ClearFoundation

Hi,.

I like every device on 46.19.211.0/24 to have access to my voip server 192.168.1.132
I added following lines to the custom part
But that does not seem to work .....
Any idea how to fix it?


iptables -A PREROUTING -t nat -s 46.19.211.0/24 -p udp --dport 5060:5061 -j DNAT --to 192.168.1.132:5060:5061
iptables -A FORWARD -s 46.19.211.0/24 -p udp -d 192.168.1.132 --dport 5060:5061 -j ACCEPT

iptables -A PREROUTING -t nat -s 46.19.211.0/24 -p udp --dport 10000:20000 -j DNAT --to 192.168.1.132:10000:20000
iptables -A FORWARD -s 46.19.211.0/24 -p udp -d 192.168.1.132 --dport 10000:20000 -j ACCEPT

From memory you also need a POSTROUTING entry with -j SNAT. Possibly the easiest thing to do is set up a simple dummy port forward rule and see what it does to iptables with an "iptables -L -n -v" and "iptables -L -n -v -t nat". You can then base your rules of those.

BTW if you're not changing the ports I don't think you need to mention them in the "--to" bits. A 1-1 map is assumed. Also if a range is not accepted for "--dport" you may need to use "-m multiport --dports" instead.

Nick,
Thank you I am having progress ....
I need to duplicate this:
Chain POSTROUTING (policy ACCEPT 5454 packets, 532K bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT udp -- * * 192.168.1.0/24 192.168.1.132 udp dpts:10000:20000 to:192.168.1.1


but I must be missing something since I am getting error:

iptables -A POSTROUTING -t nat -j SNAT -s 192.168.1.0/24 -p udp -d 192.168.1.132 --dport 10000:20000
iptables v1.3.5: You must specify --to-source

Any more pointers?

It is much easier to read if you put the command line stuff in [ code ]......[ /code ] tags, removing the spaces by the square brackets.

I think what you want may be:If it does not work (I am away from my system) can you post the rule you are trying to copy again with the rule as you tried at the command line?

Nick,
That works no problem !!!!
Thank you very much.