[oclug] Repost from OCLUG Tech list

Stephen Gregory oclug at kernelpanic.ca
Wed Sep 2 16:56:52 EDT 2009


 Bill Strosberg wrote:
>
> What I want to do is have packets from all of the specified external
> subnets routed out of the firewall to the address 10.20.0.1 on eth3.
> Basically, all external traffic from these source address ranges need to
> be forwarded to the VOIP provider's router, with no exception.
>
> Any ideas?
>

Does the VoIP provider initiate the connections back to the VoIP router?
Or does the VoIP router initial the connection to the provider. The
latter is how my VoIP worked. If this is the case then you should not
need anything other then MASQ for the voip router.

If the VoIP provider initiates connections to the the firewall then you
need DNAT to change the destinate address of the packet from the
firewall's external IP to the VoIP router.

The routing is only going to work if the VoIP provider sends packet
addressed to 10.20.0.1 via the firewall. As 10.20.0.1 is non-routable
this is unlikely to happen.


-- 
sg


More information about the OCLUG mailing list