From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vsu@altlinux.org>
Date: Sat, 17 Nov 2012 22:49:21 +0400
From: Sergey Vlasov <vsu@altlinux.ru>
To: community@lists.altlinux.org
Message-ID: <20121117184921.GA6761@atlas.home>
Mail-Followup-To: community@lists.altlinux.org
References: <50A7458A.2070506@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU"
Content-Disposition: inline
In-Reply-To: <50A7458A.2070506@gmail.com>
Subject: Re: [Comm] =?koi8-r?b?9SDLz8fPIM7JwtXE2CDSwcLP1MHF1CBpcF9jb25udHJh?=
 =?koi8-r?b?Y2tfc2lwIGlwX25hdF9zaXA=?=
X-BeenThere: community@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Community general discussions
	<community@lists.altlinux.org>
List-Id: ALT Linux Community general discussions <community.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/community>,
	<mailto:community-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community>
List-Post: <mailto:community@lists.altlinux.org>
List-Help: <mailto:community-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Nov 2012 18:49:40 -0000
Archived-At: <http://lore.altlinux.org/community/20121117184921.GA6761@atlas.home/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>


--EeQfGwPcQSOJBaQU
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Nov 17, 2012 at 12:06:34PM +0400, altconf@gmail.com wrote:
> =E5=D3=D4=D8
> ALT Linux 6.0.0 Centaurus  (Cheiron)
> Linux srv.localdomain 2.6.32-el-smp-alt27 #1 SMP Tue Sep 20 19:35:51 UTC=
=20
> 2011 i686 GNU/Linux
> =E5=D3=D4=D8 sip =D0=D2=CF=D7=C1=CA=C4=C5=D2 =CB =CB=CF=D4=CF=D2=CF=CD=D5=
 =C3=C9=D0=CC=D1=C0=D3=D8 =C9=DA =CC=CF=CB=C1=CC=D8=CE=CF=CA =D3=C5=D4=C9 s=
ip =D4=C5=CC=C5=C6=CF=CE=D9.
> =F3=C5=CA=DE=C1=D3 =D2=C1=DA=D2=C5=DB=C5=CE =D4=D2=C1=C6=C9=CB =D0=CF UDP=
 =C4=CC=D1 =CF=D0=D2=C5=C4=C5=CC=C5=CE=CE=D9=C8 =CC=CF=CB=C1=CC=D8=CE=D9=C8=
 IP =C1=C4=D2=C5=D3=CF=D7, =CE=CF=20
> =C8=CF=D4=C5=CC=CF=D3=D8 =C2=D9 =D3=C4=C5=CC=C1=D4=D8 =D0=CF =D0=D2=C1=D7=
=C9=CC=D8=CE=CF=CD=D5.
>=20
> =F7 iptables =D0=D2=CF=D0=C9=D3=C1=CC =D3=D4=D2=CF=CB=C9 =CB=C1=CB =DA=C4=
=C5=D3=D8 =CE=C1=D0=C9=D3=C1=CE=CF
> http://wiki.sipfoundry.org/display/sipXecs/Configure+iptables

=EB =D3=CF=D6=C1=CC=C5=CE=C9=C0, =CB=CF=CD=C1=CE=C4=D9 =C4=CC=D1 =DA=C1=C7=
=D2=D5=DA=CB=C9 =CD=CF=C4=D5=CC=C5=CA =CE=C1 =DC=D4=CF=CA =D3=D4=D2=C1=CE=
=C9=C3=C5
=CE=C5=D0=D2=C1=D7=C9=CC=D8=CE=D9=C5 - =D7=CF=DA=CD=CF=D6=CE=CF, =D0=CF=DC=
=D4=CF=CD=D5 =CE=C9=DE=C5=C7=CF =C9 =CE=C5 =D2=C1=C2=CF=D4=C1=C5=D4.

> modprobe ip_conntrack_sip ip_nat_sip

=F7 =CF=C4=CE=CF=CD =D7=D9=DA=CF=D7=C5 modprobe =CD=CF=D6=C5=D4 =C2=D9=D4=
=D8 =D5=CB=C1=DA=C1=CE=CF =D4=CF=CC=D8=CB=CF =CF=C4=CE=CF =C9=CD=D1 =CD=CF=
=C4=D5=CC=D1, =DA=C1
=CB=CF=D4=CF=D2=D9=CD =D3=CC=C5=C4=D5=C0=D4 =D0=C1=D2=C1=CD=C5=D4=D2=D9 =DC=
=D4=CF=C7=CF =CD=CF=C4=D5=CC=D1; =D7 =D4=CF=CD =D7=C9=C4=C5, =CB=C1=CB =DC=
=D4=CF =CE=C1=D0=C9=D3=C1=CE=CF
=DA=C4=C5=D3=D8, modprobe =D0=CF=D0=D9=D4=C1=C5=D4=D3=D1 =DA=C1=C7=D2=D5=DA=
=C9=D4=D8 =CD=CF=C4=D5=CC=D8 ip_conntrack_sip =D3
=D0=C1=D2=C1=CD=C5=D4=D2=CF=CD ip_nat_sip, =C9 =D7 =D2=C5=DA=D5=CC=D8=D4=C1=
=D4=C5 =C2=D5=C4=C5=D4 =D0=CF=CC=D5=DE=C5=CE=C1 =CF=DB=C9=C2=CB=C1 =C9=DA-=
=DA=C1
=CE=C5=C9=DA=D7=C5=D3=D4=CE=CF=C7=CF =D0=C1=D2=C1=CD=C5=D4=D2=C1, =CD=CF=C4=
=D5=CC=D8 =D0=D2=C9 =DC=D4=CF=CD =CE=C5 =C2=D5=C4=C5=D4 =DA=C1=C7=D2=D5=D6=
=C5=CE.

=EB =D4=CF=CD=D5 =D6=C5 =C9=CD=C5=CE=C1 =CD=CF=C4=D5=CC=C5=CA =D5=D3=D4=C1=
=D2=C5=CC=C9 - =D4=C5=D0=C5=D2=D8 =DC=D4=C9 =CD=CF=C4=D5=CC=C9 =CE=C1=DA=D9=
=D7=C1=C0=D4=D3=D1
nf_conntrack_sip =C9 nf_nat_sip (=D7=D0=D2=CF=DE=C5=CD, =D3=D4=C1=D2=D9=C5 =
=C9=CD=C5=CE=C1 =C5=DD=A3 =CD=CF=D6=CE=CF
=C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8 =D7 =D7=D9=DA=CF=D7=C1=C8 modprobe =C9=
=DA-=DA=C1 =D7=D3=D4=D2=CF=C5=CE=CE=D9=C8 =C1=CC=C9=C1=D3=CF=D7).

