[Techtalk] IPtables help (VoIP related)

[Elwing]

I thought I had tried something similar earlier, but there's no reason 
not to try it again - especially since I'm still fairly "new" to 
IPtables, I can write rules to port forward to my servers, but that's 
about it :)

This didn't work though :(
if I understand IPTables correctly, the first command basically allows 
the NAT/firewall to forward to the external IP address - which I think I 
have covered with my $extint is what it sounds like - my external 
interface...
$IPTABLES -t nat -A POSTROUTING -o $extint -j MASQUERADE
I've never had a problem going out from inside my firewall - it's pretty 
open :)

The second line, I'm not sure about though since I almost never use the 
FORWARD chain, but wouldn't it just accept the established and related 
packets (and theoretically, they're related, but I'm not sure how 
netfilter decides that) I think in my case, it'd just accept those 
packets to my firewall, and not keep passing them back to the internal 
VoIP box.

I've put up my firewall script at 
http://www.elwing.org/~elwing/firewall.txt for anyone to look at and 
make suggestions (I know it's probably horrible, but it mostly works :) )

Thanks!
Elwing


Colleen Hatfield wrote:

> 
> You may have already tried this (I don't know what's in your iptables
> script), but if I'm correctly understanding the problem it looks to me
> like a state match would take care of it.
> 
> Something like:
> # Allow the phone to make send packets of any port/proto to that IP:
> iptables -A FORWARD -s 192.168.0.4 -d 216.181.30.7 -j ACCEPT
> # Allow the return traffic back in:
> iptables -A FORWARD -s 216.181.30.7 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
>