[sipx-users] iptables experts: port forwarding.

Thu, 19 Aug 2010 20:14:26 -0700

It just occurred to me that sipx on centos has iptables. maybe not active, but its got it.
can I use iptables, internally, without involving natting to do selective port forwarding. 

example:
private ip address of 192.168.0.2  sipx.secnap.com.
public ip of ITSP: 4.2.2.2

I want to do something like this:


if traffic comes in from source ip 4.2.2.2  to 192.168.0.2:5060  
redirect it to 192.168.0.2:5080
(assuming that the original firewall did the natting. pretend here isn't 
one)


all other traffic to 192.168.0.2:5060 goes to 192.168.0.2:5080
all traffic to 192.168.0.2:5080 goes to 192.168.0.2:5080.


pretend I know lots about freebsd and ipfw and just tonight figures out 
how to type 'iptables --list'

eg: tutor me.

I am thinking that if this can be done, it might make life easier for 
people like me and mitchel who can't get the ITSP to send to port 5080.



before I take m live phone system offline, look here, several paragraphs 
down:

<http://www.linuxquestions.org/questions/linux-networking-3/iptables-port-forwarding-599401/>

they do something like this:

echo 1>  /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -s *route_only_for_this_ip* -d *router_ip* 
--dport 80 -j DNAT --to *destination_ip*:*destination_port*
iptables -t nat -A POSTROUTING -o eth0 -d *destination_ip* -j SNAT --to-source 
*router_ip*


so, echo 1 > /proc/sys/net/ipv4/ip_forward (might not be needed)
but

iptables -t nat -A PREROUTING -p tcp -s 4.2.2.2 -d localhost --dport 
5060 -j DNAT to localhost:5080


--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best in Email Security,2010: Network Products Guide
   * King of Spam Filters, SC Magazine 2008


______________________________________________________________________

This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/

______________________________________________________________________  
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/





















					Reply via email to