Categories
Mastering Development System & Network

SIP call forwarding answers *sometimes*

I have a SIP server behind a NAT firewall. The SIP server in configured correctly, and can receive calls locally. We recently integrated with Twilio for an Elastic SIP trunk. Calls will sometimes go through, and will sometimes not. Lately, more often they don’t go through. While I have not ruled out a deeper configuration error in our Asterisk FreePBX server, I think the NAT firewall/port forwarding may be to blame. We use a Linux box and iptables. Below are the IPTables rules that forward traffic to the SIP server at 10.0.3.1. Can anyone suggest if there’s something wrong here?

Also, eno1 is our public-facing if and eno2 is our internal network.

# RTP ports
iptables -t nat -A PREROUTING -i eno1 -m udp -p udp --dport 10000:20000 -j SNAT --to-destination 10.0.3.1
iptables -A FORWARD -i eno1 -o eno2 -m udp -p udp --dport 10000:20000 -d 10.0.3.1 -j ACCEPT
iptables -t nat -I PREROUTING -d $myipaddress -p udp --dport 10000:20000 -j SNAT --to-destination 10.0.3.1

# IAX port
iptables -t nat -A PREROUTING -i eno1 -m udp -p udp --dport 4569 -j SNAT --to-destination 10.0.3.1
iptables -A FORWARD -i eno1 -o eno2 -m udp -p udp --dport 4569 -d 10.0.3.1 -j ACCEPT
iptables -t nat -I PREROUTING -d $myipaddress -p udp --dport 4569 -j SNAT --to-destination 10.0.3.1:4569

# SIP port
iptables -t nat -A PREROUTING -i eno1 -m udp -p udp --dport 5060 -j SNAT --to-destination 10.0.3.1
iptables -A FORWARD -i eno1 -o eno2 -m udp -p udp --dport 5060 -d 10.0.3.1 -j ACCEPT
iptables -t nat -I PREROUTING -d $myipaddress -p udp --dport 5060 -j SNAT --to-destination 10.0.3.1:5060
# SIP port
iptables -t nat -A PREROUTING -i eno1 -m udp -p udp --dport 5061 -j SNAT --to-destination 10.0.3.1
iptables -A FORWARD -i eno1 -o eno2 -m udp -p udp --dport 5061 -d 10.0.3.1 -j ACCEPT
iptables -t nat -I PREROUTING -d $myipaddress -p udp --dport 5061 -j SNAT --to-destination 10.0.3.1:5061

Leave a Reply

Your email address will not be published. Required fields are marked *