Hi,
I've got Fedora 1.0 with iptables 1.3.1 as NAT server. This is my setup:
-A POSTROUTING -o eth0 -j SNAT --to-source EXTERNAL_IP
I've got SIP IP phone on eth1, when I try to originate from it I see the following:
STUN msg -> Int_ip:30000 -> STUN server:3478 STUN msg -> Ext_ip:30000 -> STUN server:3478 STUN msg -> STUN server:3478 -> Int_ip:30000
SIP msg Invite -> Int_IP:5060 -> SIP Server:5060 SIP msg Invite -> Ext_IP:5060 -> SIP Server:5060
SIP msg Trying -> Int_IP:5060 -> SIP Server:5060 SIP msg Trying -> Ext_IP:5060 -> SIP Server:5060
... all regular stuff here...
and then when the RTP has to come:
RTP msg -> Terminating_GW:5190 -> Ext_IP:30000 ICMP msg -> Destination Unreachable .....
And here is the odd part:
RTP msg -> Int_IP:30000 -> Terminating_GW:5190 RTP msg -> Ext_IP:1026 -> Terminating_GW:5190
IPtables has changed the SRC port of the packet from 30000 to 1026 and this is causing the NAT to drop the UDP packets from the Terminating_GW to the SIP Phone.
I don't want to have static port maping to Int_IP... I've read that iptables has to preserve the port "if possible" ... but what does that mean? Do you have any idea how can I change that behaviour?