> modprobe ip_conntrack_sip ports=3D5060

=FC=D4=C1 =CB=CF=CD=C1=CE=C4=C1 =D3=D2=C1=C2=CF=D4=C1=C5=D4, =D4=CF=CC=D8=
=CB=CF =D3=CC=C5=C4=D5=C5=D4 =D5=DE=C9=D4=D9=D7=C1=D4=D8, =DE=D4=CF =D7 =D3=
=CC=D5=DE=C1=C5, =C5=D3=CC=C9
=CD=CF=C4=D5=CC=D8 =D0=CF =CB=C1=CB=C9=CD-=D4=CF =D0=D2=C9=DE=C9=CE=C1=CD =
=D5=D6=C5 =CF=CB=C1=DA=C1=CC=D3=D1 =DA=C1=C7=D2=D5=D6=C5=CE =D2=C1=CE=C5=C5=
, =D5=CB=C1=DA=C1=CE=CE=D9=C5 =D7
=CB=CF=CD=C1=CE=C4=CE=CF=CA =D3=D4=D2=CF=CB=C5 =D0=C1=D2=C1=CD=C5=D4=D2=D9 =
=C2=D5=C4=D5=D4 =D0=D2=CF=C9=C7=CE=CF=D2=C9=D2=CF=D7=C1=CE=D9.  =EF=C2=D9=
=DE=CE=CF =CC=D5=DE=DB=C5
=D0=CF=CD=C5=DD=C1=D4=D8 =D0=C1=D2=C1=CD=C5=D4=D2=D9 =C4=CC=D1 =CD=CF=C4=D5=
=CC=C5=CA =D7 =C6=C1=CA=CC=D9 /etc/modprobe.d/*.conf (=CC=D5=DE=DB=C5
=CE=C5 =D2=C5=C4=C1=CB=D4=C9=D2=CF=D7=C1=D4=D8 =D3=D5=DD=C5=D3=D4=D7=D5=C0=
=DD=C9=C5 =C6=C1=CA=CC=D9, =C1 =C4=CF=C2=C1=D7=C9=D4=D8 =CE=CF=D7=D9=CA =C6=
=C1=CA=CC, =DE=D4=CF=C2=D9 =CE=C5
=D0=D2=C9=DB=CC=CF=D3=D8 =D0=CF=D4=CF=CD =D7=CE=CF=D3=C9=D4=D8 =C9=DA=CD=C5=
=CE=C5=CE=C9=D1 =D0=CF=D3=CC=C5 =CF=C2=CE=CF=D7=CC=C5=CE=C9=D1 =D0=C1=CB=C5=
=D4=C1, =C4=CF=C2=C1=D7=C9=D7=DB=C5=C7=CF
=D4=D5=C4=C1 =C9=DA=CD=C5=CE=A3=CE=CE=D9=CA =D7=D0=CF=D3=CC=C5=C4=D3=D4=D7=
=C9=C9 =C6=C1=CA=CC):

  options nf_conntrack_sip ports=3D5060

=F0=C1=D2=C1=CD=C5=D4=D2=D9 =C9=DA /etc/modprobe.d/*.conf =C2=D5=C4=D5=D4 =
=D0=D2=C9=CD=C5=CE=C5=CE=D9 =CB=C1=CB =D0=D2=C9 =DA=C1=C7=D2=D5=DA=CB=C5
=CD=CF=C4=D5=CC=D1 =D1=D7=CE=CF=CA =CB=CF=CD=C1=CE=C4=CF=CA modprobe nf_con=
ntrack_sip, =D4=C1=CB =C9 =D0=D2=C9 =CE=C5=D1=D7=CE=CF=CA
=DA=C1=C7=D2=D5=DA=CB=C5 =C4=CC=D1 =D5=C4=CF=D7=CC=C5=D4=D7=CF=D2=C5=CE=C9=
=D1 =DA=C1=D7=C9=D3=C9=CD=CF=D3=D4=C5=CA =C4=D2=D5=C7=C9=C8 =CD=CF=C4=D5=CC=
=C5=CA (=CE=C1=D0=D2=C9=CD=C5=D2, =D0=D2=C9
=D7=D9=D0=CF=CC=CE=C5=CE=C9=C9 =CB=CF=CD=C1=CE=C4=D9 modprobe nf_nat_sip =
=D0=CF =DA=C1=D7=C9=D3=C9=CD=CF=D3=D4=D1=CD =C2=D5=C4=C5=D4 =DA=C1=C7=D2=D5=
=D6=C5=CE
=C9 =CD=CF=C4=D5=CC=D8 nf_conntrack_sip).

