[Asterisk-Users] Asterisk, IAX2 and iptables

Androtech androtech at gigliesi.it
Fri Mar 11 16:56:16 MST 2005


I'm not exactly sure but I think what are you talking about.
My linux PC has twp IP, one public (80.xxx.xxx.xxx) and one private, assigned by me (192.168.0.1)

I should allow incoming packet from outside:

iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT

and I should forward these packets to the private IP address:

iptables -A FORWARD -i $EXTERNAL_INTERFACE -p udp -d 192.168.0.1 --dport 4569 -j ACCEPT

Is it right?

Regards,

  ----- Original Message ----- 
  From: Wiley Siler 
  To: Asterisk Users Mailing List - Non-Commercial Discussion 
  Sent: Saturday, March 12, 2005 12:41 AM
  Subject: RE: [Asterisk-Users] Asterisk, IAX2 and iptables


  Hello Androtech,

  The issue you are having is by design.  >From a firewall stand point, you would never want packets coming in from the external unsecured to terminate at the internal nic IP.  That is counter-intuitive.  You might FORWARD that traffic somewhere internal but you would not move it to the internal NIC.  

  If Asterisk is listening on your internal NIC because you have set an explicit IP in the configs, then change that reference to 0.0.0.0 so Asterisk will listen on all available IPs.  

  Then Open the sip port on your external IP.  Restart and Asterisk will be listening both ways and the external IP should now be accessible via the correct port.

  Regards,
  Wiley




------------------------------------------------------------------------------
  From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Androtech
  Sent: Friday, March 11, 2005 4:30 PM
  To: Asterisk Users Mailing List - Non-Commercial Discussion
  Subject: [Asterisk-Users] Asterisk, IAX2 and iptables


  Does someone experienced these kind of configuration:

  linux box connected to internet by USB modem. It runs iptables for firewall. Iptables is set to masquerade (NAT) all the other PCs of the LAN. In the same PC Asterisk is running.

  PROBLEM: when I try to register my software phone to Asterisk and I'm out of my LAN, I cannot do it. The problem seems to be related to the firewall that does not allow incoming packets for the IAX2 protocol

  I already set the following rule, as described to http://www.voip-info.org/wiki-Asterisk+firewall+rules,
  but I didn't get any good result.

  iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT

  Any idea?

  Regards,




------------------------------------------------------------------------------


  _______________________________________________
  Asterisk-Users mailing list
  Asterisk-Users at lists.digium.com
  http://lists.digium.com/mailman/listinfo/asterisk-users
  To UNSUBSCRIBE or update options visit:
     http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050311/ff896a62/attachment.htm


More information about the asterisk-users mailing list