I'm trying to figure out why my sip port forwarding doesn't work.
$IPT -t nat -A PREROUTING -i external -p udp --dport 5060 -j DNAT --to
10.10.10.180:5060
$IPT -A FORWARD -p udp -m state --state NEW -d 10.10.10.180 --dport 5060
-j ACCEPT
So before everything I put:
$IPT -t nat -A PREROUTING -i external -p udp --sport 5060 --dport 5060
-j LOG --log-prefix "SIP-BEFORE: "
(I also tried it without --sport.)
But in syslog I get packets both from "lan" my internal interface:
SIP-BEFORE: IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:15:99:25:e1:32:08:00
SRC=10.10.10.102 DST=239.255.255.250 LEN=364 TOS=0x00 PREC=0x00 TTL=1
ID=33785 PROTO=UDP SPT=1024 DPT=1900 LEN=344
SIP-BEFORE: IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:15:99:25:e1:32:08:00
SRC=10.10.10.102 DST=239.255.255.250 LEN=372 TOS=0x00 PREC=0x00 TTL=1
ID=33795 PROTO=UDP SPT=1024 DPT=1900 LEN=352
And, from the external interface, it logs all udp ports:
SIP-BEFORE: IN=external OUT=
MAC=00:48:54:8b:ab:29:00:1a:e2:84:bf:3b:08:00 SRC=xxx.yyy.113.22
DST=xxx.yyy.167.178 LEN=126 TOS=0x04 PREC=0x00 TTL=112 ID=56357
PROTO=UDP SPT=17214 DPT=32375 LEN=106
SIP-BEFORE: IN=external OUT=
MAC=00:48:54:8b:ab:29:00:1a:e2:84:bf:3b:08:00 SRC=xxx.yyy.113.22
DST=xx.yy.167.178 LEN=126 TOS=0x04 PREC=0x00 TTL=112 ID=56357 PROTO=UDP
SPT=17214 DPT=32375 LEN=106
So any suggestions on port forwarding sip appreciated. I'm disappointed
I can't figure this out myself using -j LOG (:
sean
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
