iptables NAT and SIP VoIP

Discussion in 'VOIP' started by miozev, Jun 24, 2005.

  1. miozev

    miozev Guest


    I've got Fedora 1.0 with iptables 1.3.1 as NAT server. This is my

    -A POSTROUTING -o eth0 -j SNAT --to-source EXTERNAL_IP

    I've got SIP IP phone on eth1, when I try to originate from it I see
    the following:

    STUN msg -> Int_ip:30000 -> STUN server:3478
    STUN msg -> Ext_ip:30000 -> STUN server:3478
    STUN msg -> STUN server:3478 -> Int_ip:30000

    SIP msg Invite -> Int_IP:5060 -> SIP Server:5060
    SIP msg Invite -> Ext_IP:5060 -> SIP Server:5060

    SIP msg Trying -> Int_IP:5060 -> SIP Server:5060
    SIP msg Trying -> Ext_IP:5060 -> SIP Server:5060

    .... all regular stuff here...

    and then when the RTP has to come:

    RTP msg -> Terminating_GW:5190 -> Ext_IP:30000
    ICMP msg -> Destination Unreachable

    And here is the odd part:

    RTP msg -> Int_IP:30000 -> Terminating_GW:5190
    RTP msg -> Ext_IP:1026 -> Terminating_GW:5190

    IPtables has changed the SRC port of the packet from 30000 to 1026 and
    this is causing the NAT to drop the UDP packets from the Terminating_GW
    to the SIP Phone.

    I don't want to have static port maping to Int_IP...
    I've read that iptables has to preserve the port "if possible" ... but
    what does that mean?
    Do you have any idea how can I change that behaviour?
    miozev, Jun 24, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.