Moving from Cisco 2821 + Multiple Asterisk boxes



  • Currently we are in the process of getting away from a Cisco 2821 and I am excited to get this HP DL360 w/ pfSense 2.0.1 installed.  Our setup requires us to have 6 Asterisk boxes that we have exposed to the internet in public IP space and simply rely on the SuSE firewall to handle firewalling which works out well.  I would like to keep the Asterisk boxes on their original public IP addresses but I would also like to see if I can have the best of both worlds by also passing the traffic through the pfSense box so I can take advantage of the the huge feature set that is pfSense.  We use multiple carriers for the SIP traffic and I am concerned about how introducing a NAT nightmare.  What would you guys recommend?  Can I use Virtual IP addressing and accomplish what I need?  Is there anything else I need to know about?

    Thanks in advance for any guidance!

    After further research, I think this might do it for me: http://doc.m0n0.ch/handbook/examples-filtered-bridge.html   Bridging.  What do you guys think?  I also checked this out: http://forum.pfsense.org/index.php?topic=35695.0  However, I think if bridging effectively skirts any NATing issue than bridging might be the way to do…



  • I would like some more specific information before commenting (or not commenting).

    @psilikon:

    Our setup requires us to have 6 Asterisk boxes that we have exposed to the internet in public IP space and simply rely on the SuSE firewall to handle firewalling which works out well.

    How are these servers exposed to the Internet in public IP space? (e.g. each has its own public IP address, they are all in the same subnet? …)

    You are proposing to replace the SuSE firewall by pfSense?

    What else will be governed by the pfSense  box (e.g. internal web server and SMTP accessible from public internet?)

    What kind of firewalling are you proposing to perform (e.g. keep everything except the SIP traffic? block access between the Asterix servers? ...)

    @psilikon:

    I would also like to see if I can have the best of both worlds by also passing the traffic through the pfSense box so I can take advantage of the the huge feature set that is pfSense.

    What features of pfSense do think you would like to take advantage of and for what purpose?

    @psilikon:

    We use multiple carriers for the SIP traffic and I am concerned about how introducing a NAT nightmare.

    What sort of "NAT nightmare"? I have never met a "NAT nightmare" and am finding it difficult to imagine what that might be like  :)

    How do the multiple SIP carriers relate to the 6 Asterix servers? (e.g. 1 carrier to each server? all carriers to each server?)

    @psilikon:

    Can I use Virtual IP addressing and accomplish what I need?

    I don't know enough about what you need!


Log in to reply