Indunil Jayasooriya wrote: > Hi All, > > I want to put a ASTERISK BOX bend a Firewall. So I have given below rules. > Sure. So long as it is NOT a natting firewall. > > iptables -A FORWARD -p udp -d 192.168.101.30 <http://192.168.101.30> -m > multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT > iptables -A FORWARD -p udp -d 192.168.101.30 <http://192.168.101.30> > --dport 10000:20000 -m state --state NEW -j ACCEPT > > iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 <http://1.2.3.4> > -m multiport --dports 3478,4569,5060 -j DNAT --to-destination > 192.168.101.30 <http://192.168.101.30> > iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 <http://1.2.3.4> > --dport 10000:20000 -j DNAT --to-destination 192.168.101.30 > <http://192.168.101.30> > > pls assume 1.2.3.4 <http://1.2.3.4> is the ip that connects to the > internet. Forget it. This will never work. > > > I use Xlite sotphone to talk. I can register. it says user ready. I can > dial extentions as well. But , WHEN I talk , Both parties can not hear > anyrhing. > > in rtp.conf file, PORT 10000 to 20000 are also available. asterisk <-> nat <-> nat <-> sip client = big pain in the neck. I have never managed to get this to work. Getting the below was trouble enough. Forget about trying to get an asterisk box behind a nat to work with clients outside. asterisk <-> nat <-> sip client.