pb setting up iptables for redirecting incoming UDP packets to LAN (voip)

pb setting up iptables for redirecting incoming UDP packets to LAN (voip)

Post by Marc-Olivier BERNA » Thu, 12 Sep 2002 01:04:21



Hi there,

I tried to set up a crude configuration of iptables to be able to use
a VoIP client (Ericsson phone doubler, pc2phone) on the windows 98 of
my LAN, using a linux redhat redhat 7.3 connected to internet (with a
fixed IP number) :

    LAN                                         Internet
_________________        ______________
|               |        | redhat 7.3 |
| machine win 98| __eth__| iptables   |__ppp0__

  IP: 10.0.0.3 >>         <<IP:10.0.0.1
                                fixed IP>>

To redirect the incoming UDP packets to the LAN, i consider using
iptables (after loading ip_tables, iptable_filter, ip_conntrack,
ip_conntrack_ftp modules) and flushing the tables, with the following
rules (from iptables-save) :

*nat
:PREROUTING ACCEPT [327:17663]
:POSTROUTING ACCEPT [157:8999]
:OUTPUT ACCEPT [15:971]

-A PREROUTING -i ppp0 -p udp -j DNAT --to-destination 10.0.0.3
-A PREROUTING  -i ppp0 -p tcp -j DNAT --to-destination 10.0.0.3
-A POSTROUTING -o ppp0 -j MASQUERADE
*filter
:INPUT ACCEPT [923:163570]
:FORWARD ACCEPT [8592:2056629]
:OUTPUT ACCEPT [406:57892]

the VoIP client got working but after a few second the windows 98
crashes.

Any idea ? Should i add some rules to test the packets ?

ps : I know, i know, but security questions are not the matter in here

 
 
 

pb setting up iptables for redirecting incoming UDP packets to LAN (voip)

Post by Marc-Olivier BERNA » Fri, 13 Sep 2002 16:55:52


Hi,

I found the solution. The iptables rules are right, the pb comes from
win98 which seems to have a too weak network implementation to support
a VoIP client inside a LAN.

I just upgrade to win2000, and i worked fine.

Marc-Olivier BERNARD

 
 
 

1. netfilter: Redirecting incoming udp packets to other port

Hi,
    I want to redirect incoming udp packets comming to router to only
go out from a praticular port. will it be possible by using iptables
command. will the command change skbuff contents and tuple. Do reply
packets  will be the routed properly.

scenario

client ------------> router -------------------->server
         <-----------           <--------------------

if receive a orignal udp packet from client from client port x to
router port y, can i use the same port y to forward to server (y acting
as source port) and then receive the reply packet to  port y as
destination and successfully forward to client port x.

will the cmd like will work
iptables -A POSTROUTING -t nat -p udp --dport y --sport y -j MASQUERADE

can any one give idea

thanks in advance
murugan

2. Forbes Aug 98

3. Question: on iptables and opening a port for incoming tcp/udp packets

4. Time sync

5. Transparent port reassigning of UDP on incoming/outgoing packets?

6. Carte DLINK DE220 sur une SUSE 7.0 ?

7. incoming udp packet from 0.0.0.0 ?

8. bridging for 2.4.0-testx

9. Rejecting incoming packets with iptables

10. Ignore all incoming udp/ip and udp/ip on all ports, except open ports?

11. iptables only NATing the first udp packet in a "connection"

12. Using ipchains to redirect UDP packets?

13. Q: how can I redirect UDP packets?