[CentOS] Firewall frustration
Robert Moskowitz
rgm at htt-consult.com
Sun Jan 6 00:41:01 UTC 2008
Christopher Chan wrote:
>> Now I have to hop over to the Asterisk list to figure why with one
>> firewall the INVITE properly redirects the RTP to the RTP server, and
>> the with the other firewall this is not in the INVITE so the RTP flow
>> does not..... ARGH!!!!!
>>
>
> I hope you are not trying to get around a double nat situation. client
> -> nat <-> nat <- asterisk.
>
> I never managed to get things to work in that scenario. I have a vpn
> setup to get things to work.
No. That in part of my frustration. I have 64 publicly routed addresses.
My open net is 8 addresses, for 6 systems. DSL router and so far 2
firewalls standard (occational honeypot).
I assigned 8 addresses for my VoIPnet. All Trixboxes on VoIPnet have 2
NICs. Their second NIC is to an 192.168 addressed net with the various
VoIP clients.
So I have a WRT54g running sveasoft with NAT turned off. But even with
NAT turned off, the box is basically brain-dead. It would only allow
the ONE server defined as the DMZ server to be accessed even when the
firewall is disabled! And I have 2 Trixboxes (part of my testing. Have
to learn DUNDI too).
So I now have a REAL firewall; well Centos wiht Shorewall. And it
seemed to be working, but the SIP/SDP INVITE when I have the sveasoft
box has a redirect from the SIP server to the actual RTP server. But
with Shorewall, that information is NOT in the INVITE so the SIP server
responds with an ICMP of no such port. And so far I have not figured
this out...
More information about the CentOS
mailing list