iptables NAT and SIP VoIP

Discussion in 'VOIP' started by miozev@nexcom.bg, Jun 24, 2005.

  1. Guest

    Hi,

    I've got Fedora 1.0 with iptables 1.3.1 as NAT server. This is my
    setup:

    -A POSTROUTING -o eth0 -j SNAT --to-source EXTERNAL_IP

    I've got SIP IP phone on eth1, when I try to originate from it I see
    the following:


    STUN msg -> Int_ip:30000 -> STUN server:3478
    STUN msg -> Ext_ip:30000 -> STUN server:3478
    STUN msg -> STUN server:3478 -> Int_ip:30000

    SIP msg Invite -> Int_IP:5060 -> SIP Server:5060
    SIP msg Invite -> Ext_IP:5060 -> SIP Server:5060

    SIP msg Trying -> Int_IP:5060 -> SIP Server:5060
    SIP msg Trying -> Ext_IP:5060 -> SIP Server:5060

    .... all regular stuff here...

    and then when the RTP has to come:


    RTP msg -> Terminating_GW:5190 -> Ext_IP:30000
    ICMP msg -> Destination Unreachable
    ......

    And here is the odd part:

    RTP msg -> Int_IP:30000 -> Terminating_GW:5190
    RTP msg -> Ext_IP:1026 -> Terminating_GW:5190

    IPtables has changed the SRC port of the packet from 30000 to 1026 and
    this is causing the NAT to drop the UDP packets from the Terminating_GW
    to the SIP Phone.

    I don't want to have static port maping to Int_IP...
    I've read that iptables has to preserve the port "if possible" ... but
    what does that mean?
    Do you have any idea how can I change that behaviour?
    , Jun 24, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lars Bebensee
    Replies:
    0
    Views:
    996
    Lars Bebensee
    Feb 12, 2004
  2. {{{{{Welcome}}}}}

    Sip Discount & VoIP Buster no longer SIP

    {{{{{Welcome}}}}}, Nov 1, 2005, in forum: UK VOIP
    Replies:
    11
    Views:
    2,594
  3. cacophony

    iptables-esque windows app?

    cacophony, Nov 30, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    2,305
    cacophony
    Nov 30, 2004
  4. Man-wai Chang ToDie

    iptables vs Cisco

    Man-wai Chang ToDie, Nov 23, 2007, in forum: Cisco
    Replies:
    19
    Views:
    7,794
    Scott Perry
    Nov 29, 2007
  5. Andrew Gabriel
    Replies:
    1
    Views:
    1,425
    Tim Watts
    Aug 28, 2011
Loading...

Share This Page