Opening Asterisk@Home to the internet


#1

I see a lot of people placing their Asterisk@Home boxes in the DMZ on their NAT/Firewall Routers. Is this not bad?

I have also noticed that my VoIP service Providers (SipGate) IP address have appeared in the file sip_nat.conf

–sip_nat.conf
deny=0.0.0.0/0.0.0.0
permit=217.10.79.219/255.255.255.0
permit=217.10.79.218/255.255.255.0
permit=217.10.79.8/255.255.255.0

Does this mean that the Asterisk@Home box will only allow these IP’s to connect to it, making it ok to put the Asterisk box in the DMZ?

This is coming from a issue where I can not get my Asterisk@Home box to accept SipGate calls. Outgoing over SipGate is fine, just incoming thats broke.

Thanks.

Paul.


#2

Does this mean my questions we not understandable or that this type of knowledge is not available here?

Thanks

Paul.


#3

that knowledge is certainly here, not sure why you weren’t answered.

my question to you would be, why the hell do you want to expose your entire machine to the 'net ? my Asterisk server is on my DMZ and i port forward all the ports required from my providers (FWD, SipGate, VoipGate, goiax, etc) IP addresses to my Asterisk box. works fine for me on incoming calls.

unfortunately, too many of these routers have a DMZ that allows all traffic through, which in my opinion is a bit daft !!


#4

Which ports did you open at all? The thing I think about is how does the firewall handle the incoming RTP port?