LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-28-2002, 02:14 AM   #1
mika9372
LQ Newbie
 
Registered: Mar 2002
Posts: 4

Rep: Reputation: 0
ipchains


Hello,

I setup a linux box (RH7.2) to do ip masquerading. Well, I created the file: /etc/sysconfig/ipchains using lokkit (with medium security option selected) and then added the following lines:
-A forward -i eth0 -s 192.168.0.2 -j MASQ
-A forward -i eth0 -s 192.168.0.3 -j MASQ
-M -S 7200 10 60

I have a machine on my private network which can access the internet through my linux box, however I am unable to use my VoIP (Voice over IP) telephone. Specifically, the VoIP phone is unable to register with the gatekeeper (this is some machine on the internet, and my phone needs to register with it before a call can be made). The phone works when I assign it a public IP address.
"ipchains -ML" gives me the following:

IP masquerading entries
prot expire source destination ports
TCP 01:58.20 192.168.0.3 gatekeeper.abcd.net 1064 (61017) -> 6812

Note that I assigned 192.168.0.3 to my VoIP phone.
Greatly appreciate if somebody could help.

Thanks.
Mika
 
Old 03-28-2002, 07:26 AM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,568

Rep: Reputation: 164Reputation: 164
I don't know if it is possible. Masqerading is a kind of "cheating" the Internet about your ip adress. So I guess it won't work with a special module for masqerade. And I haven't heard of any...
A solution I see is to make tunelling (using for example ftp, which is masqeraded).
 
Old 03-28-2002, 11:37 AM   #3
mika9372
LQ Newbie
 
Registered: Mar 2002
Posts: 4

Original Poster
Rep: Reputation: 0
Mara: Thanks. I will try to find information on tunnelling and see if it solves my problem. Thanks again.
 
Old 03-28-2002, 11:41 AM   #4
mika9372
LQ Newbie
 
Registered: Mar 2002
Posts: 4

Original Poster
Rep: Reputation: 0
Mara:

"I guess it won't work with a special module for masqerade. And I haven't heard of any..."
Can you please clarify how "special module for masqerade" is related to my VoIP phone?
 
Old 03-28-2002, 12:15 PM   #5
taz.devil
Senior Member
 
Registered: Nov 2001
Location: Wa. State
Distribution: Slackware
Posts: 1,261

Rep: Reputation: 45
Since RedHat 7.2 installs a 2.4.x kernel by default and ipchains is an older 2.2.x kernel filter app, you could look into iptables for more functionality, since it's the predecessor to ipchains and is for the 2.4.x kernel. You could build policy that isn't masqu. and has alot better options which should allow you to communicate better with your VoIP's server. Just a possibility to throw out there...
 
Old 03-28-2002, 03:20 PM   #6
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,568

Rep: Reputation: 164Reputation: 164
Quote:
Originally posted by mika9372



Can you please clarify how "special module for masqerade" is related to my VoIP phone? [/B]
VoIP should be delivered directly to the mechine. But when there is masqerade, it gets to the server. The packets should be recognized and send into the local network. The same the other direction. Standard modules for masqerade do this with only few ports. Not those used by VoIP. With the special module it will work, of course.
 
Old 03-29-2002, 01:03 PM   #7
mika9372
LQ Newbie
 
Registered: Mar 2002
Posts: 4

Original Poster
Rep: Reputation: 0
I set up iptables . Also, I configured iptables to forward all packets coming from the gatekeeper to my VoIP phone. My VoIP phone is now able to login to the gatekeeper. However, I am still unable to make calls.
Note that the gatekeeper and gateway are installed on one single machine (my friend's machine, so I have access to it). So, I think that the packets meant for the VoIP phone will be originating from only one IP address, and my linux box should be forwarding all these packets to the VoIP phone. Any suggestions? Thanks all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ipchains brokenflea Linux - Networking 1 02-03-2004 06:44 AM
ipchains i.d. Linux - Security 5 08-21-2002 03:12 PM
ipchains help ... please> paulw Linux - Security 3 11-16-2001 11:15 AM
IpChains again ETT Linux - Security 3 07-24-2001 08:49 AM
[ipchains] MrGreg Linux - General 4 07-15-2001 12:35 AM


All times are GMT -5. The time now is 05:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration