Feizhou wrote:
Indunil Jayasooriya wrote:
Hi All,
I want to put a ASTERISK BOX bend a Firewall. So I have
given below rules.
Sure. So long as it is NOT a natting firewall.
iptables -A FORWARD -p udp -d 192.168.101.30
multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT iptables -A FORWARD -p udp -d 192.168.101.30
--dport 10000:20000 -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4
-m multiport --dports 3478,4569,5060 -j DNAT --to-destination 192.168.101.30 http://192.168.101.30 iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4
--dport 10000:20000 -j DNAT --to-destination 192.168.101.30 http://192.168.101.30
pls assume 1.2.3.4 http://1.2.3.4 is the ip that connects to the internet.
Forget it. This will never work.
I use Xlite sotphone to talk. I can register. it says user
ready. I can
dial extentions as well. But , WHEN I talk , Both parties
can not hear
anyrhing.
in rtp.conf file, PORT 10000 to 20000 are also available.
asterisk <-> nat <-> nat <-> sip client = big pain in the neck.
I have never managed to get this to work. Getting the below was trouble enough. Forget about trying to get an asterisk box behind a nat to work with clients outside.
asterisk <-> nat <-> sip client.
Yes, you will need a specific SIP iptables filter for this to work from behind a firewall.
I know of an H.323 filter, but haven't explored SIP as we aren't running any SIP application here yet.
Another possibility would be a SIP proxy installed on the firewall, but it is not as secure as a filter.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.