Home > Asterisk, ipcop, linux, networking, trixbox pro, VoIP > 1:1 NAT (SNAT) with IPCop or other IPTables firewalls.

1:1 NAT (SNAT) with IPCop or other IPTables firewalls.

This could be needed for any number of reasons, but I needed to do this to have two trixbox Pro servers live next to each other on the same LAN behind an IPCop firewall. They were reporting back the same IP address to the hybrid hosting source, so inbound connections to both were routing to the one server. Normally this is remedied manually by changing the externip in sip.conf, but that is set automatically with trixbox pro, and not an option.

You need to log into the firewall at the console or via ssh. You need to comment out one line to disable masquerading, and add a few more in its place:

nano /etc/rc.d/rc.firewall

#Individual machine on GREEN
/sbin/iptables -t nat -A POSTROUTING -s 10.0.1.99 -j SNAT --to-source 1.2.3.5
#all other machines on GREEN
/sbin/iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j SNAT --to-source 1.2.3.4
#all other machines on ORANGE
/sbin/iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -j SNAT --to-source 1.2.3.4
#DISABLE MASQUERADE
# /sbin/iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: