Indunil Jayasooriya wrote: > Hi, > > I am running a ASTERISK BOX behind a firewall. It is at DMZ . > > Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. > How can I do it? > > Pls assume that ip address that connects to Internet on firewall is > 1.2.3.4and is attached to eth0. > And ASTERISK BOX is 192.168.101.23 > > Then, What is the rule (PREROUTING) for it? What is the port to DNAT? > > I think udp 5060. So I have added below 2 rules . But it does not work at > all. > > iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 --dport 5060 -j > DNAT > --to-destination 192.168.101.23:5060 > iptables -A FORWARD -p udp -d 192.168.101.23 --dport 5060 -j ACCEPT > > Can you help me to solve this issue? With all the problems you're having with iptables, I really think you should skip round the issue and install shorewall. The docs on the website outline how to set up several more-or-less standard scenarious, and most users will find theirs similar to one of those. -- Cheers John -- spambait 1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu Please do not reply off-list