=F7=D0=D2=CF=DE=C5=CD, =DA=CE=C1=DE=C5=CE=C9=C5 ports=3D5060 =CD=CF=D6=CE=
=CF =CE=C5 =D5=CB=C1=DA=D9=D7=C1=D4=D8 =D7=CF=CF=C2=DD=C5 - =DC=D4=CF=D4 =
=D0=CF=D2=D4
=C9=D3=D0=CF=CC=D8=DA=D5=C5=D4=D3=D1 =D0=CF =D5=CD=CF=CC=DE=C1=CE=C9=C0, =
=C5=D3=CC=C9 =D0=C1=D2=C1=CD=C5=D4=D2 =CD=CF=C4=D5=CC=D1 =CE=C5 =D5=CB=C1=
=DA=C1=CE.

=E1 =D7=CF=D4 =CD=CF=C4=D5=CC=D8 nf_nat_sip =D0=CF=D3=CC=C5 =D7=D9=D0=CF=CC=
=CE=C5=CE=C9=D1 =D4=CF=CC=D8=CB=CF =D5=CB=C1=DA=C1=CE=CE=D9=C8 =CB=CF=CD=C1=
=CE=C4
=DA=C1=C7=D2=D5=D6=C5=CE =CE=C5 =C2=D5=C4=C5=D4.  =F7 =D0=D2=C9=CE=C3=C9=D0=
=C5 =C4=CF=D3=D4=C1=D4=CF=DE=CE=CF =DA=C1=C7=D2=D5=DA=C9=D4=D8 =D4=CF=CC=D8=
=CB=CF =DC=D4=CF=D4
=CD=CF=C4=D5=CC=D8, =C8=CF=D4=D1 =CF=D4 =D2=D5=DE=CE=CF=CA =DA=C1=C7=D2=D5=
=DA=CB=C9 nf_conntrack_sip =CE=C9=DE=C5=C7=CF =D0=CC=CF=C8=CF=C7=CF =D4=CF=
=D6=C5
=CE=C5 =D3=CC=D5=DE=C9=D4=D3=D1:

  modprobe nf_conntrack_sip
  modprobe nf_nat_sip

> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

=FC=D4=CF =D0=D2=C1=D7=C9=CC=CF =D2=C1=DA=D2=C5=DB=C1=C5=D4 =D4=CF=CC=D8=CB=
=CF =CF=D4=D7=C5=D4=CE=D9=C5 =D0=C1=CB=C5=D4=D9 =C4=CC=D1 =D4=D2=C1=C6=C9=
=CB=C1,
=C9=CE=C9=C3=C9=C9=D2=CF=D7=C1=CE=CE=CF=C7=CF =D3=C1=CD=C9=CD =DB=CC=C0=DA=
=CF=CD, =CE=CF =CE=C5 =D7=CC=C9=D1=C5=D4 =CE=C1 =D0=C5=D2=C5=C4=C1=DE=D5 =
=D0=C1=CB=C5=D4=CF=D7 =CD=C5=D6=C4=D5
=CD=C1=D2=DB=D2=D5=D4=C9=DA=C9=D2=D5=C5=CD=D9=CD=C9 =D3=C5=D4=D1=CD=C9 (=CE=
=C5=D3=CD=CF=D4=D2=D1 =CE=C1 =D4=CF, =DE=D4=CF =CE=C1 =D7=CE=C5=DB=CE=C5=CD=
 =C9=CE=D4=C5=D2=C6=C5=CA=D3=C5
=C2=CC=C1=C7=CF=C4=C1=D2=D1 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C0 NAT =CF=
=C2=C1 =D7=C9=C4=C1 =D0=C1=CB=C5=D4=CF=D7 =C9=CD=C5=C0=D4 =CF=C4=C9=CE=C1=
=CB=CF=D7=D9=CA IP-=C1=C4=D2=C5=D3
=CE=C1=DA=CE=C1=DE=C5=CE=C9=D1).  =F7=CF=CF=C2=DD=C5 =D7 =D4=C1=C2=CC=C9=C3=
=C5 filter =D7=C5=D3=D8 =D4=D2=C1=C6=C9=CB =D7=C9=C4=C5=CE =D5=D6=C5 =D3=CF=
 =D3=CE=D1=D4=D9=CD
NAT (=CF=C2=D2=C1=C2=CF=D4=CB=C1 =D0=C1=CB=C5=D4=CF=D7 =D7 =D4=CF=CD =D7=C9=
=C4=C5, =CB=C1=CB =CF=CE=C9 =D7=CF=DB=CC=C9 =D7 =C9=CE=D4=C5=D2=C6=C5=CA=D3=
, =D7=CF=DA=CD=CF=D6=CE=C1
=D7 =D4=C1=C2=CC=C9=C3=C5 raw):

