Matir, the man, I am using lingo (voip provider) on a mediatrix 2102 VOIP modem using SIP. I have also compiled SIP support in my kernel(from netfilter.com) It works but I can t recieve incomming calls! here are my rules:
#IP's for DMZ to VOIP
DMZ_NETWORK="192.168.2.0"
DMZ_IFACE="eth1"
DMZ_IP="192.168.2.1"
DMZ_VOIP_PHONE="192.168.2.120"
##Public services running ON FIREWALL-BOX (comment out to activate):
#- From DMZ Interface to DMZ firewall IP
$IPTABLES -A INPUT -i $DMZ_IFACE -d $DMZ_IP -p ALL -j ACCEPT
#$IPTABLES -A INPUT -i $DMZ_IFACE -d $DMZ_IP -p udp --dport 13456 -j #ACCEPT
#$IPTABLES -A INPUT -i $DMZ_IFACE -d $DMZ_IP -p udp --dport #10000:20000 -j ACCEPT
### Forward Section ########
#$IPTABLES -A FORWARD -o $EXTIF -p udp --dport 1024:1030 -j ACCEPT
#$IPTABLES -A FORWARD -o $EXTIF -p udp --dport 5050:5060 -j ACCEPT
#$IPTABLES -A FORWARD -o $EXTIF -p udp --dport 10000:20000 -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $DMZ_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $DMZ_IFACE -j ACCEPT
$IPTABLES -A FORWARD -i $DMZ_IFACE -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
#DMZ_VOIP_PHONE -Forwarding
$IPTABLES -I FORWARD -i $EXTIF -p udp -o DMZ_IFACE -d $DMZ_VOIP_PHONE --dport 5060 -j ACCEPT
$IPTABLES -I FORWARD -i $EXTIF -p udp -o DMZ_IFACE -d $DMZ_VOIP_PHONE --dport 13456 -j ACCEPT
# $IPTABLES -I FORWARD -i $EXTIF -p udp -o DMZ_IFACE -d $DMZ_VOIP_PHONE --dport 10000:20000 -j ACCEPT
## PREROUTING ## ###### Enable IP Destination NAT for DMZ zone #######
$IPTABLES -t nat -A PREROUTING -p udp -i $EXTIF -d $DMZ_IP --dport 5060 -j DNAT --to-destination $DMZ_VOIP_PHONE
$IPTABLES -t nat -A PREROUTING -p udp -i $EXTIF -d $DMZ_IP --dport 13456 -j DNAT --to-destination $DMZ_VOIP_PHONE
#$IPTABLES -t nat -A PREROUTING -p udp -i $EXTIF -d $DMZ_IP --dport 10000:20000 -j DNAT --to-destination $DMZ_VOIP_PHONE
## POSTROUTING ####DMZ VOIP PHONE #######
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to-source 192.168.2.120
Last edited by metallica1973; 12-19-2005 at 12:34 AM.
|