Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

VoIP Firewall: Difference between revisions

← Older editNewer edit →
Content deleted Content added
Adsb (talk | contribs)
editor
520 edits
m The description says port range of 5000-5098, so make the rules match (i.e. not 5000-5999)
Adsb (talk | contribs)
editor
520 edits
m Use the proper IP range for current AAISP VoIP servers
Line 140: Line 140:
As an example with 2 phones, the first phone uses inbound SIP port 5060 and incoming RTP ports 5062-5068, and the second phone uses inbound SIP port 5040 and incoming RTP ports 5042-5048. Using iptables, the required rules would be like:
As an example with 2 phones, the first phone uses inbound SIP port 5060 and incoming RTP ports 5062-5068, and the second phone uses inbound SIP port 5040 and incoming RTP ports 5042-5048. Using iptables, the required rules would be like:


/sbin/iptables -t nat -A PREROUTING -i eth0 -m udp -p udp -s 81.187.30.0/24 --dport 5060:5069 -j DNAT --to-destination 192.168.1.12
/sbin/iptables -t nat -A PREROUTING -i eth0 -m udp -p udp -s 81.187.30.112/29 --dport 5060:5069 -j DNAT --to-destination 192.168.1.12
/sbin/iptables -t nat -A PREROUTING -i eth0 -m udp -p udp -s 81.187.30.0/24 --dport 5040:5049 -j DNAT --to-destination 192.168.1.13
/sbin/iptables -t nat -A PREROUTING -i eth0 -m udp -p udp -s 81.187.30.112/29 --dport 5040:5049 -j DNAT --to-destination 192.168.1.13


See: [[VoIP NAT]]
See: [[VoIP NAT]]
Retrieved from "http://support.aa.net.uk/VoIP_Firewall"