<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1479" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>Hello Androtech,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>The issue you are having is by design. >From a
firewall stand point, you would never want packets coming in from the external
unsecured to terminate at the internal nic IP. That is
counter-intuitive. You might FORWARD that traffic somewhere
internal but you would not move it to the internal NIC.
</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>If Asterisk is listening on your internal NIC because you
have set an explicit IP in the configs, then change that reference to 0.0.0.0 so
Asterisk will listen on all available IPs. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>Then Open the sip port on your external IP.
Restart and Asterisk will be listening both ways and the external IP should now
be accessible via the correct port.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>Regards,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>Wiley</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> asterisk-users-bounces@lists.digium.com
[mailto:asterisk-users-bounces@lists.digium.com] <B>On Behalf Of
</B>Androtech<BR><B>Sent:</B> Friday, March 11, 2005 4:30 PM<BR><B>To:</B>
Asterisk Users Mailing List - Non-Commercial Discussion<BR><B>Subject:</B>
[Asterisk-Users] Asterisk, IAX2 and iptables<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT face=Arial size=2>Does someone experienced these kind of
configuration:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>linux box connected to internet by USB modem. It
runs iptables for firewall. Iptables is set to masquerade (NAT) all the other
PCs of the LAN. In the same PC Asterisk is running.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>PROBLEM: when I try to register my software phone
to Asterisk and I'm out of my LAN, I cannot do it. The problem seems to be
related to the firewall that does not allow incoming packets for the IAX2
protocol</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I already set the following rule, as
described to <A
href="http://www.voip-info.org/wiki-Asterisk+firewall+rules">http://www.voip-info.org/wiki-Asterisk+firewall+rules</A>,</FONT></DIV>
<DIV><FONT face=Arial size=2>but I didn't get any good result.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>iptables -A INPUT -p udp -m udp --dport 4569 -j
ACCEPT</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Any idea?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>