<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2604" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I'm not exactly sure but I think what are you
talking about.</FONT></DIV>
<DIV><FONT face=Arial size=2>My linux PC has twp IP, one public
(80.xxx.xxx.xxx) and one private, assigned by me (192.168.0.1)</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I should allow incoming packet from
outside:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>iptables -A INPUT -p udp -m udp --dport 4569 -j
ACCEPT</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>and I should forward these packets to the private
IP address:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>iptables -A FORWARD -i $EXTERNAL_INTERFACE
-p udp -d 192.168.0.1 --dport 4569 -j ACCEPT<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Is it right?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=wsiler@education2020.com href="mailto:wsiler@education2020.com">Wiley
Siler</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=asterisk-users@lists.digium.com
href="mailto:asterisk-users@lists.digium.com">Asterisk Users Mailing List -
Non-Commercial Discussion</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, March 12, 2005 12:41
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: [Asterisk-Users] Asterisk,
IAX2 and iptables</DIV>
<DIV><FONT face=Arial size=2></FONT><BR></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>Hello Androtech,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>The issue you are having is by design. >From a
firewall stand point, you would never want packets coming in from the external
unsecured to terminate at the internal nic IP. That is
counter-intuitive. You might FORWARD that traffic somewhere
internal but you would not move it to the internal NIC.
</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>If Asterisk is listening on your internal NIC because you
have set an explicit IP in the configs, then change that reference to 0.0.0.0
so Asterisk will listen on all available IPs. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>Then Open the sip port on your external IP.
Restart and Asterisk will be listening both ways and the external IP should
now be accessible via the correct port.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>Regards,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2>Wiley</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=751393623-11032005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV><FONT face=Arial color=#0000ff
size=2></FONT><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> asterisk-users-bounces@lists.digium.com
[mailto:asterisk-users-bounces@lists.digium.com] <B>On Behalf Of
</B>Androtech<BR><B>Sent:</B> Friday, March 11, 2005 4:30 PM<BR><B>To:</B>
Asterisk Users Mailing List - Non-Commercial Discussion<BR><B>Subject:</B>
[Asterisk-Users] Asterisk, IAX2 and iptables<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT face=Arial size=2>Does someone experienced these kind of
configuration:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>linux box connected to internet by USB modem. It
runs iptables for firewall. Iptables is set to masquerade (NAT) all the other
PCs of the LAN. In the same PC Asterisk is running.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>PROBLEM: when I try to register my software phone
to Asterisk and I'm out of my LAN, I cannot do it. The problem seems to
be related to the firewall that does not allow incoming packets for the IAX2
protocol</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I already set the following rule, as
described to <A
href="http://www.voip-info.org/wiki-Asterisk+firewall+rules">http://www.voip-info.org/wiki-Asterisk+firewall+rules</A>,</FONT></DIV>
<DIV><FONT face=Arial size=2>but I didn't get any good result.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>iptables -A INPUT -p udp -m udp --dport 4569 -j
ACCEPT</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Any idea?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<P></P><FONT face=Arial size=2></FONT>
<HR>
<P></P>_______________________________________________<BR>Asterisk-Users
mailing
list<BR>Asterisk-Users@lists.digium.com<BR>http://lists.digium.com/mailman/listinfo/asterisk-users<BR>To
UNSUBSCRIBE or update options visit:<BR>
http://lists.digium.com/mailman/listinfo/asterisk-users</BLOCKQUOTE></BODY></HTML>