[asterisk-users] SJphone behind NAT/Firewall without sound
kazabe
kazabe at gmail.com
Thu Apr 3 22:30:10 CDT 2008
Hi.
I need connect some LAN stations with SJphone to an Asterisk Server
published on Internet.
My Lan Clients access to Internet using a small linux firewall/proxy
server. I use the next firewall script. That is a simple script with
default policy ACCEPT, and NAT to share Internet. I can connect to
the asterisk server, authtenticate the users in the server, and dial
to any extension, but we can ear any sound. I need some additional
rules in my script?
Thanks in advance
#!/bin/bash
IPTABLES=/sbin/iptables
EXT="eth0"
INT="eth1"
case "$1" in
start)
echo "1" > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t nat -A POSTROUTING -s 192.168.12.0/24 -d 0.0.0.0/0 -o
$EXT -j MASQUERADE
$IPTABLES -t nat -A PREROUTING -p TCP -s 192.168.12.0/24 --dport 80
-d -j REDIRECT --to-port 3128
$IPTABLES -A INPUT -i $EXT -p ICMP -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p TCP --dport 22 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p TCP --dport 443 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p TCP --dport 80 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p TCP -m state --state RELATED -j ACCEPT
$IPTABLES -A INPUT -i $EXT -m state --state NEW,INVALID -j DROP
$IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID -j DROP
;;
stop)
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F
$IPTABLES -t nat -F
;;
restart)
$0 stop
sleep 2
$0 start
;;
status)
$IPTABLES -L
$IPTABLES --table nat --list --exact --verbose --numeric --line-numbers
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0
--
"Imagination is more important than knowlege"
A.E.
More information about the asterisk-users
mailing list