Multiple NIC's

Discussion in 'General' started by kmullen, Nov 19, 2010.

  1. kmullen

    Joined:
    Dec 11, 2009
    Messages:
    70
    Likes Received:
    0
    In my Elastix configuration the server has two NIC's. Only one was configured at installation with a private IP.
    1) all phones register at the IP of the LAN interface.
    2) router forwards all trunk connections with 1 to 1 NAT to LAN interface.

    I would like to give the second NIC a public IP and have the trunks register there, and keep the IP phones registering on the LAN NIC.

    When I tried to do this before, I couldn't get calls to complete inbound or outbound. Is there an easy way to set this up?
     
  2. kmullen

    Joined:
    Dec 11, 2009
    Messages:
    70
    Likes Received:
    0
    Please I really need help with this. I think my firewall is creating problems on the server and I would like to put the PBX directly on Internet with public IP, and still have the phones register on the LAN NIC.
     
  3. Lee Sharp

    Joined:
    Sep 28, 2010
    Messages:
    332
    Likes Received:
    0
    Yes. It is complex. It has security implications. Are you really sure you want to do this?

    1) Install nic. You will need to bring it up from the console. 'ifconfig eth1 up'

    2) Go into the web config from a local system, and set up networking. You will need to assign the IP, and the gateway. The gateway will be on your public nic.

    3) You may need to assign static routs to see your internal network. (Unless it is flat.)

    4) You will need to turn off a lot of services or at least bind them to the internal nic.

    My notes...
    /etc/ssh/sshd_config
    Listen only on internal nic

    /etc/httpd/conf/httpd.conf
    Listen only on internal nic

    /etc/httpd/conf.d/ssl.conf
    Listen only on internal nic

    service cyrus-imapd stop (Default "on" for 3, 4, 5)
    chkconfig cyrus-imapd off

    /etc/my.cnf
    added "bind-address 127.0.0.1"

    Install fail2ban
    Dependencies; gamin, shorewall
    Used this guide.
    http://www.sunshinenetworks.com.au/how- ... ix-16.html

    Edit /user/local/sbin/motd.sh to point to correct IP.

    Add static routes for internal networks.
    Look at http://www.linuxquestions.org/questions ... ute-16769/ or /etc/sysconfig/network-scripts/route-eth1
    route add -net 192.168.251.0/24 gw 192.168.254.1
     
  4. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
  5. Lee Sharp

    Joined:
    Sep 28, 2010
    Messages:
    332
    Likes Received:
    0
    Nice link. One to keep with Stuarts Cheshire's rant about latency. The oldies never die. :)
     
  6. kmullen

    Joined:
    Dec 11, 2009
    Messages:
    70
    Likes Received:
    0
    I do have the system working with external NIC now. Thank you very much for your assistance. Had a little problem installing fail2ban. Had to remove and reinstall with yum install fail2ban then it worked.

    Should I go into IPTABLES and only allow the IP's I want to access the box?
     
  7. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Absolutely, a server without a firewall is a disaster waiting to happen,

    netstat -aunt

    will give you a list of all the inet services that are running on your machine, each and everyone should be handled to your needs, the more restrictive the better.

    If you know what your doing and you used my reference, then modify the rules to suit your services and accesses allowed, if not there are many iptables scripts out there, I suggest

    http://configserver.com/cp/csf.html
     
  8. kmullen

    Joined:
    Dec 11, 2009
    Messages:
    70
    Likes Received:
    0
    Thanks Dicko, have the box on the net now and I have locked it down according to EWT. I did misunderstand however. I thought both fail2ban and the other firewall. I thought fail2ban was only being setup to block failed SIP authentications.
     

Share This Page