[CentOS] ASTERISK BOX behind a filewall
Feizhou
feizhou at graffiti.net
Wed Sep 12 08:44:36 UTC 2007
Indunil Jayasooriya wrote:
> Hi All,
>
> I want to put a ASTERISK BOX bend a Firewall. So I have given below rules.
>
Sure. So long as it is NOT a natting firewall.
>
> iptables -A FORWARD -p udp -d 192.168.101.30 <http://192.168.101.30> -m
> multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT
> iptables -A FORWARD -p udp -d 192.168.101.30 <http://192.168.101.30>
> --dport 10000:20000 -m state --state NEW -j ACCEPT
>
> iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 <http://1.2.3.4>
> -m multiport --dports 3478,4569,5060 -j DNAT --to-destination
> 192.168.101.30 <http://192.168.101.30>
> iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 <http://1.2.3.4>
> --dport 10000:20000 -j DNAT --to-destination 192.168.101.30
> <http://192.168.101.30>
>
> pls assume 1.2.3.4 <http://1.2.3.4> is the ip that connects to the
> internet.
Forget it. This will never work.
>
>
> I use Xlite sotphone to talk. I can register. it says user ready. I can
> dial extentions as well. But , WHEN I talk , Both parties can not hear
> anyrhing.
>
> in rtp.conf file, PORT 10000 to 20000 are also available.
asterisk <-> nat <-> nat <-> sip client = big pain in the neck.
I have never managed to get this to work. Getting the below was trouble
enough. Forget about trying to get an asterisk box behind a nat to work
with clients outside.
asterisk <-> nat <-> sip client.
More information about the CentOS
mailing list