Gabriel Ortiz Lour
2017-Jan-27 18:58 UTC
[asterisk-users] semi-OFF-TOPIC - SIP iptables and NAT - same source, different destination
Hi all, anyone with iptables master power pack knowledge :) ? Having some problem with NAT! I have a server that is the LAN gateway (A) with the public IP, and two asterisk boxes behind it. I've configured port forward so port 5070 goes to *1 and 5080 goes to *2. Working fine. The problem is when some machine outside tries to talk with both asterisks. As soon as the 1st package gets routed to *1 the subsequent packets will all also get routed to *1, no matter that the destination port is now 5080. Seams like some "nat cache", where it will decide to forward all packets to *1 that come from origin "IP:PORT" X (since it was the first one contacted) anyone with iptables master power pack knowledge :) ? Att. Gabriel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170127/488241e5/attachment.html>
Sebastian Nielsen
2017-Jan-27 19:03 UTC
[asterisk-users] semi-OFF-TOPIC - SIP iptables and NAT - same source, different destination
Yes its called the state table. This because connection IP:PORT has a relationship with inside IP 192.168.x.x port X. I guess you have configured the redirect port to be same on both? Eg 5070 goes to *1:5060 and 5080 goes to *2:5060 What you need to do, is to have different inside ports as well, and also configure the asterisk boxes to listen on a different SIP port. Fr?n: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] F?r Gabriel Ortiz Lour Skickat: den 27 januari 2017 19:59 Till: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users at lists.digium.com> ?mne: [asterisk-users] semi-OFF-TOPIC - SIP iptables and NAT - same source, different destination Hi all, anyone with iptables master power pack knowledge :) ? Having some problem with NAT! I have a server that is the LAN gateway (A) with the public IP, and two asterisk boxes behind it. I've configured port forward so port 5070 goes to *1 and 5080 goes to *2. Working fine. The problem is when some machine outside tries to talk with both asterisks. As soon as the 1st package gets routed to *1 the subsequent packets will all also get routed to *1, no matter that the destination port is now 5080. Seams like some "nat cache", where it will decide to forward all packets to *1 that come from origin "IP:PORT" X (since it was the first one contacted) anyone with iptables master power pack knowledge :) ? Att. Gabriel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170127/7cff4ca3/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6298 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170127/7cff4ca3/attachment.bin>