Iptables On C5

Home » CentOS » Iptables On C5
CentOS 1 Comment

Hi all,

I am trying to get iptables to work for me… I am running asterisk (11.23.0) on a C5 machine. Working fine on port 5060
udp. I have need to tcpenable=yes SIP and run that on port 5068. Since port 5060 is already running I was going to redirect 5068 to 5060.

So I thought I could use iptables to do that – but does not seem to be working. is my machine, is the other machine. 1.3 should connect to 10.201 on port 5068.

so I did:

iptables -t nat -A PREROUTING -p tcp -d –dport 5068 -j REDIRECT –to-port 5060
iptables -t nat -A POSTROUTING -p tcp -d –dport
5060 -j REDIRECT –to-port 5068

This did not seem to work. iptable -t nat -L -n -v shows packets going out to
1.3 but “0” on the input for 5068.

So then I added

iptables -t nat -A OUTPUT -p tcp -d –dport 5068 -j REDIRECT
–to-port 5060
iptables -t nat -A OUTPUT -p tcp -d –dport 5068 -j REDIRECT
–to-port 5060

And still nothing on the input.

What have I missed ?



One thought on - Iptables On C5

  • Oh, yuck. SIP includes information about an endpoint’s address and port in the payload of its data. The NAT helpers *should* rewrite that, but only if your payload isn’t encrypted. Asterisk can be configured with knowledge of its NATed address and port, but… Well, this all becomes kind of a mess.

    It’s best to avoid NAT where ever possible, in general, but more so with SIP than with some other common protocols.

    Is there a reason you can’t configure asterisk to connect to, without using NAT? And the reverse? Can
    not connect to 5060?

    And if you’re not seeing packets hit that rule, are you really sure is sending packets to port 5068? Do you see them using a diagnostic tool like tcpdump?

    The output chain with a destination address of the local machine? I’m not really sure what you’re trying to do here.