我用过本教程配置我的 iptables,以便我可以从服务器外部访问 asterisk sip。
我的iptables -L样子
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT udp -- anywhere anywhere udp dpt:sip
ACCEPT udp -- anywhere anywhere udp dpt:iax
ACCEPT udp -- anywhere anywhere udp dpt:5036
ACCEPT udp -- anywhere anywhere udp dpts:ndmp:dnp
ACCEPT udp -- anywhere anywhere udp dpt:mgcp-callagent
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
现在,当 iptables 关闭时,我可以在 sip 客户端上注册,没有任何问题,但是当它打开时,防火墙会阻止它。这个 iptables 配置有什么问题,我应该怎么做才能修复它?
答案1
您在链中有一个拒绝所有规则:
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
将其移至末尾即可完成所有设置。