  http://en.wikipedia.org/wiki/File:Netfilter-packet-flow.svg

(=D4=D2=C1=CE=D3=CC=D1=C3=C9=D1 =C1=C4=D2=C5=D3=CF=D7 =C4=CC=D1 =D7=C8=CF=
=C4=D1=DD=C9=C8 =D0=C1=CB=C5=D4=CF=D7, =CF=D4=CE=CF=D3=D1=DD=C9=C8=D3=D1 =
=CB =D5=D6=C5 =C9=DA=D7=C5=D3=D4=CE=D9=CD
=D3=CF=C5=C4=C9=CE=C5=CE=C9=D1=CD, =D7=D9=D0=CF=CC=CE=D1=C5=D4=D3=D1 =CE=C1=
 =DC=D4=C1=D0=C5 "conntrack"; =DE=C5=D2=C5=DA =D4=C1=C2=CC=C9=C3=D5 nat
=D0=D2=CF=C8=CF=C4=D1=D4 =D4=CF=CC=D8=CB=CF =D0=C5=D2=D7=D9=C5 =D0=C1=CB=C5=
=D4=D9 =D5=D3=D4=C1=CE=C1=D7=CC=C9=D7=C1=C5=CD=D9=C8 =D3=CF=C5=C4=C9=CE=C5=
=CE=C9=CA).  =E8=CF=D4=D1 =DC=D4=C1
=D3=C8=C5=CD=C1 =D4=CF=D6=C5 =CE=C5 =D3=CF=D7=D3=C5=CD =D0=CF=CC=CE=C1=D1...

=E4=CC=D1 =D2=C1=DA=D2=C5=DB=C5=CE=C9=D1 =D0=C5=D2=C5=C4=C1=DE=C9 =CF=D4=D7=
=C5=D4=CE=CF=C7=CF =D4=D2=C1=C6=C9=CB=C1 =D7=CF =D7=CE=D5=D4=D2=C5=CE=CE=C0=
=C0 =D3=C5=D4=D8
=C1=CE=C1=CC=CF=C7=C9=DE=CE=CF=C5 =D0=D2=C1=D7=C9=CC=CF =C4=CF=CC=D6=CE=CF =
=C2=D9=D4=D8 =C4=CF=C2=C1=D7=CC=C5=CE=CF =D7 =D4=C1=C2=CC=C9=C3=D5 FORWARD =
(=CF=C2=D9=DE=CE=CF
=C4=CC=D1 =D0=CF=D7=D9=DB=C5=CE=C9=D1 =D0=D2=CF=C9=DA=D7=CF=C4=C9=D4=C5=CC=
=D8=CE=CF=D3=D4=C9 =C5=C7=CF =D3=D4=C1=D7=D1=D4 =CF=C4=CE=C9=CD =C9=DA =D0=
=C5=D2=D7=D9=C8, =C8=CF=D4=D1
=D0=C5=D2=C5=C4 =CE=C9=CD =CD=CF=C7=D5=D4 =D2=C1=DA=CD=C5=DD=C1=D4=D8=D3=D1=
 =D0=D2=C1=D7=C9=CC=C1 =C4=CC=D1 =D5=DE=A3=D4=C1 =D4=D2=C1=C6=C9=CB=C1):

  iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

=E1 =D7=CF=D4 =D7 =CE=C1=DE=C1=CC=CF =C3=C5=D0=CF=DE=CB=C9 INPUT =C8=CF=D2=
=CF=DB=CF =C2=D9 =C4=CF=C2=C1=D7=C9=D4=D8 =D1=D7=CE=CF=C5 =CF=D4=C2=D2=C1=
=D3=D9=D7=C1=CE=C9=C5
=D0=C1=CB=C5=D4=CF=D7 =D3=CF =D3=D4=C1=D4=D5=D3=CF=CD INVALID:

  iptables -A INPUT -m state --state INVALID -j DROP

=F0=C1=CB=C5=D4=D9 =D3=CF =D3=D4=C1=D4=D5=D3=CF=CD INVALID =CD=CF=C7=D5=D4 =
=D0=CF=D1=D7=CC=D1=D4=D8=D3=D1 =D7 =D3=CC=D5=DE=C1=C5, =C5=D3=CC=C9 =C4=CC=
=D1 =CE=C9=C8 =D0=CF
=CB=C1=CB=C9=CD-=D4=CF =D0=D2=C9=DE=C9=CE=C1=CD =CE=C5 =D3=D2=C1=C2=CF=D4=
=C1=CC conntrack; =D7 =D2=C5=DA=D5=CC=D8=D4=C1=D4=C5 =CF=CE=C9 =CE=C1=DE=C9=
=CE=C1=C0=D4
=CF=C2=D2=C1=C2=C1=D4=D9=D7=C1=D4=D8=D3=D1 =DB=CC=C0=DA=CF=CD =CB=C1=CB =D0=
=D2=C5=C4=CE=C1=DA=CE=C1=DE=C5=CE=CE=D9=C5 =C4=CC=D1 =D3=C1=CD=CF=C7=CF =DB=
=CC=C0=DA=C1, =DE=D4=CF =CD=CF=D6=C5=D4
=D7=D9=DA=D9=D7=C1=D4=D8 =DA=C1=C7=C1=C4=CF=DE=CE=D9=C5 =D0=D2=CF=C2=CC=C5=
=CD=D9 - =CE=C1=D0=D2=C9=CD=C5=D2, =D4=C1=CB=C9=C5:

  http://serverfault.com/questions/309691/why-is-our-firewall-ubuntu-8-04-r=
ejecting-the-final-packet-fin-ack-psh-wit/

> iptables -A INPUT -p udp --dport 5060 -j ACCEPT

=FC=D4=CF =D0=D2=C1=D7=C9=CC=CF =CE=D5=D6=CE=CF =D4=CF=CC=D8=CB=CF =D7 =D4=
=CF=CD =D3=CC=D5=DE=C1=C5, =C5=D3=CC=C9 =CE=C1 =D3=C1=CD=CF=CD =DB=CC=C0=DA=
=C5 =DA=C1=D0=D5=DD=C5=CE
=CB=C1=CB=CF=CA-=CC=C9=C2=CF =D3=C5=D2=D7=C5=D2, =D0=D2=C9=CE=C9=CD=C1=C0=
=DD=C9=CA UDP-=D0=C1=CB=C5=D4=D9 =CE=C1 =D0=CF=D2=D4 5060.  =E5=D3=CC=C9
=D4=D2=C5=C2=D5=C5=D4=D3=D1 =D4=CF=CC=D8=CB=CF =CF=C2=CD=C5=CE =D3 =D3=C5=
=D2=D7=C5=D2=C1=CD=C9 =D7=CF =D7=CE=C5=DB=CE=C5=CA =D3=C5=D4=C9, =C4=CF=D3=
=D4=C1=D4=CF=DE=CE=CF =D0=D2=C1=D7=C9=CC
=D7 =D4=C1=C2=CC=C9=C3=C5 FORWARD.

