[asterisk-users] iptables for SIP talk to other port
Duncan
duncan at e-simple.co.nz
Sun Oct 16 18:27:51 CDT 2016
Don't you want udp rather than tcp?
Have a look at the iptables stats to see if any packets are hitting your
rule.
Also I think the source port from your host will be 5068 so your replies
will be to the right port but you can double check
tcpdump is also very useful here
sudo tcpdump -i eth0 -n udp and host 192.168.1.3 should show you packets
between your machine and your odd host
Cheers Duncan
On 17/10/16 11:55, Mike wrote:
>
> I'm by no means an iptables guru...
>
> Not sure if it's necessary to enable forwarding via:
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> Also have you tried without the "POSTROUTING" rule?
>
> I seem to recall that "iptables" is smart enough to correctly route
> packets back out without that rule.
>
>
> On Sat, 15 Oct 2016, Jerry Geis wrote:
>
>> I have a host 192.168.1.3 that wants to run SIP on 5068 (long
>> story).My host is 192.168.10.201.
>> My host needs to stay on 5060 because of all the other devices I have
>> connected.
>>
>> I tried putting port=5068 in my SIP extension definition but that did
>> not work.
>>
>> So I thought about using iptables to accomplish this:
>>
>> iptables -t nat -A PREROUTING -p tcp --dport 5068 -j REDIRECT
>> --to-port 5060
>> iptables -t nat -A POSTROUTING -p tcp --dport 5060 -d 192.168.1.3 -j
>> REDIRECT --to-port 5068
>>
>>
>> Do I not have the right format of the command?
>> Anything incoming destined for 5068 redirect to 5060...
>> Anything going out to 192.168.1.3 and port 5060 redirect to 5068.
>>
>> Seems like that should have worked?
>>
>> Thoughts? sip show peers still says unreachable.
>>
>> Thanks,
>>
>> Jerry
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20161017/6e4eea5b/attachment.html>
More information about the asterisk-users
mailing list