Re: Strange MASQ problem

[Danny Sauer <sauer@cloudmaster.com>]

Jorj wrote regarding 'Strange MASQ problem' on Thu, Jan 26 at 13:37:
> I MASQ all traffic from my internal network to the internet. ONE port on ONE
> box is somehow getting through without being masq'd. I refer to port 5060 on
> my asterisk box. The IAX ports, any pings etc from this box go out masq'd
> fine, but sip is going out with my internal ip's so concequently they are
> not arriving at their destinations..

How are you determining that it's not getting masq'd - are you using a
packet sniffer on the outgoing port (eth0, right?) and looking at the
address in the TCP headers, or are you looking at something in the
protocol (either with a dissasembler or some client program)?  I ask
mainly because I'm not sure about the protocol being used, and I'm not
sure if the IP information is potentially included in the data part?
Some protocols need mangled to be masqueraded - like active FTP which
needs the "return address" changed around...

Well, I also mention that because I didn't see anything wrong with the
iptables rules, but I didn't look that closely, either. :)

And then there's this:
http://www.voip-info.org/wiki-Asterisk+sip+nat
http://www.google.com/search?q=sip+nat

--Danny

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.