El jue, 02-06-2005 a las 02:14, Tony Mountifield escribi�:
> > Thank you for the valuable advice, I'll do exactly
> > what you are suggesting, No DHCP
>
> I find DHCP on my LAN extremely useful for both my and visiting laptops.
> Any machine that will be using my LAN regularly gets a static entry in
> /etc/dhcpd.conf so it will always get the same IP address. It also gets
> an entry in my local DNS.
That's right, and work great for me, full secure, users can't take
reserved IPs etc.
I have this:
- Internal DNS server configuring direct and reverse lookup to all my
sip phones
phone403.cipher.com.pe. in a 192.168.100.183
and in zone 192.168.100
183 IN PTR phone403.cipher.com.pe.
- DHCP server giving static IP for the phones:
host phone403.cipher.com.pe { hardware ethernet 00:0B:82:01:A4:70 ;
fixed-address phone403.cipher.com.pe ; }
- IPTables, matching IP and MAC Adress
#!/bin/sh
cat /etc/dhcpd.conf | grep ^host > /tmp/host-ip.txt
while read u
do
HOST=$(echo $u | awk '{ print $9 }' )
MAC=$(echo $u | awk '{ print $6 }' )
iptables -t nat -A PREROUTING -m mac -s $HOST -d $TODAS
--mac-source ! $MAC -j DROP
iptables -t nat -A PREROUTING -m mac -s ! $HOST -d $TODAS
--mac-source $MAC -j DROP
done < "/tmp/host-ip.txt"
And is and excellent for full secure PBX without conflict errors, and
working fine with my firewall.
Regards,
--
Ing CIP Alejandro Celi Mari�tegui
<[EMAIL PROTECTED]>
_______________________________________________
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
