asterisk users - Jun 2005 - Asterisk Box as a Router, Firewall and DHCP Server

Hi,

I'm planning to get my Asterisk box out of the LAN,
get rid of my router and make the box acts as a
Router, Firewall, DHCP Server (with Shorewall).

I'll do that to be able to use some SIP clients
remotely.

Does anyone doing the same with the Asterisk box, is
it a good idea, is there any other solution for the
SIP emote Clients.

Regards.



		
__________________________________ 
Discover Yahoo! 
Stay in touch with email, IM, photo sharing and more. Check it out! 
http://discover.yahoo.com/stayintouch.html

On Wednesday 01 June 2005 23:27, Samy Antoun wrote:
> Hi,
>
> I'm planning to get my Asterisk box out of the LAN,
> get rid of my router and make the box acts as a
> Router, Firewall, DHCP Server (with Shorewall).
>
> I'll do that to be able to use some SIP clients
> remotely.
>
> Does anyone doing the same with the Asterisk box, is
> it a good idea, is there any other solution for the
> SIP emote Clients.
>
> Regards.
It really depends on what kind of load that cpu is going to have. There's no
technical problems with doing the above. Except I don't see the point with 
having a dhcp server, unless you are an ISP.

My anti dhcp speech: DHCP makes it hard to see who's connection/packets you 
are looking at when you are checking out what is going on on the LAN. You 
won't be able to learn the typical activities that people do, and so be able
to recognise odd behavor. Every time you see an IP you have to figure out who 
it belongs to. The work to add a specific IP is so short anyway. 

Router and Firewall services are not very consuming, nor is a DHCP server. But 
the idea is that if you start having quality problems or you are going to 
push the box, you'd be smart to have absolutely nothing running but what you
actually need.

A well configured Linux box is usually better than an off the shelve dedicated 
appliance. They have too many money vs technical issues and technology 
suffers. That's pretty much true with all of them. 

-- 

Steve Szmidt

"They that would give up essential liberty for temporary safety 
deserve neither liberty nor safety."
                                Benjamin Franklin

On my * box at home (a dual PIII 1.2Ghz with 512Mb RAM), I'm running * 
(2 single-port FXO cards and SIP/IAX upstreams), MythTV (home theatre 
SW), file & print services and other ancillary services. I have enough 
CPU grunt to decode video (watch DivX) and talk on the phone (inc 
transcoding).

* on it's own is reasonably light on resources.

Go for it!

=========================================Rod Bacon - VOIP Systems Engineer
Empowered Communications
Ground Floor, 102 York St. South Melbourne
Victoria, Australia. 3205
Phone: +613 99401600    Fax: +613 99401650
=========================================

Samy Antoun wrote:
> Hi,
> 
> I'm planning to get my Asterisk box out of the LAN,
> get rid of my router and make the box acts as a
> Router, Firewall, DHCP Server (with Shorewall).
> 
> I'll do that to be able to use some SIP clients
> remotely.
> 
> Does anyone doing the same with the Asterisk box, is
> it a good idea, is there any other solution for the
> SIP emote Clients.
> 
> Regards.
> 
> 
> 
> 		
> __________________________________ 
> Discover Yahoo! 
> Stay in touch with email, IM, photo sharing and more. Check it out! 
> http://discover.yahoo.com/stayintouch.html
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users@lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 
>

> Go for it!
I will Rod, wish me luck.

Thanks


		
__________________________________ 
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html

On Wed, Jun 01, 2005 at 08:27:31PM -0700, Samy Antoun
wrote:
> Hi,
> 
> I'm planning to get my Asterisk box out of the LAN,
> get rid of my router and make the box acts as a
> Router, Firewall, DHCP Server (with Shorewall).
Regarding the DHCP part:

On Rapid we added dnsmasq as an the dns/dhcp server (not installed by
default). This is also what we use in our office. It is very simple to
use. If you enble in /etc/dnsmasq.conf "read-ethers" then making a
reservation is as simple as adding an entry to /etc/ethers (and you can
use host names from /etc/hosts in /etc/ethers, keeping the IPs to
/etc/hosts alone). 

So I hearlt recommend dnsmasq (version 2).
Don't waste time on trying to set up bind and ISC-dhcpd :-)

-- 
Tzafrir Cohen         | tzafrir@jbr.cohens.org.il | VIM is
http://tzafrir.org.il |                           | a Mutt's  
tzafrir@cohens.org.il |                           |  best
ICQ# 16849755         |                           | friend

> I'm planning to get my Asterisk box out of the LAN,
> get rid of my router and make the box acts as a
> Router, Firewall, DHCP Server (with Shorewall).
> 
> I'll do that to be able to use some SIP clients
> remotely.
> 
> Does anyone doing the same with the Asterisk box, is
> it a good idea, is there any other solution for the
> SIP emote Clients.
I'm new here but have to go ahead and throw in a reply - I'm doing
something very similar to this but in a different way... I have a
FreeBSD box that is already set up to be my router/firewall/IDS/MySQL
server.  I'm working on getting it set up with Asterisk... just got it
working with FWD and a Packet8 DTA based phone.

I have to admit, there's a lot of stuff to wrap your head around with
this stuff!

Hatton

On Thursday 02 June 2005 11:18, Dave Cotton wrote:
> On Thu, 2005-06-02 at 10:09 -0500, Kristian Kielhofner wrote:
> > Dave Cotton wrote:
> > > Have another look at it because this only scratches the surface. 
I
> > > love DHCP.
> >
> >  I second this completely.  ISC DHCP allows you to do some crazy
> > things...  Start doing diskless clients with PXE/Etherboot and you can
> > start to realize how truely flexible and powerful it is!
>
>    host ws101 {
>         hardware ethernet       00:50:04:45:39:EC;
>         fixed-address           192.168.1.101;
>         if substring(option vendor-class-identifier, 0, 9) >
"PXEClient" {
>                 filename "/3c905c-tpo.lzpxe";
>         }else if substring (option vendor-class-identifier, 0, 9) >
"Etherboot" {
>                 filename "/lts/vmlinuz.ltsp";
>                 option vendor-encapsulated-options
> 3c:09:45:74:68:65:72:62:6f:6f:74:ff;
>                 }
>         }
>
> Exactly!!
Mmm. I hate to admit it but you _might_ have a valid use model here. : )
Suppose I can always come back with yet another service that needs to be 
running and open for hacks. But it does look pretty interesting... Thanks!
-- 

Steve Szmidt

"They that would give up essential liberty for temporary safety 
deserve neither liberty nor safety."
                                Benjamin Franklin

El mi?, 01-06-2005 a las 22:27, Samy Antoun escribi?:
> I'm planning to get my Asterisk box out of the LAN,
> get rid of my router and make the box acts as a
> Router, Firewall, DHCP Server (with Shorewall).
> 
> I'll do that to be able to use some SIP clients
> remotely.
> 
> Does anyone doing the same with the Asterisk box, is
> it a good idea, is there any other solution for the
> SIP emote Clients.
> 
> Regards.
Works fine for me, but I have my Asterisk behind another Linux iptables
firewall cause the DoS and the mass attacks (perhaps you will use MySQL
too), a lot of danger for you.

I don't use DHCP for external clients, but we authenticate MAC address
by iptables.

Regards,

-- 
Ing CIP Alejandro Celi Mari?tegui 
<alex@linux.org.pe>

Unofficial:

"Digium guesses that their DS3 card will be $3k - $4k."

-- tack on a k or two to be safe.

Later this year is my guess... from what I heard.

-m

On Thu, 2 Jun 2005, Nathan wrote:
> Does anyone have an estimate for the pricing on the DS3000P DS3 PCI card by
> Digium? How about a timeframe?
>
> Thanks,
>
> Nathan 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users@lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>  http://lists.digium.com/mailman/listinfo/asterisk-users
>