sean darcy wrote:
On my outside box I trying to route sip ( port 5060 ) and iax ( 4659 )
packets to an internal asterisk server. I use DNAT, which works fine for
iax, but doesn't for SIP. I'm using identical DNAT statments.
The log shows the SIP packets coming in, but then going to the INPUT
chain. Nothing shows up on the FORWARD chain.
iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 168K packets, 17M bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- external * 0.0.0.0/0
0.0.0.0/0 udp dpt:4569 to:10.10.10.180:4569
0 0 DNAT udp -- external * 0.0.0.0/0
0.0.0.0/0 udp dpts:10000:10100 to:10.10.10.180
0 0 DNAT udp -- external * 0.0.0.0/0
0.0.0.0/0 udp dpt:5060 to:10.10.10.180:5060
Chain POSTROUTING (policy ACCEPT 3098 packets, 298K bytes)
pkts bytes target prot opt in out source destination
0 0 LOG udp -- * lan 0.0.0.0/0
0.0.0.0/0 udp dpt:5060 LOG flags 0 level 4 prefix `SIP-POST: '
5 268 SNAT all -- * external 0.0.0.0/0
0.0.0.0/0 to:xxx.yyy.zzz.ooo
I've found it very helpful to look at the rules as output by the command
"iptables-save". It's formatted nicely and in order of evaluation. If
there are errors they are easier to spot (at least for me).
my 2p
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
