Forward all ports except port 80 to another server
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: CentOS, Linux Mint Debian and Linux Mint 12 KDE
Posts: 5
Rep:
Forward all ports except port 80 to another server
Hi,
This is what I would like to do:
I have a domain name: abc.com
I also have a cloud server whose IP: 111.222.333.444
In zoneedit, I created an A record:
sip.abc.com to go to my cloudserver 111.222.333.444
This is fine so far. if I type sip.abc.com I can see my apache webpage. I can also access my webmin if I type sip.abc.com:10000
This means that all ports are forwarded to my new cloudserver.
Now, I have a voip service provider at 222.333.444.555
who I want to hide from my friends and a few clients I have. What I want to do is the following:
sip.abc.com will go to my cloudserver who will then unconditionally forward all requests to my voip provider except port 80.
That way if someone types sip.abc.com in their web browser they see my apache webpage on my cloudserver but not my voip provider's webpage.
How can I do this?
Only thing a google search is returning web proxy related stuff - did some study but transparent proxy is probably not the right tool for this. Any help or direction from expert DNS/Network experts here would greatly be appreciated. If someone wants a reasonable small fee, I can pay too, in that case please pm me.
ALL ports? I really don't think you actually want to do that. It seems like you should be using different hostnames here. Why are you trying to hide the provider so much?
Distribution: CentOS, Linux Mint Debian and Linux Mint 12 KDE
Posts: 5
Original Poster
Rep:
Maybe not all ports but ports 5000 to 6000 are used for IAX and SIP protocols and then for media RTP 10000 to 40000 are used. Different providers use different range for RTP but for SIP its port 5060 - 5080. So I want to pass everything or at least these ranges through my server but drop port 80.
Why I want to hide it?
I configured a bunch of my friend and family's computer and IP phones with services from voipbuster,voipcheap, etc. alike. Some of their friends are now asking for the voip long distance services. I am told by my friends that I can margin it up by $5 to $10 per month and make a few pennies. Nothing wrong with that, right? Anyway, if I just give them the providers server address to configure their sip phones, some of them will find out who they are and go directly. That is why I want to hide.
Let me know if you have know how to pass through everything through a server but just drop port 80. I can use the linux firewall to drop 80 but how do I then redirect?
well you really MUST be selective. That can be a selection of a thousand I suppose, but still do it.
There is probably an issue of understanding the SIP / RTP traffic flows. Unless you are jumping out to PSTN or similar, your RTP traffic will flow between the two end points, not via your server, only the SIP data will flow to that. I don't know if natting traffic will cause a logical breakdown in what's going on with that, as original source addresses are often important to establishing the flow. You may prefer to look at a proper sip proxy - http://www.nongnu.org/partysip/partysip.html
Distribution: CentOS, Linux Mint Debian and Linux Mint 12 KDE
Posts: 5
Original Poster
Rep:
Thanks Chris, I will look into the SIP Proxy servers. Do you think Sip Express Routers / Session Border Controllers will be a better option? Any knowledge on these as whether they will allow what I am trying to achieve which is to just pass through sip ports and block port 80?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.