Community Forum

augustynr
augustynr
Offline
Resolved
0 votes
Hi,.

I like every device on 46.19.211.0/24 to have access to my voip server 192.168.1.132
I added following lines to the custom part
But that does not seem to work .....
Any idea how to fix it?


iptables -A PREROUTING -t nat -s 46.19.211.0/24 -p udp --dport 5060:5061 -j DNAT --to 192.168.1.132:5060:5061
iptables -A FORWARD -s 46.19.211.0/24 -p udp -d 192.168.1.132 --dport 5060:5061 -j ACCEPT

iptables -A PREROUTING -t nat -s 46.19.211.0/24 -p udp --dport 10000:20000 -j DNAT --to 192.168.1.132:10000:20000
iptables -A FORWARD -s 46.19.211.0/24 -p udp -d 192.168.1.132 --dport 10000:20000 -j ACCEPT
Sunday, February 19 2012, 04:15 AM
Share this post:
Responses (4)
  • Accepted Answer

    augustynr
    augustynr
    Offline
    Sunday, February 19 2012, 06:17 PM - #Permalink
    Resolved
    0 votes
    Nick,
    That works no problem !!!!
    Thank you very much.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 19 2012, 05:53 PM - #Permalink
    Resolved
    0 votes
    It is much easier to read if you put the command line stuff in [ code ]......[ /code ] tags, removing the spaces by the square brackets.

    I think what you want may be:
    iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -p udp -d 192.168.1.132 --dport 10000:20000 -j SNAT --to-source 192.168.1.1
    If it does not work (I am away from my system) can you post the rule you are trying to copy again with the rule as you tried at the command line?
    The reply is currently minimized Show
  • Accepted Answer

    augustynr
    augustynr
    Offline
    Sunday, February 19 2012, 05:18 PM - #Permalink
    Resolved
    0 votes
    Nick,
    Thank you I am having progress ....
    I need to duplicate this:
    Chain POSTROUTING (policy ACCEPT 5454 packets, 532K bytes)
    pkts bytes target prot opt in out source destination
    0 0 SNAT udp -- * * 192.168.1.0/24 192.168.1.132 udp dpts:10000:20000 to:192.168.1.1


    but I must be missing something since I am getting error:

    iptables -A POSTROUTING -t nat -j SNAT -s 192.168.1.0/24 -p udp -d 192.168.1.132 --dport 10000:20000
    iptables v1.3.5: You must specify --to-source

    Any more pointers?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 19 2012, 08:39 AM - #Permalink
    Resolved
    0 votes
    From memory you also need a POSTROUTING entry with -j SNAT. Possibly the easiest thing to do is set up a simple dummy port forward rule and see what it does to iptables with an "iptables -L -n -v" and "iptables -L -n -v -t nat". You can then base your rules of those.

    BTW if you're not changing the ports I don't think you need to mention them in the "--to" bits. A 1-1 map is assumed. Also if a range is not accepted for "--dport" you may need to use "-m multiport --dports" instead.
    The reply is currently minimized Show
Your Reply