mitchel
2004-Apr-30 18:20 UTC
[Asterisk-Users] T100P & Integrated (D&V) T1 -> Public IP Range
Hello, I have a T100P card on a Red Hat 8 machine with Asterisk installed on it and I'm trying to get the data routing properly through it. I purchased an Integrated Data/Voice T1 Line with channels 1-6 voice and 13-24 data. The line is plugged directly into the Asterisk machine's T100P card. Previous to the asterisk set up we had an Adtran router that connected everything to what the telco called a "66 block" which worked seemlessly with our analog telephone system. On the adtran router there was a network jack which I just connected directly to our hubs then pointed all of our computers at it's ip address 193.169.0.1 effectively routing our data properly and allowing internet access. Thanks to a lot of help (thank you Shido/Twisted) we now have the machine running with the T1 line plugged directly into it. The data/internet is all running properly and the driver that pulls the data out of the T1 channels (hdlc) is loaded properly and running. It looks just like an ethernet card to the Operating System. The IP addresses assigned by my telco/isp to use for the serial (ppp) interface is 67.153.163.202 with a gateway of 67.153.163.201 and a netmask of 255.255.255.252. Thanks to Shido I have a nice firewall script which routes all the network traffic behind the asterisk server out the data channels and to the internet. If I go to www.network-tools.com it shows my ip address as 67.153.163.202. Going back in time to when I was using the Adtran router I was provided by my isp with the public ip address range of 67.153.163.210-67.153.163.214 with a gateway of 67.153.163.209 and a netmask of 255.255.255.248. With these settings I was supposedly able to use public "real" ip addresss on my own servers so that I could host miscellaneous things on it (mail, http, dns, etc). What I would like to do is map all or at least one of those ip addresses to an internal server. After doing a lot of reasearch and asking many questions I found out that to do what I need means that in theory no server anywhere will be assigned the ipaddress of 67.153.163.210 but only a simple routing rule will do the trick which is what I was trying to do with the following iptables rules. iptables -t nat -A PREROUTING -p tcp --dst 67.153.163.210 -j DNAT --to-destination 193.169.0.210 iptables -A FORWARD -d 193.169.0.210 -j ACCEPT Other information about my server - Firewall script & ifconfig Output: www.titaniumsoft.net/hdlc.txt Thank you in advance, Mitchel --------------------------------- Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20040430/3a1e74aa/attachment.htm
Jeb Campbell
2004-May-01 09:53 UTC
[Asterisk-Users] T100P & Integrated (D&V) T1 -> Public IP Range
On Apr 30, 2004, at 9:20 PM, mitchel wrote:> The IP addresses assigned by my telco/isp to use for the serial (ppp) > interface is 67.153.163.202 with a gateway of 67.153.163.201 and a > netmask of 255.255.255.252. Thanks to Shido I have a nice firewall > script which routes all the network traffic behind the asterisk server > out the data channels and to the internet. If I go to > www.network-tools.com it shows my ip address as 67.153.163.202. > > Going back in time to when I was using the Adtran router I was > provided by my isp with the public ip address range of > 67.153.163.210-67.153.163.214 with a gateway of 67.153.163.209 and a > netmask of 255.255.255.248. With these settings I was supposedly able > to use public "real" ip addresss on my own servers so that I could > host miscellaneous things on it (mail, http, dns, etc). > > What I would like to do is map all or at least one of those ip > addresses to an internal server. After doing a lot of reasearch and > asking many questions I found out that to do what I need means that in > theory no server anywhere will be assigned the ipaddress of > 67.153.163.210 but only a simple routing rule will do the trick which > is what I was trying to do with the following iptables rules. > > iptables -t nat -A PREROUTING -p tcp --dst 67.153.163.210 -j DNAT > --to-destination 193.169.0.210 > iptables -A FORWARD -d 193.169.0.210 -j ACCEPTWell the problem is that you don't have those addresses anymore. Here is your network (from ipcalc -- binary omitted): Address: 67.153.163.202 Netmask: 255.255.255.252 = 30 Wildcard: 0.0.0.3 => Network: 67.153.163.200/30 Broadcast: 67.153.163.203 HostMin: 67.153.163.201 HostMax: 67.153.163.202 Hosts/Net: 2 As you can see 200 and 203 cannot have hosts on them, so you have 201 and 202. But you are 202 and your isp is 201! In short, if you want more hosts get your isp to give you more addresses. Jeb Campbell jebc@c4solutions.net