[oclug] Repost from OCLUG Tech list
Bill Strosberg
oclug at strosberg.com
Wed Sep 2 17:47:27 EDT 2009
Stephen Gregory wrote:
> Bill Strosberg wrote:
>
>> What I want to do is have packets from all of the specified external
>> subnets routed out of the firewall to the address 10.20.0.1 on eth3.
>> Basically, all external traffic from these source address ranges need to
>> be forwarded to the VOIP provider's router, with no exception.
>>
>> Any ideas?
>>
>>
>
> Does the VoIP provider initiate the connections back to the VoIP router?
> Or does the VoIP router initial the connection to the provider. The
> latter is how my VoIP worked. If this is the case then you should not
> need anything other then MASQ for the voip router.
>
> If the VoIP provider initiates connections to the the firewall then you
> need DNAT to change the destinate address of the packet from the
> firewall's external IP to the VoIP router.
>
> The routing is only going to work if the VoIP provider sends packet
> addressed to 10.20.0.1 via the firewall. As 10.20.0.1 is non-routable
> this is unlikely to happen.
>
>
>
Stephen:
This is the same conclusion I reached until I thought iproute2 would be
able to route the packets from the VOIP provider's specified subnets
based on the source address. I created a new routing table intended to
handle packets from the specified range(s) which in theory should get
sent out eth3. They don't, so I've missed something or didn't
understand the documentation right (a distinct possibility).
Connections are initiated BY the VOIP provider TO their router from the
Internet. This is an outsourced VOIP solution, so calls ring at the
VOIP provider's terminus, and are routed across the Internet to my
client's site.
As I read the iproute2 source routing docs, I thought I should be able
to do this.
More information about the OCLUG
mailing list