Hello, With all the talk about Firefly, I decided to check it out, it seems to work under wine (IAX only for some reason) so I'm thinking about using it on the road. Now, my Asterisk box is behind a firewall, so I have set the firewall to forward UDP port 4569 to my Asterisk box put I'm having problems with this. I followed the instructions on the Asterisk Firewall Rules page but it seems to a slightly different setup I guess. Does anyone have an iptables setup that will accept and forward IAX2 traffic from an external box to a box on the private network? Thanks, Pete
An untested guess iptables -t nat -I PREROUTING -p udp -d EXTIP --dport 4569 -m state --state NEW -j DNAT --to-destination ASTIP iptables -t nat -I POSTROUTING -p udp -d ASTIP --dport 4569 -j MASQUERADE cheers, Adam Peter Osborne wrote:> Hello, > > With all the talk about Firefly, I decided to check it out, it seems to work > under wine (IAX only for some reason) so I'm thinking about using it on the > road. Now, my Asterisk box is behind a firewall, so I have set the firewall > to forward UDP port 4569 to my Asterisk box put I'm having problems with > this. I followed the instructions on the Asterisk Firewall Rules page but it > seems to a slightly different setup I guess. Does anyone have an iptables > setup that will accept and forward IAX2 traffic from an external box to a box > on the private network? > > Thanks, > Pete
On November 23, 2004 05:28 pm, Adam Hart wrote:> iptables -t nat -I PREROUTING -p udp -d EXTIP --dport 4569 -m state > --state NEW -j DNAT --to-destination ASTIP > > iptables -t nat -I POSTROUTING -p udp -d ASTIP --dport 4569 -j MASQUERADEAny reason why you need both these statements instead of just a single iptables -t nat -I PREROUTING -p udp -d EXTIP --dport 4569 -j DNAT --to-destination ASTIP ?? -A.
Andrew Kohlsmith wrote:> On November 23, 2004 05:28 pm, Adam Hart wrote: > >>iptables -t nat -I PREROUTING -p udp -d EXTIP --dport 4569 -m state >>--state NEW -j DNAT --to-destination ASTIP >> >>iptables -t nat -I POSTROUTING -p udp -d ASTIP --dport 4569 -j MASQUERADE > > > Any reason why you need both these statements instead of just a single > > iptables -t nat -I PREROUTING -p udp -d EXTIP --dport 4569 -j DNAT > --to-destination ASTIP >oops, no need - I was thinking one interface, so the packets would come back through it.