[CentOS] ASTERISK BOX behind a filewall
Ross S. W. Walker
rwalker at medallion.com
Wed Sep 12 13:32:46 UTC 2007
Feizhou wrote:
>
> Indunil Jayasooriya wrote:
> > Hi All,
> >
> > I want to put a ASTERISK BOX bend a Firewall. So I have
> given below rules.
> >
>
> Sure. So long as it is NOT a natting firewall.
>
> >
> > iptables -A FORWARD -p udp -d 192.168.101.30
> <http://192.168.101.30> -m
> > multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT
> > iptables -A FORWARD -p udp -d 192.168.101.30
> <http://192.168.101.30>
> > --dport 10000:20000 -m state --state NEW -j ACCEPT
> >
> > iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4
> <http://1.2.3.4>
> > -m multiport --dports 3478,4569,5060 -j DNAT --to-destination
> > 192.168.101.30 <http://192.168.101.30>
> > iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4
> <http://1.2.3.4>
> > --dport 10000:20000 -j DNAT --to-destination 192.168.101.30
> > <http://192.168.101.30>
> >
> > pls assume 1.2.3.4 <http://1.2.3.4> is the ip that connects to the
> > internet.
>
> Forget it. This will never work.
>
> >
> >
> > I use Xlite sotphone to talk. I can register. it says user
> ready. I can
> > dial extentions as well. But , WHEN I talk , Both parties
> can not hear
> > anyrhing.
> >
> > in rtp.conf file, PORT 10000 to 20000 are also available.
>
> asterisk <-> nat <-> nat <-> sip client = big pain in the neck.
>
> I have never managed to get this to work. Getting the below
> was trouble
> enough. Forget about trying to get an asterisk box behind a
> nat to work
> with clients outside.
>
> asterisk <-> nat <-> sip client.
Yes, you will need a specific SIP iptables filter for this to
work from behind a firewall.
I know of an H.323 filter, but haven't explored SIP as we aren't
running any SIP application here yet.
Another possibility would be a SIP proxy installed on the
firewall, but it is not as secure as a filter.
-Ross
______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.
More information about the CentOS
mailing list