Re: PREROUTING - DNAT with iptables for an ASTERISK BOX

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

resend this mail, since it seems to have missed the list

Indunil Jayasooriya wrote:

Hi,

I am running a ASTERISK BOX behind a firewall. It is at DMZ .

Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it?

Pls assume that ip address that connects to Internet on firewall is 1.2.3.4 and is attached to eth0.
And ASTERISK BOX is 192.168.101.23

Then, What is the rule (PREROUTING) for it? What is the port to DNAT?

I think udp 5060. So I have added below 2 rules . But it does not work at all.

iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 --dport 5060 -j DNAT --to-destination 192.168.101.23:5060
iptables -A FORWARD -p udp -d 192.168.101.23 --dport 5060 -j ACCEPT

Can you help me to solve this issue?


You can fill in the variables yourself:
iptables -A FORWARD -i $EXTIF -o $INTIF -m multiport -p udp --dport 3478,4569,5060,10000:20000 -s $UNIVERSE -j ACCEPT
iptables -t nat -A PREROUTING -i $EXTIF -m multiport -p udp --dport 3478,4569,5060,10000:20000 -j DNAT --to-destination 192.168.101.23

SIP protocol (port 5060)
AIX protocol (port 4569)
STUN (port 3478) (not strictly needed)
Port 10000:20000 are needed for the RTP traffic, configure it in rtp.conf

You also need to setup this in sip.conf:
externip = 1.2.3.4
localnet=192.168.101.0/24


Theo

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux