<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""></div><div class="">Jerry has already clarified in a previous reply that he is running SIP over TCP, not UDP.</div><div class="">�</div><div class="">But he hasn't clarified on which machine he is applying the iptables header rewrite rules (10.201, or 1.3?).</div><div class=""><br class=""></div><div class="">Either way though, it seems like a kludgy work-around. IMO, it'd be better to focus on creating the correct Asterisk peer configuration for the peer that is operating on the non-standard separate port, and don't use any packet-header mangling at all.</div><div class=""><br class=""></div><div class="">Jerry, can you post your configuration for the peer in Asterisk? (eg from sip.conf)</div><div class=""><br class=""></div><div class="">Pete</div><div class=""><br class=""></div><div class=""><br class=""></div><div><blockquote type="cite" class=""><div class="">On 17/10/2016, at 12:27 pm, Duncan <<a href="mailto:duncan@e-simple.co.nz" class="">duncan@e-simple.co.nz</a>> wrote:</div></blockquote><blockquote type="cite" class=""><br class=""></blockquote><blockquote type="cite" class=""><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Don't you want udp rather than tcp?</p>
Have a look at the iptables stats to see if any packets are hitting
your rule. <br class="">
Also I think the source port from your host will be 5068 so your
replies will be to the right port but you can double check<br class="">
<br class="">
tcpdump is also very useful here<br class="">
<br class="">
sudo tcpdump -i eth0 -n udp and host 192.168.1.3 should show you
packets between your machine and your odd host<br class=""><p class="">Cheers Duncan<br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 17/10/16 11:55, Mike wrote:<br class="">
</div>
<blockquote cite="mid:alpine.LRH.2.20.1610161533060.20282@yoda.microdel.org" type="cite" class="">
<br class="">
I'm by no means an iptables guru...
<br class="">
<br class="">
Not sure if it's necessary to enable forwarding via:
<br class="">
echo "1" > /proc/sys/net/ipv4/ip_forward
<br class="">
<br class="">
Also have you tried without the "POSTROUTING" rule?
<br class="">
<br class="">
I seem to recall that "iptables" is smart enough to correctly
route packets back out without that rule.
<br class="">
<br class="">
<br class="">
On Sat, 15 Oct 2016, Jerry Geis wrote:
<br class="">
<br class="">
<blockquote type="cite" class="">I have a host 192.168.1.3 that wants to
run SIP on 5068 (long story).My host is 192.168.10.201.
<br class="">
My host needs to stay on 5060 because of all the other devices I
have connected.
<br class="">
<br class="">
I tried putting port=5068 in my SIP extension definition but
that did not work.
<br class="">
<br class="">
So I thought about using iptables to accomplish this:
<br class="">
<br class="">
iptables -t nat -A PREROUTING -p tcp --dport 5068
-j REDIRECT --to-port 5060
<br class="">
iptables -t nat -A POSTROUTING -p tcp --dport 5060 -d
192.168.1.3 -j REDIRECT --to-port 5068
<br class="">
<br class="">
<br class="">
Do I not have the right format of the command?
<br class="">
Anything incoming destined for 5068 redirect to 5060...
<br class="">
Anything going out to 192.168.1.3 and port 5060 redirect to
5068.
<br class="">
<br class="">
Seems like that should have worked?
<br class="">
<br class="">
Thoughts? sip show peers still says unreachable.
<br class="">
<br class="">
Thanks,
<br class="">
<br class="">
Jerry </blockquote></blockquote></div></div></blockquote></div></body></html>