Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[asterisk-users] iptables for SIP talk to other port


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users
View previous topic :: View next topic  
Author Message
geisj at pagestation.com
Guest





PostPosted: Sat Oct 15, 2016 11:17 am    Post subject: [asterisk-users] iptables for SIP talk to other port Reply with quote

I have a host 192.168.1.3 that wants to run SIP on 5068 (long story).My host is 192.168.10.201.
My host needs to stay on 5060 because of all the other devices I have connected.


I tried putting port=5068 in my SIP extension definition but that did not work.


So I thought about using iptables to accomplish this:


iptables -t nat -A PREROUTING  -p tcp --dport 5068                -j REDIRECT --to-port 5060
iptables -t nat -A POSTROUTING -p tcp --dport 5060 -d 192.168.1.3 -j REDIRECT --to-port 5068





Do I not have the right format of the command?
Anything incoming destined for 5068 redirect to 5060...
Anything going out to 192.168.1.3 and port 5060 redirect to 5068.


Seems like that should have worked?


Thoughts?  sip show peers still says unreachable.


Thanks,


Jerry
Back to top
admin at tootai.net
Guest





PostPosted: Sat Oct 15, 2016 11:31 am    Post subject: [asterisk-users] iptables for SIP talk to other port Reply with quote

Le 15/10/2016 à 18:17, Jerry Geis a écrit :
Quote:
I have a host 192.168.1.3 that wants to run SIP on 5068 (long story).
My host is 192.168.10.201.
My host needs to stay on 5060 because of all the other devices I have
connected.

I tried putting port=5068 in my SIP extension definition but that did
not work.

So I thought about using iptables to accomplish this:

iptables -t nat -A PREROUTING -p tcp --dport 5068 -j
REDIRECT --to-port 5060
iptables -t nat -A POSTROUTING -p tcp --dport 5060 -d 192.168.1.3 -j
REDIRECT --to-port 5068


Do I not have the right format of the command?
Anything incoming destined for 5068 redirect to 5060...
Anything going out to 192.168.1.3 and port 5060 redirect to 5068.

Seems like that should have worked?

Thoughts? sip show peers still says unreachable.

Generally SIP is UDP not TCP. Did you modify your asterisk.conf to TCP ?

--
Daniel

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
ka at mayten.sch.bme.hu
Guest





PostPosted: Sat Oct 15, 2016 12:35 pm    Post subject: [asterisk-users] iptables for SIP talk to other port Reply with quote

You're redirecting tcp, sip defaults to udp.
--
Sent from my cellphone.

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
geisj at pagestation.com
Guest





PostPosted: Sat Oct 15, 2016 7:08 pm    Post subject: [asterisk-users] iptables for SIP talk to other port Reply with quote

Quote:
Your correct. I forgot to mention that the other end IS using tcp.
So I have in my SIP trunk. 
transport=tcp


So correct my iptables line was specifying "-p tcp"


I also set tcpenable=yes in sip.conf


Thanks.


Jerry 
Back to top
mike352 at microdel.org
Guest





PostPosted: Sun Oct 16, 2016 5:56 pm    Post subject: [asterisk-users] iptables for SIP talk to other port Reply with quote

I'm by no means an iptables guru...

Not sure if it's necessary to enable forwarding via:
echo "1" > /proc/sys/net/ipv4/ip_forward

Also have you tried without the "POSTROUTING" rule?

I seem to recall that "iptables" is smart enough to correctly route
packets back out without that rule.


On Sat, 15 Oct 2016, Jerry Geis wrote:

Quote:
I have a host 192.168.1.3 that wants to run SIP on 5068 (long story).My host is 192.168.10.201.
My host needs to stay on 5060 because of all the other devices I have connected.

I tried putting port=5068 in my SIP extension definition but that did not work.

So I thought about using iptables to accomplish this:

iptables -t nat -A PREROUTING  -p tcp --dport 5068                -j REDIRECT --to-port 5060
iptables -t nat -A POSTROUTING -p tcp --dport 5060 -d 192.168.1.3 -j REDIRECT --to-port 5068


Do I not have the right format of the command?
Anything incoming destined for 5068 redirect to 5060...
Anything going out to 192.168.1.3 and port 5060 redirect to 5068.

Seems like that should have worked?

Thoughts?  sip show peers still says unreachable.

Thanks,

Jerry


--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Join the Asterisk Community at the 13th AstriCon, September 27-29, 2016
http://www.asterisk.org/community/astricon-user-conference

New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Back to top
duncan at e-simple.co.nz
Guest





PostPosted: Sun Oct 16, 2016 6:28 pm    Post subject: [asterisk-users] iptables for SIP talk to other port Reply with quote

Don't you want udp rather than tcp? Have a look at the iptables stats to see if any packets are hitting your rule.
Also I think the source port from your host will be 5068 so your replies will be to the right port but you can double check

tcpdump is also very useful here

sudo tcpdump -i eth0 -n udp and host 192.168.1.3 should show you packets between your machine and your odd host

Cheers Duncan

On 17/10/16 11:55, Mike wrote:

Quote:

I'm by no means an iptables guru...

Not sure if it's necessary to enable forwarding via:
    echo "1" > /proc/sys/net/ipv4/ip_forward

Also have you tried without the "POSTROUTING" rule?

I seem to recall that "iptables" is smart enough to correctly route packets back out without that rule.


On Sat, 15 Oct 2016, Jerry Geis wrote:

Quote:
I have a host 192.168.1.3 that wants to run SIP on 5068 (long story).My host is 192.168.10.201.
My host needs to stay on 5060 because of all the other devices I have connected.

I tried putting port=5068 in my SIP extension definition but that did not work.

So I thought about using iptables to accomplish this:

iptables -t nat -A PREROUTING  -p tcp --dport 5068                -j REDIRECT --to-port 5060
iptables -t nat -A POSTROUTING -p tcp --dport 5060 -d 192.168.1.3 -j REDIRECT --to-port 5068


Do I not have the right format of the command?
Anything incoming destined for 5068 redirect to 5060...
Anything going out to 192.168.1.3 and port 5060 redirect to 5068.

Seems like that should have worked?

Thoughts?  sip show peers still says unreachable.

Thanks,

Jerry




Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services