Simple method is to add rules to your firewall and allow/block access as needed
WEBONLY="192.168.1.10" VOICEONLY="10.10.10.10" iptables -A INPUT -d $WEBONLY --dport 80 -j ACCEPT iptables -A INPUT -d $WEBONLY --dport 443 -j ACCEPT iptables -A INPUT -d $WEBONLY -j DROP iptables -A INPUT -p udp -m udp -d $VOIPONLY --dport 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -d $VOIPONLY --dport 10000:20000 -j ACCEPT iptables -A INPUT -d $VOIPONLY -j DROP
To get more complex,you can start messing with the bindports in asterisk and only bind asterisk to the single IP you want. You would need to do the same with the httpd and it's conf files to only listen on the proper IP. I think the firewall is simplest, as you can make changes in one place if your IPs change, rather than messing with a bunch of config files.
|