Are your servers behind NAT? If iptables is running on sipx, what does this mean for your startup script since sipx checks to see if iptables is running?
On Fri, Aug 20, 2010 at 5:24 AM, Sven Evensen <[email protected]>wrote: > We use iptables on several of our machines to overcome the fact that ITSP > cannot send on 5060, > > works perfectly. Here is our setup: > > > > # Firewall configuration written by system-config-securitylevel > > # Manual customization of this file is not recommended. > > *nat > > :OUTPUT ACCEPT [0:0] > > :PREROUTING ACCEPT [0:0] > > :POSTROUTING ACCEPT [0:0] > > -A PREROUTING -p udp --dport 5060 -s 217.37.32.162 -i eth+ -j DNAT --to > 10.227.122.31:5080 > > COMMIT > > > ------------------------------ > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Tony Graziano > *Sent:* 20 August 2010 08:18 > *To:* Michael Scheidell > *Cc:* [email protected] users > *Subject:* Re: [sipx-users] iptables experts: port forwarding. > > > > The startup scriptfor sipx checks to see if iptables is running, because it > is automatically "problematic" if it is... > > On Thu, Aug 19, 2010 at 11:14 PM, Michael Scheidell < > [email protected]> wrote: > > It just occurred to me that sipx on centos has iptables. maybe not active, > but its got it. > > can I use iptables, internally, without involving natting to do selective > port forwarding. > > example: > private ip address of 192.168.0.2 sipx.secnap.com. > public ip of ITSP: 4.2.2.2 > > I want to do something like this: > > if traffic comes in from source ip 4.2.2.2 to 192.168.0.2:5060 redirect > it to 192.168.0.2:5080 > (assuming that the original firewall did the natting. pretend here isn't > one) > > all other traffic to 192.168.0.2:5060 goes to 192.168.0.2:5080 > all traffic to 192.168.0.2:5080 goes to 192.168.0.2:5080. > > pretend I know lots about freebsd and ipfw and just tonight figures out how > to type 'iptables --list' > eg: tutor me. > I am thinking that if this can be done, it might make life easier for > people like me and mitchel who can't get the ITSP to send to port 5080. > > before I take m live phone system offline, look here, several paragraphs > down: > > <http://www.linuxquestions.org/questions/linux-networking-3/iptables-port-forwarding-599401/><http://www.linuxquestions.org/questions/linux-networking-3/iptables-port-forwarding-599401/> > > they do something like this: > > echo 1 > /proc/sys/net/ipv4/ip_forward > > iptables -t nat -A PREROUTING -p tcp -s *route_only_for_this_ip* -d > *router_ip* --dport 80 -j DNAT --to *destination_ip*:*destination_port* > > iptables -t nat -A POSTROUTING -o eth0 -d *destination_ip* -j SNAT > --to-source *router_ip* > > > so, echo 1 > /proc/sys/net/ipv4/ip_forward (might not be needed) > but > iptables -t nat -A PREROUTING -p tcp -s 4.2.2.2 -d localhost --dport 5060 > -j DNAT to localhost:5080 > > -- > Michael Scheidell, CTO > o: 561-999-5000 > d: 561-948-2259 > ISN: 1259*1300 > > *| *SECNAP Network Security Corporation > > - Certified SNORT Integrator > - 2008-9 Hot Company Award Winner, World Executive Alliance > - Five-Star Partner Program 2009, VARBusiness > - Best in Email Security,2010: Network Products Guide > - King of Spam Filters, SC Magazine 2008 > > > ------------------------------ > > This email has been scanned and certified safe by SpammerTrap®. > For Information please see http://www.secnap.com/products/spammertrap/ > ------------------------------ > > > > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: [email protected] > Fax: 434.984.8431 > > Email: [email protected] > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > Why do mathematicians always confuse Halloween and Christmas? > Because 31 Oct = 25 Dec. > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec.
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
