opensipstack-osbcdevel

[OpenSBC] iptables

[Paul R. <pau...@ya...>]

Can anyone tell me what the good iptables settings are to make OpenSBC work behind NAT (iptables)


At the moment i have set it like this (see further).  


I can register .... but i don't hear a thing not from inside and not from outside the router.


#PREROUTING
# SIP (5060) NAT-STUN (3478)
$IPT -t nat -A PREROUTING -p tcp -i $INET_IFACE -d $INET_IP --dport 5060 -j DNAT --to-destination $SIP_SRV_LAN_IP:5060
$IPT -t nat -A PREROUTING -p udp -i $INET_IFACE -d $INET_IP --dport 5060 -j DNAT --to-destination $SIP_SRV_LAN_IP:5060
$IPT -t nat -A PREROUTING -p udp -i $INET_IFACE -d $INET_IP --dport 30000:35000 -j DNAT --to-destination $SIP_SRV_LAN_IP
$IPT -t nat -A PREROUTING -p udp -i $INET_IFACE -d $INET_IP --dport 3478 -j DNAT --to-destination $SIP_SRV_LAN_IP:3478


#FORWARD
# VOIP
$IPT -A FORWARD -p tcp -d $SIP_SRV_LAN_IP --dport 5060 -j ACCEPT
$IPT -A FORWARD -p udp -d $SIP_SRV_LAN_IP --dport 5060 -j ACCEPT
$IPT -A FORWARD -p udp -d $SIP_SRV_LAN_IP --dport 30000:35000 -j ACCEPT
$IPT -A FORWARD -p tcp -s $SIP_SRV_LAN_IP --sport 5060 -j ACCEPT
$IPT -A FORWARD -p udp -s $SIP_SRV_LAN_IP --sport 5060 -j ACCEPT
$IPT -A FORWARD -p udp -s $SIP_SRV_LAN_IP --sport 30000:35000 -j ACCEPT


#POSTROUTING
# VOIP 
$IPT -t nat -A POSTROUTING -o $LAN_IFACE -j SNAT --to-source $INET_IP
$IPT -t nat -A POSTROUTING -o $INET_IFACE -s $SIP_SRV_LAN_IP -j MASQUERADE


 


 

Re: [OpenSBC] iptables

[Joegen E. B. <joe...@gm...>]

Paul,

Did you set the "Static Media Address" in the general parameters to 
point to the public IP of your router?

Joegen


Paul Ruts wrote:
> Can anyone tell me what the good iptables settings are to make OpenSBC work behind NAT (iptables)
>
>
> At the moment i have set it like this (see further).  
>
>
> I can register .... but i don't hear a thing not from inside and not from outside the router.
>
>
> #PREROUTING
> # SIP (5060) NAT-STUN (3478)
> $IPT -t nat -A PREROUTING -p tcp -i $INET_IFACE -d $INET_IP --dport 5060 -j DNAT --to-destination $SIP_SRV_LAN_IP:5060
> $IPT -t nat -A PREROUTING -p udp -i $INET_IFACE -d $INET_IP --dport 5060 -j DNAT --to-destination $SIP_SRV_LAN_IP:5060
> $IPT -t nat -A PREROUTING -p udp -i $INET_IFACE -d $INET_IP --dport 30000:35000 -j DNAT --to-destination $SIP_SRV_LAN_IP
> $IPT -t nat -A PREROUTING -p udp -i $INET_IFACE -d $INET_IP --dport 3478 -j DNAT --to-destination $SIP_SRV_LAN_IP:3478
>
>
> #FORWARD
> # VOIP
> $IPT -A FORWARD -p tcp -d $SIP_SRV_LAN_IP --dport 5060 -j ACCEPT
> $IPT -A FORWARD -p udp -d $SIP_SRV_LAN_IP --dport 5060 -j ACCEPT
> $IPT -A FORWARD -p udp -d $SIP_SRV_LAN_IP --dport 30000:35000 -j ACCEPT
> $IPT -A FORWARD -p tcp -s $SIP_SRV_LAN_IP --sport 5060 -j ACCEPT
> $IPT -A FORWARD -p udp -s $SIP_SRV_LAN_IP --sport 5060 -j ACCEPT
> $IPT -A FORWARD -p udp -s $SIP_SRV_LAN_IP --sport 30000:35000 -j ACCEPT
>
>
> #POSTROUTING
> # VOIP 
> $IPT -t nat -A POSTROUTING -o $LAN_IFACE -j SNAT --to-source $INET_IP
> $IPT -t nat -A POSTROUTING -o $INET_IFACE -s $SIP_SRV_LAN_IP -j MASQUERADE
>
>
>  
>
>
>  
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Opensipstack-osbcdevel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensipstack-osbcdevel
>
>