Indunil Jayasooriya wrote:
I am running a ASTERISK BOX behind a firewall. It is at DMZ .
Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it?
sip proxy behind nat = major pain in the neck.
Trust me, it will not work. At best, it will work half the time.
Pls assume that ip address that connects to Internet on firewall is is attached to eth0. And ASTERISK BOX is
Then, What is the rule (PREROUTING) for it? What is the port to DNAT?
I think udp 5060. So I have added below 2 rules . But it does not work at all.
iptables -t nat -A PREROUTING -p udp -i eth0 -d --dport 5060 -j DNAT --to-destination iptables -A FORWARD -p udp -d --dport 5060 -j ACCEPT
Can you help me to solve this issue?
Yes. Give the asterisk box a proper ip. No natting. Natting on the client side is bad enough, you do not want to add sip proxy behind nat.