similar to: iptables on C5

I have a host 192.168.1.3 that wants to run SIP on 5068 (long story). My host is 192.168.10.201. My host needs to stay on 5060 because of all the other devices I have connected. I tried putting port=5068 in my SIP extension definition but that did not work. So I thought about using iptables to accomplish this: iptables -t nat -A PREROUTING -p tcp --dport 5068 -j REDIRECT

I have SIP (asterisk 11.23.0) running on port 5060 just fine. udp. I have another SIP trunk thats wants to run on port 5068 (long story). I have enabled tcpenable=yes in sip.conf and defined port=5068 in my trunk definition. It does not seem that anything is listening on 5068? How can I run SIP tcp on port 5068? telnet localhost 5068 Trying 127.0.0.1... telnet: connect to address 127.0.0.1:

Hi, I have a problem with asterisks on Linux. Looks like it is a iptables problem. My external client (eyebeam, on a different computer) cannot register to the asterisk server, but the asterisk server itself *looks* working. If I dial one of the incoming phone numbers for the server, I can see the call arriving in Asterisk (using asterisk -r). I tried nmap on my server, and this is the result:

I know that I have asked this before of the list. However we just changed ISP and ip's and I'm having this issue again. I have a linux firewall using iptables with the following config eth0 = WAN 1 eth1 = LAN 1 eth2 = WAN 2 I'm trying to forward all traffic that makes a request from eth2 to an internal IP on eth1. These are the folloing rules that I have set up. iptables -t nat -A

I am playing with tcpenable... on 13.11.2 so in sip.conf I have tcpenable=yes tcpbindaddr=192.168.1.8:5070 but when I "telnet localhost 5070" I get no connect. iptables -L -n -v | grep 5070 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5070 firewall is good. Is my syntax not correct above to run on port 5070 for SIP over TCP?

Hi, I am running a ASTERISK BOX behind a firewall. It is at DMZ . Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it? Pls assume that ip address that connects to Internet on firewall is 1.2.3.4and is attached to eth0. And ASTERISK BOX is 192.168.101.23 Then, What is the rule (PREROUTING) for it? What is the port to DNAT? I think udp 5060. So I have

Hi; I sucesyfully ran AD on samba4 software. All required by me functions works properly but when I turn on firewall my enviroment is getting very slow - logon process is 3 times longer then on system with disabled firewall service. Below I pasted my firewall configuration - I based on samba tutorial and aexples and official microsoft web page with needed ports: Have you similar problems after

Hi, I'm experiencing the most perplexing problem with iptables on CentOS 5.2. I'm hoping someone can point out what I must be missing here. I have memcached set up on several nodes on an internal network. I have the following rules set up to allow traffic between memcached nodes: IPTABLES -A INPUT -i bond0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.0/24 --dport 11211 -j ACCEPT

Hi, system info: ubuntu 7.04 (Host OS) samba 3.0.24 (installed with apt-get) vmware-server 6.0.1 windows XP (Guest OS) I was using the iptables script provided by iptablesrocks.org. It's been quite useful, but I ran into a problem when I tried to connect samba. Without any iptables rules, I have no problem when connecting host os(ubuntu samba server) from guest os Windows XP. I referenced

Hi, I have an existing iptables as follows:- # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p

Hello, I do appologize if this is something that was already discussed somewhere else... but for now I was not able to find the appropriate How-To. Would anybody know what the IPTABLES entries are to have working Samba4 Domain Controller? I tried the following: -A INPUT -p tcp -m state --state NEW -m tcp --dport 88 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 749 -j ACCEPT -A

Hi, We recently installed CentOS 6.2 on our cluster. During the installation/debugging of various secondary software, we had disabled iptables. When we re-enabled them, we found that the front-end would no longer X11 forward (although it does so when the iptables are off). What do we need to set in the iptables to permit X11 forwarding? Currently we're using iptables -P INPUT DROP

Hi everyone, I had posted recently about getting Samba4 to work on CentOS 6.4 but having changes only replicating in one direction, from the Win2k3 AD but not back to it. I solved the problem, this time, by disabling iptables. I find it a bit hard to understand. These are the rules I have set up: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [52:5888] -A INPUT -m state

Hello, up to CentOS 5.3 it was possible, to control new ip connections by "recent", "seconds" and "hitcount" -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: " -A INPUT -p tcp -m tcp --dport 80 -m state

I have a server whit 2 interfaces of network, where eth0 is the interfaces connetc to internet and eth1 to the internal network. This server hace a Squid only, but i setting the iptables for protection to the server. Iptables run from script and in this script i setting the redirection for the other server in my internal network to port 80 and 443. I follow the diferent how to and many manual, but

Hi.... Help me please!!! I am using Linux Redhat as router of the my network. I am to making NAT and firewall. In my iptables script, I need make 3 MARKs for the same packet, as following # It marks the packets that will go for link ADSL (I have 2 links - adsl 2Mb and ''dedicate link'' 256Mb ) # I am using ''ip rule / ip route'' to make this iptables

I've got a server with several ip's on eth0. I want to block all traffic *except* to port 80 on them, but not on any other IPs, so that eth0 is www.xxx.yyy.zzz eth0:1 is www.xxx.yyy.ggg eth0:2 is www.xxx.yyy.hhh I've tried -A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.ggg --dport ! 80 -j DROP -A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.hhh --dport ! 80 -j DROP and restarted (and

I added these rules to IPTABLES to slow brute force attacks. iptables -A INPUT -p tcp --dport 22 -s my_subnet/24 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 --rttl --name SSH -j DROP I would like log entries when connections are dropped to see

Hi community, i have a samba server that work's great, but my friends of IT security said that is vulnerable without a firewall,  i try to set an iptables firewall using the official documentation but is not working (obviously), this ti my config: #!/bin/sh echo n Aplicando Reglas de Firewall... ## FLUSH de reglas iptables -F iptables -X iptables -Z iptables -t nat -F ## Establecemos

Hi - I have a ftp server running version 2.0.7 of vsftpd on a CentSO 5.2 server using iptables behind a Linksys router. The setup works for UNIX machines on either side of the Linksys router. For the Windows machines it only works if they're behind the Linksys router - ftp does NOT work if they're outside the Linksys router. I'd like to solve two problems: (1) make ftp work