Running Gentoo, kernel version 2.4.24 on a Sparc Ultra 10
I have recently purchased Vonage Voice over IP. In their 'how to make this work with a linksys device', they say (basically):
Forward udp ports 53, 69, 5060, 5061, and 10000-20000 to the device.
I interpret this to mean:
iptables -t nat -A PREROUTING -i eth0 -p udp -d $EXTERNAL_IP \ --dport 53 -j DNAT --to 192.168.0.5:53
etc for each port.
Unfortunatly, I don't seem to be able to specify a range of ports in the iptables syntax. So, when I get to that large, 10,000 wide range of ports, it dies. After much tinkering, I find that I can do:
for port in {10000..10597}; do iptables -t nat -A PREROUTING -i eth0 -p udp -d $EXTERNAL_IP \ --dport $port -j DNAT --to 192.168.0.5:${port} done
and it will work. If I do just 1 port more, iptables fails, and all the tables get magically flushed (which isn't a good idea by the by, but we'll get there later).
Idealy, I'd like to:
iptables -t nat -A PREROUTING -i eth0 -p udp -d $EXTERNAL_IP \
--dport 10000-20000 -j DNAT --to 192.168.0.5:10000-20000
I suggest applying the mport patch to netfilter. http://www.netfilter.org/patch-o-matic/pom-base.html#pom-base-mport
iptables -t nat -A PREROUTING -i eth0 -p udp -D $EXTERNAL_IP \ --dports 53,69,5060,10000:20000 -j DNAT --to 192.168.0.5
Thanks;
--Jason
==== Tomas Edwardsson HP-UX Certified System Administrator Red Hat Certified Engineer.
Attachment:
signature.asc
Description: OpenPGP digital signature
