Asterisk behind Linux iptables with masquerading and forward

blwegrzyn · 2005-10-03 16:04:49 UTC

Hi,

I have this setup

DSL ROUTER---->LINUX----->ASTERISK

LINUX acts as a router with this config:
ppp0 - internet interface (public)
eth1 - private interface: 192.168.1.254

asterisk interface 192.168.1.251

settings on LINUX:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p udp --dport 5060 -i ppp0 -j DNAT --to
192.168.1.251
iptables -t nat -A PREROUTING -p udp --dport 10000:20000 -i ppp0 -j DNAT
–to 192.168.1.251

My probles is that asterisk is not able to register anymore with my sip provider. Registration times out. Before I had this setup I had the same config, but instead of LINUX i used the Wr54G router with port forwarding on. It looks like that I misconfigured the iptables, but I dont know what I did wrong. Do I have to add extra translation settings. Thanks

Any ideas???

dufus · 2005-10-03 19:37:55 UTC

Click here for information about Firewall rules and IPtables setup with Asterisk.

voip-info.org/tiki-index.php … wall+rules

blwegrzyn · 2005-10-03 20:09:20 UTC

this does not help me becasue the asterisk is not on the same box as NAT

dufus · 2005-10-03 20:45:47 UTC

It sounds like your question is more about how to setup port forwarding in a linux router, rather than an Asterisk problem.

The link I posted does include IPtables entries that should make it work.

Perhaps this isn’t the correct forum for your question…

blwegrzyn · 2005-10-03 21:28:23 UTC

this question is related to asterisk. The way I set the port forwarding worked for me for all other ports except asterisk, thats why I am digging.

dufus · 2005-10-03 23:28:32 UTC

From the above link—

SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT

IAX2- the IAX protocol
iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT

IAX - most have switched to IAX v2, or ought to
iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT

RTP - the media stream
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp --dport 2727 -j ACCEPT

The above information is for the IPtables settings to allow Asterisk connections.

Modify them for port forwarding, and you should be all set.

blwegrzyn · 2005-10-04 14:23:14 UTC

I found out the problem.
The nat was working, but for some reason asterisk was not.
I recompiled and reconfigured and it is fine now.

Thanks anyway

blwegrzyn · 2005-10-04 14:26:04 UTC

I found out the problem.
The nat was working, but for some reason asterisk was not.
I recompiled and reconfigured and it is fine now.

Thanks anyway