Voice Over IP - iptables NAT and SIP VoIP

This is Interesting: Free IT Magazines  
Home > Archive > Voice Over IP > June 2005 > iptables NAT and SIP VoIP





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author iptables NAT and SIP VoIP
miozev@nexcom.bg

2005-06-24, 5:45 pm

Hi,

I've got Fedora 1.0 with iptables 1.3.1 as NAT server. This is my
setup:

-A POSTROUTING -o eth0 -j SNAT --to-source EXTERNAL_IP

I've got SIP IP phone on eth1, when I try to originate from it I see
the following:


STUN msg -> Int_ip:30000 -> STUN server:3478
STUN msg -> Ext_ip:30000 -> STUN server:3478
STUN msg -> STUN server:3478 -> Int_ip:30000

SIP msg Invite -> Int_IP:5060 -> SIP Server:5060
SIP msg Invite -> Ext_IP:5060 -> SIP Server:5060

SIP msg Trying -> Int_IP:5060 -> SIP Server:5060
SIP msg Trying -> Ext_IP:5060 -> SIP Server:5060

.... all regular stuff here...

and then when the RTP has to come:


RTP msg -> Terminating_GW:5190 -> Ext_IP:30000
ICMP msg -> Destination Unreachable
......

And here is the odd part:

RTP msg -> Int_IP:30000 -> Terminating_GW:5190
RTP msg -> Ext_IP:1026 -> Terminating_GW:5190

IPtables has changed the SRC port of the packet from 30000 to 1026 and
this is causing the NAT to drop the UDP packets from the Terminating_GW
to the SIP Phone.

I don't want to have static port maping to Int_IP...
I've read that iptables has to preserve the port "if possible" ... but
what does that mean?
Do you have any idea how can I change that behaviour?

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com