Merge pull request #12720 from geekpi/new

translated
This commit is contained in:
geekpi 2019-03-13 08:56:16 +08:00 committed by GitHub
commit 2cc798dd31
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 75 additions and 75 deletions

View File

@ -1,75 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Connecting a VoIP phone directly to an Asterisk server)
[#]: via: (https://feeding.cloud.geek.nz/posts/connecting-voip-phone-directly-to-asterisk-server/)
[#]: author: (François Marier https://fmarier.org/)
Connecting a VoIP phone directly to an Asterisk server
======
On my [Asterisk][1] server, I happen to have two on-board ethernet boards. Since I only used one of these, I decided to move my VoIP phone from the local network switch to being connected directly to the Asterisk server.
The main advantage is that this phone, running proprietary software of unknown quality, is no longer available on my general home network. Most importantly though, it no longer has access to the Internet, without my having to firewall it manually.
Here's how I configured everything.
### Private network configuration
On the server, I started by giving the second network interface a static IP address in `/etc/network/interfaces`:
```
auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0
```
On the VoIP phone itself, I set the static IP address to `192.168.2.3` and the DNS server to `192.168.2.2`. I then updated the SIP registrar IP address to `192.168.2.2`.
The DNS server actually refers to an [unbound daemon][2] running on the Asterisk server. The only configuration change I had to make was to listen on the second interface and allow the VoIP phone in:
```
server:
interface: 127.0.0.1
interface: 192.168.2.2
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1/32 allow
access-control: 192.168.2.3/32 allow
```
Finally, I opened the right ports on the server's firewall in `/etc/network/iptables.up.rules`:
```
-A INPUT -s 192.168.2.3/32 -p udp --dport 5060 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p udp --dport 10000:20000 -j ACCEPT
```
### Accessing the admin page
Now that the VoIP phone is no longer available on the local network, it's not possible to access its admin page. That's a good thing from a security point of view, but it's somewhat inconvenient.
Therefore I put the following in my `~/.ssh/config` to make the admin page available on `http://localhost:8081` after I connect to the Asterisk server via ssh:
```
Host asterisk
LocalForward 8081 192.168.2.3:80
```
--------------------------------------------------------------------------------
via: https://feeding.cloud.geek.nz/posts/connecting-voip-phone-directly-to-asterisk-server/
作者:[François Marier][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fmarier.org/
[b]: https://github.com/lujun9972
[1]: https://www.asterisk.org/
[2]: https://feeding.cloud.geek.nz/posts/setting-up-your-own-dnssec-aware/

View File

@ -0,0 +1,75 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Connecting a VoIP phone directly to an Asterisk server)
[#]: via: (https://feeding.cloud.geek.nz/posts/connecting-voip-phone-directly-to-asterisk-server/)
[#]: author: (François Marier https://fmarier.org/)
将 VoIP 电话直接连接到 Asterisk 服务器
======
在我的 [Asterisk][1] 服务器上正好有张以太网卡。由于我只用了其中一个,因此我决定将我的 VoIP 电话从本地网络交换机换成连接到 Asterisk 服务器。
主要的好处是这台运行着未知质量专有软件的电话,在我的一般家庭网络中不再可用。最重要的是,它不再能访问互联网,因此无需手动配置防火墙。
以下是我配置的方式。
### 私有网络配置
在服务器上,我在 `/etc/network/interfaces` 中给第二块网卡分配了一个静态 IP
```
auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0
```
在 VoIP 电话上,我将静态 IP 设置成 `192.168.2.3`DNS 服务器设置成 `192.168.2.2`。我接着将 SIP 注册 IP 地址设置成 `192.168.2.2`
DNS 服务器实际上是一个在 Asterisk 服务器上运行的 [unbound 守护进程][2]。我唯一需要更改的配置是监听第二张网卡,并允许 VoIP 电话进入:
```
server:
interface: 127.0.0.1
interface: 192.168.2.2
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1/32 allow
access-control: 192.168.2.3/32 allow
```
最后,我在 `/etc/network/iptables.up.rules` 中打开了服务器防火墙上的正确端口:
```
-A INPUT -s 192.168.2.3/32 -p udp --dport 5060 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p udp --dport 10000:20000 -j ACCEPT
```
### 访问管理页面
现在 VoIP 电话在本地网络上不再可用,因此无法访问其管理页面。从安全的角度来看,这是一件好事,但它有点不方便。
因此,在通过 ssh 连接到 Asterisk 服务器之后,我将以下内容放在我的 `~/.ssh/config` 中以便通过 `http://localhost:8081` 访问管理页面:
```
Host asterisk
LocalForward 8081 192.168.2.3:80
```
--------------------------------------------------------------------------------
via: https://feeding.cloud.geek.nz/posts/connecting-voip-phone-directly-to-asterisk-server/
作者:[François Marier][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fmarier.org/
[b]: https://github.com/lujun9972
[1]: https://www.asterisk.org/
[2]: https://feeding.cloud.geek.nz/posts/setting-up-your-own-dnssec-aware/