voice IP

Manuel Tato <madness@xxxxxxxxxxxxx> · Mon, 03 Nov 2003 17:25:28 -0300

i have this firewall, i have at 192.168.1.40 a voice ip gateway, i'm 
doing portforward to this ip.

i make phone calls with out major problems, but i can´t recive any...

someone have voip experience trough linux fw/routers?

thanks in advance

manuel

#!/bin/bash
# eth1--> Modem/ADSL
# eth0--> LAN
#
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ipt_MASQUERADE
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe iptable_nat
modprobe ip_conntrack_h323
modprobe ip_nat_h323
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -A INPUT -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -A OUTPUT -j ACCEPT

iptables -A FORWARD -p tcp --sport 137:139 -j DROP
iptables -A FORWARD -p udp --sport 137:139 -j DROP
#    NFS Mount Service (TCP/UDP 635)
iptables -A FORWARD -p tcp --sport 635 -j DROP
iptables -A FORWARD -p udp --sport 635 -j DROP
#    NFS (TCP/UDP 2049)
iptables -A FORWARD -p tcp --sport 2049 -j DROP
iptables -A FORWARD -p udp --sport 2049 -j DROP
#    Portmapper (TCP/UDP 111)
iptables -A FORWARD -p tcp --sport 111 -j DROP
iptables -A FORWARD -p udp --sport 111 -j DROP
# Block incoming syslog, lpr, rsh, rexec...
iptables -A FORWARD -i eth1 -p udp --dport syslog -j DROP
iptables -A FORWARD -i eth1 -p tcp --dport 515 -j DROP
iptables -A FORWARD -i eth1 -p tcp --dport 514 -j DROP
iptables -A FORWARD -i eth1 -p tcp --dport 512 -j DROP
###
#
# NAT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
######
#####
#######
iptables -A FORWARD -p tcp --sport 1719:1789 -j ACCEPT
iptables -A FORWARD -p udp --sport 1719:1789 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to 
192.168.1.40:80

iptables -A FORWARD -i eth1 -p tcp -d 192.168.1.40 --dport 80 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp --dport 23 -i eth1 -j DNAT --to 
192.168.1.40:23

iptables -A FORWARD -i eth1 -p tcp -d 192.168.1.40 --dport 23 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp --dport 161 -i eth1 -j DNAT --to 
192.168.1.40:161

iptables -A FORWARD -i eth1 -p tcp -d 192.168.1.40 --dport 161 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp --dport 1726:1789 -i eth1 -j DNAT 
--to 192.168.1.40:1726:1789

iptables -A FORWARD -i eth1 -p tcp -d 192.168.1.40 --dport 1726:1789 -j 
ACCEPT

iptables -t nat -A PREROUTING -p udp --dport 1726:1789 -i eth1 -j DNAT 
--to 192.168.1.40:1726:1789

iptables -A FORWARD -i eth1 -p udp -d 192.168.1.40 --dport  1726:1789 -j 
ACCEPT