asterisk users - Oct 2010 - Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?

Hi Everyone

I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box
that needs to be secured at all times. Currently it's not connected to the
internet. If it were connected, I would have iptables block any and all
traffic from outside but I want a single device - Linksys PAP2T - to be able
to connect back to the server. That is a stand alone device and doesn't
support VPN and I don't have the luxury of putting a VPN client on the PAP2T
side to connect back to the server. Is there any way I can DynDNS on the
PAP2T to somehow notify the Asterisk Server that it's a safe device coming
in?

I do use fail2ban but that is not what I am looking for at this moment. And
since the IP is dynamic on the PAP2T, I can't just use the iptables to let
it in as it might change all a sudden.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20101002/269c2cc9/attachment.htm

On 10/02/2010 02:56 PM, bruce bruce wrote:
> Hi Everyone
>
> I think PAP2T supports DynDNS and other Dynamic DNS providers. I have 
> a box that needs to be secured at all times. Currently it's not 
> connected to the internet. If it were connected, I would have iptables 
> block any and all traffic from outside but I want a single device - 
> Linksys PAP2T - to be able to connect back to the server. That is a 
> stand alone device and doesn't support VPN and I don't have the
luxury
> of putting a VPN client on the PAP2T side to connect back to the 
> server. Is there any way I can DynDNS on the PAP2T to somehow notify 
> the Asterisk Server that it's a safe device coming in?
>
> I do use fail2ban but that is not what I am looking for at this 
> moment. And since the IP is dynamic on the PAP2T, I can't just use the 
> iptables to let it in as it might change all a sudden.
>
> Thanks
do the dyndns on whatever router is in front of the pap2t
or
get some other box that supports it.


other than that you are looking for some sort of magic bullet

On Sat, 2 Oct 2010 14:56:11 -0400, bruce bruce wrote
> Hi Everyone
> 
> I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box
that needs to be secured at all times. Currently it's not connected to the
internet. If it were connected, I would have iptables block any and all traffic
from outside but I want a single device - Linksys PAP2T - to be able to connect
back to the server. That is a stand alone device and doesn't support VPN and
I don't have the luxury of putting a VPN client on the PAP2T side to connect
back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify
the Asterisk Server that it's a safe device coming in?
> 
> I do use fail2ban but that is not what I am looking for at this moment. And
since the IP is dynamic on the PAP2T, I can't just use the iptables to let
it in as it might change all a sudden.
>
The PAP2T does not include DynDns (or any other dynamic DNS client) support.?
Mostly because it really does not need to.? Asterisk gets the IP address of the
PAP2T when it registers so it does not need anything else to find it.? If you
are unwilling or unable to open/expose the necessary ports to the Internet then
there is no way for the PAP2T to communicate with your Asterisk server.

Maybe you could have a SIP proxy on the outside on a static IP and then allow
that Proxy to relay the PAP2T into your network?

-- 
Carlos Chavez 
Director de Tecnolog?a 
Telecomunicaciones Abiertas de M?xico S.A. de C.V. 
Tel: +52-55-91169161 Ext 2001
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20101003/86e2f133/attachment.htm