[CentOS] PREROUTING - DNAT with iptables for an ASTERISK BOX
feizhou at graffiti.net
Thu Mar 8 00:39:21 UTC 2007
Indunil Jayasooriya wrote:
> I am running a ASTERISK BOX behind a firewall. It is at DMZ .
> Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT.
> How can I do it?
sip proxy behind nat = major pain in the neck.
Trust me, it will not work. At best, it will work half the time.
> Pls assume that ip address that connects to Internet on firewall is
> 184.108.40.206and is attached to eth0.
> And ASTERISK BOX is 192.168.101.23
> Then, What is the rule (PREROUTING) for it? What is the port to DNAT?
> I think udp 5060. So I have added below 2 rules . But it does not work at
> iptables -t nat -A PREROUTING -p udp -i eth0 -d 220.127.116.11 --dport 5060 -j
> --to-destination 192.168.101.23:5060
> iptables -A FORWARD -p udp -d 192.168.101.23 --dport 5060 -j ACCEPT
> Can you help me to solve this issue?
Yes. Give the asterisk box a proper ip. No natting. Natting on the
client side is bad enough, you do not want to add sip proxy behind nat.
More information about the CentOS