Feizhou wrote: > > Indunil Jayasooriya wrote: > > Hi All, > > > > I want to put a ASTERISK BOX bend a Firewall. So I have > given below rules. > > > > Sure. So long as it is NOT a natting firewall. > > > > > iptables -A FORWARD -p udp -d 192.168.101.30 > <http://192.168.101.30> -m > > multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT > > iptables -A FORWARD -p udp -d 192.168.101.30 > <http://192.168.101.30> > > --dport 10000:20000 -m state --state NEW -j ACCEPT > > > > iptables -t nat -A PREROUTING -p udp -i eth0 -d 126.96.36.199 > <http://188.8.131.52> > > -m multiport --dports 3478,4569,5060 -j DNAT --to-destination > > 192.168.101.30 <http://192.168.101.30> > > iptables -t nat -A PREROUTING -p udp -i eth0 -d 184.108.40.206 > <http://220.127.116.11> > > --dport 10000:20000 -j DNAT --to-destination 192.168.101.30 > > <http://192.168.101.30> > > > > pls assume 18.104.22.168 <http://22.214.171.124> is the ip that connects to the > > internet. > > Forget it. This will never work. > > > > > > > I use Xlite sotphone to talk. I can register. it says user > ready. I can > > dial extentions as well. But , WHEN I talk , Both parties > can not hear > > anyrhing. > > > > in rtp.conf file, PORT 10000 to 20000 are also available. > > asterisk <-> nat <-> nat <-> sip client = big pain in the neck. > > I have never managed to get this to work. Getting the below > was trouble > enough. Forget about trying to get an asterisk box behind a > nat to work > with clients outside. > > asterisk <-> nat <-> sip client. Yes, you will need a specific SIP iptables filter for this to work from behind a firewall. I know of an H.323 filter, but haven't explored SIP as we aren't running any SIP application here yet. Another possibility would be a SIP proxy installed on the firewall, but it is not as secure as a filter. -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.