resend this mail, since it seems to have missed the list
Indunil Jayasooriya wrote:
Hi,
I am running a ASTERISK BOX behind a firewall. It is at DMZ .
Now I want to connect to my ASTERISK BOX from Internet. So I want to
DNAT. How can I do it?
Pls assume that ip address that connects to Internet on firewall is 1.2.3.4 and is attached to eth0.
And ASTERISK BOX is 192.168.101.23
Then, What is the rule (PREROUTING) for it? What is the port to DNAT?
I think udp 5060. So I have added below 2 rules . But it does not work
at all.
iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 --dport 5060 -j DNAT
--to-destination
192.168.101.23:5060
iptables -A FORWARD -p udp -d 192.168.101.23
--dport 5060 -j ACCEPT
Can you help me to solve this issue?
You can fill in the variables yourself:
iptables -A FORWARD -i $EXTIF -o $INTIF -m multiport -p udp --dport
3478,4569,5060,10000:20000 -s $UNIVERSE -j ACCEPT
iptables -t nat -A PREROUTING -i $EXTIF -m multiport -p udp --dport
3478,4569,5060,10000:20000 -j DNAT --to-destination 192.168.101.23
SIP protocol (port 5060)
AIX protocol (port 4569)
STUN (port 3478) (not strictly needed)
Port 10000:20000 are needed for the RTP traffic, configure it in
rtp.conf
You also need to setup this in sip.conf:
externip = 1.2.3.4
localnet=192.168.101.0/24
Theo