LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-25-2007, 06:19 AM   #1
bangoram
Member
 
Registered: Jan 2006
Posts: 61

Rep: Reputation: 15
Unhappy SIP-Phone registration thro NAT(Iptables)


I have configured a linux NAT box which has two network interfaces one is wired and the other is wireless.With this setup and few firewall rules I am able to share internet connection with other wireless clients.


Internet&SIPXPBX======NAT Box======== Wireless Client
Proxy ============(Masq-Iptables)===========(SIP SJPHONE)
eth0=============eth0+++++++ath0=============ath0
10.1.20.1==========IP-1=======IP-2=========192.168.20.45

IP-1 : 10.1.20.12
IP-2 : 192.168.20.30


Apart from internet sharing I am also trying to configure my SIP client(SJ- Soft Phone) to get registered with the SIP server but I am unable to do that the below given rules I have already applied and to support VoIP I have added some more rules.My SIP client is in different subnet and the Proxy is in different subnet.The registration request raised by this softphone will be for the IP 10.1.20.1 and the dest port 5060.This I have confirmed through packet sniffer(ethereal).Though I am able to telnet this destination port from the wireless client (and I am able to establish telnet connection too) the SIP user agent is not getting registered with the SIP proxy server.The account information is also created at the proxy end. It will be really appreciable if somebody can help me out in this


#!/bin/sh
INTIF="ath0"
EXTIF="eth0"
EXTIP=10.1.20.1
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

As I am a beginner with iptables I have given the steps that I have followed. very sorry for this lengthy post.

Last edited by bangoram; 06-25-2007 at 07:11 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
conecting internet thro DSL praveen_2003 Linux - Newbie 1 12-18-2006 05:35 PM
Internet thro another computer super_teds Linux - Networking 1 11-30-2005 08:09 AM
Get root access thro program Shekarbabu Linux - Security 5 06-08-2005 04:09 AM
How to run the hacking programs thro remotely... yuva_mca Linux - Security 1 09-25-2004 12:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration