ok, so this is my situation
I am using slackware 12.0 w/ asterisk 1.4.10.1 so this is my rc.firewall script:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
iptables -t mangle -N common
iptables -t mangle -N asterisk
iptables -t mangle -A common -p tcp --dport 80 -j MARK --set-mark 2
iptables -t mangle -A common -p tcp --dport 8080 -j MARK --set-mark 2
iptables -t mangle -A common -p tcp --dport 443 -j MARK --set-mark 2
iptables -t mangle -A common -p tcp --dport 110 -j MARK --set-mark 2
iptables -t mangle -A common -p tcp --dport 119 -j MARK --set-mark 2
iptables -t mangle -A common -p tcp --dport 25 -j MARK --set-mark 2
iptables -t mangle -A common -p udp --dport 53 -j MARK --set-mark 2
iptables -t mangle -A common -p udp --dport 68 -j MARK --set-mark 2
iptables -t mangle -A asterisk -p udp --sport 5060 -j MARK --set-mark 1
iptables -t mangle -A asterisk -p udp --dport 5060 -j MARK --set-mark 1
iptables -t mangle -A asterisk -p tcp --dport 5036 -j MARK --set-mark 1
iptables -t mangle -A asterisk -p udp --dport 5036 -j MARK --set-mark 1
iptables -t mangle -A asterisk -p udp --dport 4569 -j MARK --set-mark 1
iptables -t mangle -A asterisk -p udp --sport 10000:20000 -j MARK --set-mark 1
iptables -t mangle -A FORWARD -i eth0 -o eth1 -j MARK --set-mark 3
iptables -t mangle -A FORWARD -i eth0 -o eth1 -j common
iptables -t mangle -A FORWARD -i eth0 -o eth1 -j asterisk
iptables -t mangle -A FORWARD -i eth0 -o eth1 -p icmp -j MARK --set-mark 1
this should be creating some qos for my SIP and other stuff for asterisk.
My phones are on private nat lan behind this box:
eth0 public
eth1 private
I have another asterisk box at work and need 2 of my cisco 7960g phones to be able to connect there... I can connect, but calls from the office box do not make it to my home phones behind my home asterisk box. I'm hoping that changing some ports my fix the issue with the remote box, but not sure how to do that. For example, if I was to change sip from 5060 to 5061 and rtp from 10000-20000 to 25000-35000 how could I fwd those ports to more than one location on private network ie.{(10.77.76.41 and 10.77.76.42)or even to a range of ips}?? in iptables is there seems to be no pnp, am I even going about this right?? any advise would be greatly appreciated....
Kind Regards
. 
