ISA was becoming a PITA and I
> liked how the ISA integrated with AD. Yeah I got GNU gatekeeper to
> run on ISA in gateway mode... Much easier to do on CentOS though.
> This is on a corporate network with 2 T1 Internet links.
<snip old convo>

This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.