I have Asterisk server(1.0.9) behind Iptables firewall. I configured Iptables and sip.conf as below. Andrea(2000) is the outsider phone, on Internet with public IP Luca(2001) is the insider phone, on local network with private IP as well Asterisk server. I noted the ports in play are 5060, 8000, 8001 and 10000:20000,so to test I put the large rule $IPTABLES -A FORWARD -p udp --dport 8000:20000 -j ACCEPT Andrea or Luca receive the rings,but not the voice. Can you help me thank Andrea --------------------------------------- IPTABLES #!/bin/sh IPTABLES=/sbin/iptables # Internal network # LOC_IFACE=eth0 LOC_ADDR=10.100.0.0/24 LOC_IF=10.100.0.1 # External network # EST_IFACE=eth1 EST_ADDR=250.xxx.yyy.24/255.255.255.252 EST_IF=250.xxx.yyy.26 # Asterisk IP and port # PORAST=5060 ASTERISK=10.100.0.225 # deny everything for now # $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT DROP # SIP on UDP port 5060 # $IPTABLES -A FORWARD -i $EST_IFACE -p udp -d $ASTERISK --dport $PORAST -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -o $EST_IFACE -p udp -s $ASTERISK --sport $PORAST -m state --state ESTABLISHED -j ACCEPT # Other port for phone comunication # $IPTABLES -A FORWARD -p udp --dport 8000:20000 -j ACCEPT # Allow from internal to external # $IPTABLES -A FORWARD -o $EST_IFACE -s $LOC_ADDR -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -i $EST_IFACE -d $LOC_ADDR -m state --state ESTABLISHED -j ACCEPT $IPTABLES -t nat -A POSTROUTING -o $EST_IFACE -j SNAT --to $EST_IF # Asterisk on Internet # $IPTABLES -t nat -A PREROUTING -p udp -d $EST_IF --dport $PORAST -j DNAT --to $ASTERISK:$PORAST --------------------------------------- SIP.CONF [general] port = 5060 bindaddr = 0.0.0.0 allow = all context = bogon-calls [2000] type = friend username = 2000 callerid = Andrea Bencini <2000> secret = 9overthruster7 host = dynamic nat = yes context = from-sip mailbox = 100 [2001] type = friend username = 2001 callerid = Luca Bencini <2001> secret = 11bbanzai9 host = dynamic nat = yes context = from-sip mailbox = 101