[CentOS] PREROUTING - DNAT with iptables for an ASTERISK BOX
John Summerfield
debian at herakles.homelinux.org
Wed Mar 7 13:47:55 UTC 2007
Indunil Jayasooriya wrote:
> Hi,
>
> I am running a ASTERISK BOX behind a firewall. It is at DMZ .
>
> Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT.
> How can I do it?
>
> Pls assume that ip address that connects to Internet on firewall is
> 1.2.3.4and is attached to eth0.
> And ASTERISK BOX is 192.168.101.23
>
> Then, What is the rule (PREROUTING) for it? What is the port to DNAT?
>
> I think udp 5060. So I have added below 2 rules . But it does not work at
> all.
>
> iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 --dport 5060 -j
> DNAT
> --to-destination 192.168.101.23:5060
> iptables -A FORWARD -p udp -d 192.168.101.23 --dport 5060 -j ACCEPT
>
> Can you help me to solve this issue?
With all the problems you're having with iptables, I really think you
should skip round the issue and install shorewall.
The docs on the website outline how to set up several more-or-less
standard scenarious, and most users will find theirs similar to one of
those.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
Please do not reply off-list
More information about the CentOS
mailing list