[Asterisk-Users] SIP behind IPTables/NAT
Johan Akerstrom
Johan.Akerstrom at telamon.co.uk
Tue Apr 26 09:56:55 MST 2005
My iptable looks like this:
...
$IPTABLES -A FORWARD -i $INET_IFACE -o $LAN_IFACE-p udp -m udp --sport
5060 --dport 5060 -j ACCEPT
$IPTABLES -A FORWARD -i $INET_IFACE -o $LAN_IFACE-p udp -m udp --sport
10000:20000 --dport 10000:10003 -j ACCEPT
...
$IPTABLES -A FORWARD -i $LAN_IFACE -o $INET_IFACE -p udp -m udp --sport
5060 --dport 5060 -j ACCEPT
$IPTABLES -A FORWARD -i $LAN_IFACE -o $INET_IFACE -p udp -m udp --sport
10000:20000 --dport 10000:20000 -j ACCEPT
...
$IPTABLES -t nat -A PREROUTING -i ppp0 -p udp -m udp -s $SIP_PROVIDER_IP
--dport 5060 -j DNAT --to-destination $ASTERISK_IP
$IPTABLES -t nat -A PREROUTING -i ppp0 -p udp -m udp -s $SIP_PROVIDER_IP
--dport 10000:20000 -j DNAT --to-destination $ASTERISK_IP
...
Regards Johan
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Ian
Pattison
Sent: 26 April 2005 14:56
To: asterisk-users at lists.digium.com
Subject: [Asterisk-Users] SIP behind IPTables/NAT
Hi All,
Can anyone help me out here? I'm having some issues configuring my
IPTables firewall to properly NAT SIP and RTP packets to my asterisk
server hiding behind it.
Here are my current rules:
#Inbound SIP to HERMES
$IPTABLES -A PREROUTING -t nat -i $EXTIF -p udp --dport 5060 -j DNAT
--to 192.168.123.4:5060 $IPTABLES -A FORWARD -i $EXTIF -p udp -d
192.168.123.4 --dport 5060 -j ACCEPT
#Inbound RTP to HERMES
$IPTABLES -A PREROUTING -t nat -i $EXTIF -p udp --dport 10000:20000 -j
DNAT --to 192.168.123.4:10000:20000 $IPTABLES -A FORWARD -i $EXTIF -p
udp -d 192.168.123.4 --dport 10000:20000 -j ACCEPT
When I dial out via my SIP provider I appear to get a partial connection
(the phone rings... that's a good sign) but no audio. Inbound I just get
a busy and asterisk sees nothing. SIP SHOW REGISTRY shows me as
registered with the remote host. Something else that worries me is that
I'm seeing the good old "Attempting native bridge..." message when the
destination picks up which, to my understanding, shouldn't happen since
I have "canreinvite=no" set for both my SIP phone and SIP provider.
Make sense to anyone?
Ian
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
**********************************************************************
Please note: The e-mail accompanying this disclaimer is confidential and may also be privileged.
Please notify us immediately if you are not the intended recipient. You should not copy it, forward it, or use it for any purpose or disclose the contents to any person.
This email has been swept for viruses using tools from our preferred suppliers. Telamon Systems actively supply both mail-scanning and anti-virus products in addition to supplying a range of security, infrastructure and business solutions to our customers.
For further details please see our web site at www.telamon.co.uk, email information at telamon.co.uk or call our sales team on +44 (0)870 607 4747
**********************************************************************
More information about the asterisk-users
mailing list