[Asterisk-Users] SIP behind IPTables/NAT
David John Walsh
davidjohnwalsh at gmail.com
Tue Apr 26 11:01:30 MST 2005
First off
Isn't RTP a TCP protocol? or am I over tierd again?
Secondly - unless several conditions are met (canreinvite=yes being
one of them) it (asterisk) will still proxy the connection. - Check
your dial statement for T's ie T and t - the wiki has a full list.
David
On 4/26/05, Ian Pattison <ianp at technologyassociates.ca> wrote:
> Hi All,
>
> Can anyone help me out here? I'm having some issues configuring my IPTables firewall to properly NAT SIP and RTP packets to my asterisk server hiding behind it.
>
> Here are my current rules:
>
> #Inbound SIP to HERMES
> $IPTABLES -A PREROUTING -t nat -i $EXTIF -p udp --dport 5060 -j DNAT --to 192.168.123.4:5060
> $IPTABLES -A FORWARD -i $EXTIF -p udp -d 192.168.123.4 --dport 5060 -j ACCEPT
>
> #Inbound RTP to HERMES
> $IPTABLES -A PREROUTING -t nat -i $EXTIF -p udp --dport 10000:20000 -j DNAT --to 192.168.123.4:10000:20000
> $IPTABLES -A FORWARD -i $EXTIF -p udp -d 192.168.123.4 --dport 10000:20000 -j ACCEPT
>
> When I dial out via my SIP provider I appear to get a partial connection (the phone rings... that's a good sign) but no audio. Inbound I just get a busy and asterisk sees nothing. SIP SHOW REGISTRY shows me as registered with the remote host. Something else that worries me is that I'm seeing the good old "Attempting native bridge..." message when the destination picks up which, to my understanding, shouldn't happen since I have "canreinvite=no" set for both my SIP phone and SIP provider.
>
> Make sense to anyone?
>
> Ian
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list