Link2VoIP SIP and RTP rules for iptables

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
LinuxGuru
DD-WRT Novice


Joined: 06 Nov 2011
Posts: 1
PostPosted: Sun Nov 06, 2011 18:23    Post subject: Link2VoIP SIP and RTP rules for iptables Reply with quote
I have a D-Link DIR-615 and it would not let RTP packets in from Link2VoIP. After a few days of fighting with it I decided to give DD-WRT a try. I originally bought the D-Link router because it was supported by DD-WRT but I did not get around to installing the DD-WRT firmware because until now I have had no need.

I was disappoint to find out that DD-WRT has no way to set a source ip or source net for in coming packets in the WSI. After much reading on the forums I found many posts that talked about how to setup custom rules using nvram and iptables from the SSH shell. None of these example worked but I eventually was able to get it working.

One problem that I found was that if your iptables rule is not correct (like many examples I found) then it will exit but not report any error. "echo $?" after a command will return a number if it fails or 0 if it works. Keep that in mind if you have problems.

nvram stores values in Non Volatile memory so the data will be there after a power down or reboot. DD-WRT uses nvram to save these values and you can use it to add your custom iptables rules.

I am in Canada so my Link2VoIP SIP and RTP servers are 64.34.96.201 - 64.34.96.204. SIP port is 5060 and RTP ports are 10000:20000. If you are in some other part of the world you will need to change your SIP and RTP server IP addresses. Also my Asterisk server is at 192.168.0.1 so you may need to change that also.

These are the rules I use.
iptables -I FORWARD 1 -p udp -s 64.34.96.201/32 -d 192.168.0.1 --destination-port 5060 -j ACCEPT
iptables -I FORWARD 1 -p udp -s 64.34.96.202/32 -d 192.168.0.1 --destination-port 5060 -j ACCEPT
iptables -I FORWARD 1 -p udp -s 64.34.96.203/32 -d 192.168.0.1 --destination-port 10000:20000 -j ACCEPT
iptables -I FORWARD 1 -p udp -s 64.34.96.204/32 -d 192.168.0.1 --destination-port 10000:20000 -j ACCEPT

I used the "-I" option to insert them at the top of the rules list for the FORWARD section.

To use the nvram command you must convert all your iptable rules into one line of code so you can use ; to separate the commands and put all of it in quotes. I am using Linux so I can just copy and paste these commands into the SSH shell.

The final command looks like this.
nvram set rc_firewall="iptables -I FORWARD 1 -p udp -s 64.34.96.201/32 -d 192.168.0.1 --destination-port 5060 -j ACCEPT;iptables -I FORWARD 1 -p udp -s 64.34.96.202/32 -d 192.168.0.1 --destination-port 5060 -j ACCEPT;iptables -I FORWARD 1 -p udp -s 64.34.96.203/32 -d 192.168.0.1 --destination-port 10000:20000 -j ACCEPT;iptables -I FORWARD 1 -p udp -s 64.34.96.204/32 -d 192.168.0.1 --destination-port 10000:20000 -j ACCEPT"

You are not done yet. That command just sets the value but does not save it. You need to run one more command.
nvram commit

Now you need to reboot the box. Use the "reboot" command and after a minute or two you can ssh back in.

Check your iptable rules like so
iptables -L | head -n 50

This worked for me. I can now make VoIP phone calls. I hope someone finds this helpful.

Happy hacking. Smile
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum