13 Jan
2010
13 Jan
'10
1:16 p.m.
Klaus-
Jeff Brower schrieb:
> Raúl-
>
>> On Tuesday 12 January 2010 17:46:15 Vikram Ragukumar wrote:
>>> Daniel,
>>>
>>> Thank you for your reply.
>>>
>>> -----------------------
>>>
>>> | CentOS5.4 | -----------
>>>
>>> -------- | ---- --- ---- | | CentOS5.4 |
>>>
>>> |Internet|--|eth0|---|br0|---|eth1|----| Asterisk |
>>>
>>> -------- | ---- --- ---- | -----------
>>>
>>> | Kamailio + rtpproxy |
>>>
>>> -----------------------
>>>
>>> br0 has a static Public IPv4 address a.b.c.d, and acts as a bridge
>>> between eth0 and eth1. Both eth0 and eth1 do not have IPv4 addresses.
>> Why did you use a bridge interface (br0) between Kamailio and Asterisk ? ...
>> did you know that you will overload your kamailio machine without need .. ?
>
> This is a customer requirement, otherwise we wouldn't do it. The customer wants
the Asterisk server and some other
> servers on a different LAN segment. We can remove the bridge for testing.
Thanks for your reply Klaus.
With a bridge interface you do not have different LAN
segments. A bridge
bridges multiple LAN segments into a single one.
Yes I was not clear... I just meant they wanted to keep the Asterisk server on a different
segment for their reasons,
and use a bridge to the Kamailio server.
Probably they want to
have some kind of security for their Asterisk server, but using a bridge
interface connects the Internet and the LAN segment transparently. Maybe
you have to teach the customer.
Very possible. Once we have it working both ways (with/without bridge), I have a feeling
the bridge may cause enough
issues -- or not enough advantages -- and it will be easier to convince them to re-think.
For separating the networks, it would be better (from
security point of
view), to NOT use a bridge interface, but do the bridging on application
layer. Therefore Kamailio supports "multi-homing" and therefore rtpproxy
has a "bridge-mode".
-----------------------
| |
| -Kamailio- | -----------
| / | \ |
-------- | ------- | ------- | | CentOS5.4 |
| | |
|Internet|--| eth0 | | | eth1 |---| Asterisk |
| | |
-------- | ------- | ------- | -----------
| \ V / |
| -rtpproxy- |
-----------------------
In this setup, if you disable routing on the Kamailio server, there is
no direct connection possible between the Internet and the Asterisk
server. Only data which passed either Kamailio or rtpproxy can get from
the Internet into the LAN segment.
In this case, Kamailio+rtpproxy are working in SBC-like style.
In this setup, can Kamailio allow non-SIP protocols (HTTP, SSH, etc) to pass to the
Asterisk server and/or other servers?
-Jeff