a positron? phone system is on the lan. someone put it on the dmz - it needs to get data? from the Voip provider? but others are hacking into it. the voip provider is saying to white list their IP addresses.
a) can't do that when it's in the DMZ, right?
b) moving it back behind the firewall, I need to know what ports to forward to it, right? they should be able to tell me that?
c) then I have to hope the router will allow enough port forwarding rules?
Option 1:
1) Static route 4.3.3.0 to 192.168.1.50 (this will include any address in that subnet provided you know that they are all trusted from your provider of VOIP)
Then open the specified port range and set the destination host address as 192.168.1.50
Option 2:
Static route(Whitelist):
4.3.3.3 : 192.168.1.50
4.3.3.4 : 192.168.1.50
4.3.3.5 : 192.168.1.50
4.3.3.6 : 192.168.1.50
4.3.3.7 : 192.168.1.50
4.3.3.8 : 192.168.1.50
If you can't get a definitive answer from your VOIP provider, then option 2 is the best bet. Remember, set the static routes in your whitelist section. Then, you will only need to add 1 service type and port range in your port forwarding section pointing towards your host of 192.168.1.50.
This way, any traffic coming from 4.3.3.0 hitting your Ip will get dropped if its not looking for those ports you specify. Hope this helps.