blog:port_forwarding_geek_out
Differences
This shows you the differences between two versions of the page.
— | blog:port_forwarding_geek_out [2022/06/10 17:00] (current) – created mike | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Port Forwarding Geek Out ====== | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | This is the version of an email sent out about once a week it seems. It was the reason I started the Blog portion of the wiki. It's less formal but a much more conversational mode of information exchange. I hope it helps answer some questions. | ||
+ | |||
+ | === The email === | ||
+ | |||
+ | Eric, Brad, | ||
+ | |||
+ | I'm the "chief geek" at ring-u, figured I'd jump in directly and help. | ||
+ | I'm apologizing in advance for the " | ||
+ | |||
+ | Just to make sure this is needed: External Port Forwarding is only | ||
+ | needed if you are trying to use external phones (phones outside of | ||
+ | your internal network). | ||
+ | |||
+ | For our typical customers, a simple port forward is " | ||
+ | stars" and solves their needs with a minimal security risk. The Hello | ||
+ | Hub itself has a good adaptive firewall that blocks IP's on failed | ||
+ | login and communications attempts. If you are curious, a list of these | ||
+ | is maintained and updated in real time: | ||
+ | https:// | ||
+ | |||
+ | It's possible to limit the external IP for ports 5060 and 5061, but | ||
+ | you may have to change those if the upstream VoIP servers change | ||
+ | (happens rarely but possible). Ports 10, | ||
+ | change for almost every call. You (and us) would have to maintain a | ||
+ | " | ||
+ | |||
+ | When using external phones (a mobile phone with an " | ||
+ | physical phone) they may connect from just about anywhere on the | ||
+ | planet. We have customers using remote phones on other continents. | ||
+ | Even locally, this is a wide range of addresses. | ||
+ | |||
+ | ===Lets go to serious paranoid geek mode:=== | ||
+ | |||
+ | ===Option #1: VPN=== | ||
+ | Use a VPN. OpenVPN specifically (I use it a lot) works very well. The | ||
+ | office Hello Hub will not need ports forwarded to it. The fun part is: | ||
+ | Now you have a VPN to manage, all endpoints will need a VPN client, | ||
+ | and you need a VPN Server, probably a part of your firewall. That's a | ||
+ | decent amount of work, unless you need it for other things as well. | ||
+ | This solution also works well for remote offices with multiple phones. | ||
+ | |||
+ | ===Option #2: Hybrid=== | ||
+ | We setup a hybrid cloud system. the Hello Hub on-site manages the | ||
+ | local phones, and the main PBX is hosted. We charge $25 per month for | ||
+ | that hosted PBX, but we don't charge per phone connected to it. All | ||
+ | phones, even the external ones, use the hosted PBX for VoIP traffic, | ||
+ | no port forwarding is required. Caveat: like all hosted system each | ||
+ | phone is constantly communicating to the cloud system and there may be | ||
+ | noticeable (but extremely minor) differences. | ||
+ | |||
+ | ===Option #3: 2nd Net=== | ||
+ | Consider the phone network " | ||
+ | it on it's own internal network. We have a lot of customers that do | ||
+ | this using the " | ||
+ | firewall/ | ||
+ | |||
+ | ===Option #4: Why?=== | ||
+ | Re-assess the need for full on VoIP external phones instead of just | ||
+ | call forwards to cell phones. | ||
+ | |||