[Asterisk-Users] IptablesAsterisk

Andrea Bencini andrea.bencini at tin.it
Mon Sep 26 10:46:04 MST 2005 

I have Asterisk server(1.0.9)  behind Iptables firewall.
I configured Iptables and sip.conf as below.
Andrea(2000) is the outsider phone, on Internet with public IP
Luca(2001) is the insider phone, on local network with private IP as well
Asterisk server.
I noted the ports in play are 5060, 8000, 8001 and 10000:20000,so to test  I
put the large rule
$IPTABLES -A FORWARD -p udp --dport 8000:20000 -j ACCEPT
Andrea or Luca receive the rings,but not the voice.
Can you help me
thank
Andrea
---------------------------------------
IPTABLES

#!/bin/sh
IPTABLES=/sbin/iptables
# Internal network
#
LOC_IFACE=eth0
LOC_ADDR=10.100.0.0/24
LOC_IF=10.100.0.1
# External network
#
EST_IFACE=eth1
EST_ADDR=250.xxx.yyy.24/255.255.255.252
EST_IF=250.xxx.yyy.26
# Asterisk IP and port
#
PORAST=5060
ASTERISK=10.100.0.225
# deny everything for now
#
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP

# SIP on UDP port 5060
#
$IPTABLES -A FORWARD -i $EST_IFACE -p udp -d $ASTERISK --dport $PORAST -m
state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -o $EST_IFACE -p udp -s $ASTERISK --sport $PORAST -m
state --state ESTABLISHED -j ACCEPT

# Other port for phone comunication
#
$IPTABLES -A FORWARD -p udp --dport 8000:20000 -j ACCEPT


# Allow from internal to external
#
$IPTABLES -A FORWARD -o $EST_IFACE -s $LOC_ADDR  -m state --state
NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $EST_IFACE -d $LOC_ADDR  -m state --state
ESTABLISHED -j ACCEPT

$IPTABLES -t nat -A POSTROUTING -o $EST_IFACE -j SNAT --to $EST_IF

#  Asterisk on Internet
#
$IPTABLES -t nat -A PREROUTING -p udp -d $EST_IF --dport $PORAST -j
DNAT --to $ASTERISK:$PORAST
---------------------------------------
SIP.CONF

[general]

port = 5060
bindaddr = 0.0.0.0
allow = all
context = bogon-calls

[2000]

type = friend
username = 2000
callerid = Andrea Bencini <2000>
secret = 9overthruster7
host = dynamic
nat = yes
context = from-sip
mailbox = 100

[2001]

type = friend
username = 2001
callerid = Luca Bencini <2001>
secret = 11bbanzai9
host = dynamic
nat = yes
context = from-sip
mailbox = 101

More information about the asterisk-users mailing list