[asterisk-users] SJphone behind NAT/Firewall without sound
Amit Nagpal
anagpal at velankani.com
Fri Apr 4 01:55:08 CDT 2008
Is the Asterisk server yours? I am trying to figure out if Asterisk is in
your control and if it could be a problem at Asterisk, rather than your
SJPhone or your script, because I don't see any glaring problems in the
script.
Regards,
Amit.
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of kazabe
Sent: Friday, April 04, 2008 9:00 AM
To: asterisk-users at lists.digium.com
Subject: [asterisk-users] SJphone behind NAT/Firewall without sound
Hi.
I need connect some LAN stations with SJphone to an Asterisk Server
published on Internet.
My Lan Clients access to Internet using a small linux firewall/proxy
server. I use the next firewall script. That is a simple script with
default policy ACCEPT, and NAT to share Internet. I can connect to
the asterisk server, authtenticate the users in the server, and dial
to any extension, but we can ear any sound. I need some additional
rules in my script?
Thanks in advance
#!/bin/bash
IPTABLES=/sbin/iptables
EXT="eth0"
INT="eth1"
case "$1" in
start)
echo "1" > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t nat -A POSTROUTING -s 192.168.12.0/24 -d
0.0.0.0/0 -o
$EXT -j MASQUERADE
$IPTABLES -t nat -A PREROUTING -p TCP -s 192.168.12.0/24
--dport 80
-d -j REDIRECT --to-port 3128
$IPTABLES -A INPUT -i $EXT -p ICMP -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p TCP --dport 22 -m state
--state NEW -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p TCP --dport 443 -m state
--state NEW -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p TCP --dport 80 -m state
--state NEW -j ACCEPT
$IPTABLES -A INPUT -p TCP -m state --state RELATED -j ACCEPT
$IPTABLES -A INPUT -i $EXT -m state --state NEW,INVALID -j
DROP
$IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID -j
DROP
;;
stop)
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F
$IPTABLES -t nat -F
;;
restart)
$0 stop
sleep 2
$0 start
;;
status)
$IPTABLES -L
$IPTABLES --table nat --list --exact --verbose --numeric
--line-numbers
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0
--
"Imagination is more important than knowlege"
A.E.
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list