Multiple NIC's

kmullen

Joined
Dec 11, 2009
Messages
70
Likes
0
Points
0
#1
In my Elastix configuration the server has two NIC's. Only one was configured at installation with a private IP.
1) all phones register at the IP of the LAN interface.
2) router forwards all trunk connections with 1 to 1 NAT to LAN interface.

I would like to give the second NIC a public IP and have the trunks register there, and keep the IP phones registering on the LAN NIC.

When I tried to do this before, I couldn't get calls to complete inbound or outbound. Is there an easy way to set this up?
 

kmullen

Joined
Dec 11, 2009
Messages
70
Likes
0
Points
0
#2
Please I really need help with this. I think my firewall is creating problems on the server and I would like to put the PBX directly on Internet with public IP, and still have the phones register on the LAN NIC.
 

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#3
Yes. It is complex. It has security implications. Are you really sure you want to do this?

1) Install nic. You will need to bring it up from the console. 'ifconfig eth1 up'

2) Go into the web config from a local system, and set up networking. You will need to assign the IP, and the gateway. The gateway will be on your public nic.

3) You may need to assign static routs to see your internal network. (Unless it is flat.)

4) You will need to turn off a lot of services or at least bind them to the internal nic.

My notes...
/etc/ssh/sshd_config
Listen only on internal nic

/etc/httpd/conf/httpd.conf
Listen only on internal nic

/etc/httpd/conf.d/ssl.conf
Listen only on internal nic

service cyrus-imapd stop (Default "on" for 3, 4, 5)
chkconfig cyrus-imapd off

/etc/my.cnf
added "bind-address 127.0.0.1"

Install fail2ban
Dependencies; gamin, shorewall
Used this guide.
http://www.sunshinenetworks.com.au/how- ... ix-16.html

Edit /user/local/sbin/motd.sh to point to correct IP.

Add static routes for internal networks.
Look at http://www.linuxquestions.org/questions ... ute-16769/ or /etc/sysconfig/network-scripts/route-eth1
route add -net 192.168.251.0/24 gw 192.168.254.1
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#4

Lee Sharp

Joined
Sep 28, 2010
Messages
332
Likes
0
Points
0
#5
Nice link. One to keep with Stuarts Cheshire's rant about latency. The oldies never die. :)
 

kmullen

Joined
Dec 11, 2009
Messages
70
Likes
0
Points
0
#6
I do have the system working with external NIC now. Thank you very much for your assistance. Had a little problem installing fail2ban. Had to remove and reinstall with yum install fail2ban then it worked.

Should I go into IPTABLES and only allow the IP's I want to access the box?
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#7
Absolutely, a server without a firewall is a disaster waiting to happen,

netstat -aunt

will give you a list of all the inet services that are running on your machine, each and everyone should be handled to your needs, the more restrictive the better.

If you know what your doing and you used my reference, then modify the rules to suit your services and accesses allowed, if not there are many iptables scripts out there, I suggest

http://configserver.com/cp/csf.html
 

kmullen

Joined
Dec 11, 2009
Messages
70
Likes
0
Points
0
#8
Thanks Dicko, have the box on the net now and I have locked it down according to EWT. I did misunderstand however. I thought both fail2ban and the other firewall. I thought fail2ban was only being setup to block failed SIP authentications.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,902
Messages
130,886
Members
17,563
Latest member
dineshr
Top