2009/9/21 Juan Cardoza <ing.jcardoza@xxxxxxxxx>: > Hello I am been looking in the internet but no one option have worked. > I want to connect my xlite softphone through the firewall that have an specific IP (xx.xx.xx.xx), the firewall is reached from the internet, I can connect to the firewall via tridia without any problem. > Assuming the softphone can route traffic to the pbx (or atleast to the firewall which can then reach the pbx) have a look at using the SNAT features to change the xx address to the firewall's address (assuming you need nat)- as SNAT does stateful tracking replies should get translated back to the correct address. As I rarely need to use SNAT I'll leave finding the correct options to you (my brain is suffering lack of coffee). If you don't need NAT then just add the appropriate rules (probably along the lines of the following assuming you have multiport matching) iptables -t FORWARD -s xx.xx.xx.xx -d yy.yy.yy.yy -m mport --dports <port list> -j ACCEPT iptables -t FORWARD -d xx.xx.xx.xx -s yy.yy.yy.yy -m mport --dports <port list> -j ACCEPT -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html