Asterisk with two network cards?

So say I don’t want to worry much about QoS and just get another DSL line for VoIP, letting our existing DSL connection go on doing what its doing now. Could I install another NIC in the Asterisk box, hook the DSL line directly up to that (security concerns aside of course) and let the first one connect to our internal network? This way, I wouldn’t have to worry about our internal phones having issues with connecting directly to an Asterisk box behind our router and the Asterisk box would have its own connection to the net for VoIP. We run a fully switched network, and the Asterisk box doesn’t do anything else but Asterisk, so it could have the second DSL line all to itself. The only thing I see getting a little wierd is the Asterisk box trying to do VoIP with the first DSL line via our internal network.

Hi

Should work, You have to make sure the gateways are setup correctly. IE the sets gateway is the * server. Best way is to segment the phones off to their own vlan.

Ian

Ok. I guess I could just provision each phone out to use exclusively the Asterisk server and not get any info from the existing LAN but I can’t place the phones on their own VLAN. I plan on running one wire to the desktop for both the phone and the workstation (obviously I have phones that have two ethernet ports in them)

Or maybe I could just stop being a tool and get QoS working properly in our network. :smile:

Thanks for the help.

I run my asterisk with 2 NICS in it mainly because of the issues with NAT and outside connections. and also my asterisk can be a backup internet connection in the event of primary failure. my phones have 2 ports and still can run on their own VLAN. the main Port on the phone passes VOIP traffic on VLAN 90 and the secondary port on the phone passes data traffic on VLAN 1. VLAN 90 has priority of 6. VLAN 1 priority is 0.

the phones themselves have their gateway set to the asterisk box but the only reason the phones go to the internet is for NTP. I keep reinvites disabled so asterisk is always in the middle of any conversation.

I am using the mitel Dual mode phones that are VLAN aware.
-Christopher

I’m presently trying this with no luck. Looks like Asterisk doesn’t know which interface to route the outbound traffic on.

The phones seem to be able to register without any troubles.

Sorry to dig up an old post, but I’m just now getting back to my asterisk server. Could someone help me configure my phones/asterisk/linux box so traffic gets routed over the correct interface?

I’ve got two NICs, one with a static public IP and the other with a static private IP (internal). I’ve also got a Grandstream BT100. I’m not sure how to configure the interfaces and the phone. I’ve blocked all traffic from the internal interface on the Asterisk box to the internet using my router just to be sure it isn’t sending any traffic to the web on that interface. I want all internet traffic going through the public interface. How do I configure the interfaces on the box to make that happen? I’m also confused as to what to set my phone to also. Do I need to set the SIP server as the public interface to the Asterisk server? The private? What about the IP config for the phone? Obviously I don’t want the gateway to be set to my default router, but do I set the gateway to the public or private IP of the Asterisk server?

Thanks in advance all. This has been bugging me for a day or two.

Not really sure what you are trying to accomplish here. Does the asterisk server need access directly to the internet and not through your other router? The only reason I can think of doing this would be for oustide SIP connections taht you dont want to\cant put through the router. Otherwise its a huge security risk hanging a phone server directly off the internet.

If it doesnt need to hang directly off the internet you only need the one NIC and set the gateway to your router.

I agree with the previous poster. Hanging your * server right off the Internet is not a good thing. Hanging any application server right off the Internet is not a good thing.

My * box has only one NIC. It’s inside my LAN behind a very robust firewall which defaults to deny everything unless allowed by one of the rules. This same firewall will redirect packets for * ports when needed.

Nothing is 100% safe but there is nothing safe about putting your * server right up front in your LAN. I’d keep it inside.

i did this before thinking that i can separate * traffic to nic 1 and nic 2 for the internet/etc. i wasnt able to make things work.

i also experience problem wherein i have to shutdown nic 2 because asterisk can’t get through… eventually i ended up using 1 nic.

Well, the thing is, with my current SIP provider, I need to basically forward every UDP port from 1024 to 65535 to the * server. I really wanted to get away from having to do that. Also, I’m not 100% sure the router isn’t introducing some latency into the mix. I can easily set up a firewall on the * box using iptables.

And to answer your question swaterhouse, I want to have one nic so my phones can work behind the router, and another nic so I don’t have to mess with port forwarding and NAT issues with my SIP trunk.