Link to home
Create AccountLog in
Avatar of andrejonker
andrejonkerFlag for South Africa

asked on

TrixBox Firewall Config for Dynamic IP - DMZ on Netgear - not NAT'ed

Please refer to https://www.experts-exchange.com/questions/23533301/Connect-my-Trixbox-to-ISPs-Asterisk-using-SIP.html

I am planning to use a Netgear ADSL router and to point the DMZ IP to my Trixbox machine.

My ADSL will still have a dynamic IP, but that shouldn't be a worry. I can use DynDNS if I need to, and I already use Hamachi to connect to the box from anywhere.

What I need to confirm is the Linux Firewall config on the Trixbox machine. I'd prefer to allow all outgoing requests and limit incoming to Asterisk and VoIP specific traffic. The web server I wish to protect, as I have no need to open it up to outside users, but I'll still need to access it, so if limiting web traffic to port 80 is OK, then I guess we can open it up too.

What would be an absolute first prize, is a link to the correct Trixbox config as advised by the authors, but I always end up looking in the wrong place on the Trixbox website somehow.

So second best would be a sample script with auto load on boot.

No scratch that - the very bestest answer would be one that'll 'teach a man how to fish'. In other words... how do I lock it all down and _detect_ what ports Trixbox wants, then open them up and save the config for reload.

Note: I installed WebMin on the box, maybe it helps... I don't know :-)


SOLUTION
Avatar of grblades
grblades
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of andrejonker

ASKER

Thanks. But the above explanation is freely available - everywhere where I've looked for a more detailed explanatory and step by step instructive answer. I've tried to configure the same as above on a Netgear firewall, and eventually just gave up. I'd blame it on the Netgear device not having enough diagnostic tools to assist in the task, but in fact this shortcoming belongs to the Asterisk/Trixbox community. What surprises me is that this very general configuration is not documented in a HowTo fashion, there where it matters. It should be one of the primary topics in all the documentation. My question is essentially How Do I Do This.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
grblades

I don't want you to spend hours toiling over my config. My question is generic. Possibly the Asterisk community have already produced an answer, I just cannot find it.

What if I did not have a server or my final configuration depended on the outcome of this discussion here on EE.... In fact it does, because there is nothing in my SIP.CONF file or any other file that should be required to produce the firewall logic. The machine does not have a fixed IP on the Internet. ADSL is essentially a retail or residential product which in most cases do not issue fixed IP's.

I have previously shared config files here on EE and my server got hacked. If you are unable to assist without seeing the mess I made in my files... I thank you for your time and won't be offended if you move along to assist elsewhere.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thanks. Anyone have a sample iptables config they're willing to share then?