andrejonker
asked on
TrixBox Firewall Config for Dynamic IP - DMZ on Netgear - not NAT'ed
Please refer to https://www.experts-exchange.com/questions/23533301/Connect-my-Trixbox-to-ISPs-Asterisk-using-SIP.html
I am planning to use a Netgear ADSL router and to point the DMZ IP to my Trixbox machine.
My ADSL will still have a dynamic IP, but that shouldn't be a worry. I can use DynDNS if I need to, and I already use Hamachi to connect to the box from anywhere.
What I need to confirm is the Linux Firewall config on the Trixbox machine. I'd prefer to allow all outgoing requests and limit incoming to Asterisk and VoIP specific traffic. The web server I wish to protect, as I have no need to open it up to outside users, but I'll still need to access it, so if limiting web traffic to port 80 is OK, then I guess we can open it up too.
What would be an absolute first prize, is a link to the correct Trixbox config as advised by the authors, but I always end up looking in the wrong place on the Trixbox website somehow.
So second best would be a sample script with auto load on boot.
No scratch that - the very bestest answer would be one that'll 'teach a man how to fish'. In other words... how do I lock it all down and _detect_ what ports Trixbox wants, then open them up and save the config for reload.
Note: I installed WebMin on the box, maybe it helps... I don't know :-)
I am planning to use a Netgear ADSL router and to point the DMZ IP to my Trixbox machine.
My ADSL will still have a dynamic IP, but that shouldn't be a worry. I can use DynDNS if I need to, and I already use Hamachi to connect to the box from anywhere.
What I need to confirm is the Linux Firewall config on the Trixbox machine. I'd prefer to allow all outgoing requests and limit incoming to Asterisk and VoIP specific traffic. The web server I wish to protect, as I have no need to open it up to outside users, but I'll still need to access it, so if limiting web traffic to port 80 is OK, then I guess we can open it up too.
What would be an absolute first prize, is a link to the correct Trixbox config as advised by the authors, but I always end up looking in the wrong place on the Trixbox website somehow.
So second best would be a sample script with auto load on boot.
No scratch that - the very bestest answer would be one that'll 'teach a man how to fish'. In other words... how do I lock it all down and _detect_ what ports Trixbox wants, then open them up and save the config for reload.
Note: I installed WebMin on the box, maybe it helps... I don't know :-)
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
grblades
I don't want you to spend hours toiling over my config. My question is generic. Possibly the Asterisk community have already produced an answer, I just cannot find it.
What if I did not have a server or my final configuration depended on the outcome of this discussion here on EE.... In fact it does, because there is nothing in my SIP.CONF file or any other file that should be required to produce the firewall logic. The machine does not have a fixed IP on the Internet. ADSL is essentially a retail or residential product which in most cases do not issue fixed IP's.
I have previously shared config files here on EE and my server got hacked. If you are unable to assist without seeing the mess I made in my files... I thank you for your time and won't be offended if you move along to assist elsewhere.
I don't want you to spend hours toiling over my config. My question is generic. Possibly the Asterisk community have already produced an answer, I just cannot find it.
What if I did not have a server or my final configuration depended on the outcome of this discussion here on EE.... In fact it does, because there is nothing in my SIP.CONF file or any other file that should be required to produce the firewall logic. The machine does not have a fixed IP on the Internet. ADSL is essentially a retail or residential product which in most cases do not issue fixed IP's.
I have previously shared config files here on EE and my server got hacked. If you are unable to assist without seeing the mess I made in my files... I thank you for your time and won't be offended if you move along to assist elsewhere.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thanks. Anyone have a sample iptables config they're willing to share then?
ASKER