> iptables -A FORWARD -p udp --dport 5060 -j ACCEPT

=FC=D4=CF =D0=D2=C1=D7=C9=CC=CF, =D7=C5=D2=CF=D1=D4=CE=C5=C5 =D7=D3=C5=C7=
=CF, =D3=CC=C9=DB=CB=CF=CD =DB=C9=D2=CF=CB=CF=C5 - =CE=C5=CF=C2=C8=CF=C4=C9=
=CD=CF =D0=D2=CF=D7=C5=D2=D1=D4=D8,
=DE=D4=CF =D0=C1=CB=C5=D4 =D0=D2=C9=DB=A3=CC =D3 =CF=C4=CE=CF=C7=CF =C9=DA =
=C9=CE=D4=C5=D2=C6=C5=CA=D3=CF=D7, =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=D5=C0=DD=
=C9=C8 =D7=CE=D5=D4=D2=C5=CE=CE=C5=CA
=D3=C5=D4=C9, =C9=CE=C1=DE=C5, =CE=C5=D3=CD=CF=D4=D2=D1 =CE=C1 =C9=D3=D0=CF=
=CC=D8=DA=CF=D7=C1=CE=C9=C5 NAT, =CB=D4=CF-=CC=C9=C2=CF =C9=DA =D4=CF=C7=CF=
 =D6=C5
=D3=C5=C7=CD=C5=CE=D4=C1 =D7=CE=C5=DB=CE=C5=CA =D3=C5=D4=C9 (=C4=CF =D3=CC=
=C5=C4=D5=C0=DD=C5=C7=CF =CD=C1=D2=DB=D2=D5=D4=C9=DA=C1=D4=CF=D2=C1) =D3=CD=
=CF=D6=C5=D4 =D0=C5=D2=C5=C4=C1=D7=C1=D4=D8
=D4=C1=CB=C9=C5 =D0=C1=CB=C5=D4=D9 =D7=CF =D7=CE=D5=D4=D2=C5=CE=CE=C0=C0 =
=D3=C5=D4=D8, =C5=D3=CC=C9 =C5=CD=D5 =C9=DA=D7=C5=D3=D4=C5=CE =C4=C9=C1=D0=
=C1=DA=CF=CE =C1=C4=D2=C5=D3=CF=D7
=D7=CE=D5=D4=D2=C5=CE=CE=C5=CA =D3=C5=D4=C9 =C9 =D0=C1=CB=C5=D4=D9 =D3 =D4=
=C1=CB=C9=CD=C9 =C1=C4=D2=C5=D3=C1=CD=C9 =CE=C5 =C6=C9=CC=D8=D4=D2=D5=C0=D4=
=D3=D1
=CB=CF=CD=CD=D5=D4=C1=D4=CF=D2=C1=CD=C9 =D7=CE=C5=DB=CE=C5=C7=CF =D3=C5=C7=
=CD=C5=CE=D4=C1, =CC=C9=C2=CF =D5=D3=D4=C1=CE=CF=D7=C9=D4=D8 =D7=CE=C5=DB=
=CE=C9=CA IP =D7=C1=DB=C5=C7=CF
=DB=CC=C0=DA=C1 =D3=C5=C2=C5 =D7 =CB=C1=DE=C5=D3=D4=D7=C5 =DB=CC=C0=DA=C1 =
=D0=CF =D5=CD=CF=CC=DE=C1=CE=C9=C0 =C9 =D7=D9=C8=CF=C4=C9=D4=D8 =D7 Interne=
t =DE=C5=D2=C5=DA
=D7=C1=DB =D7=CE=C5=DB=CE=C9=CA IP (=DC=D4=CF =D0=D2=C1=D7=C9=CC=CF =C4=C1=
=D3=D4 =C4=CF=D3=D4=D5=D0 =CB SIP-=D3=C5=D2=D7=C5=D2=C1=CD; =D7=CF=DA=CD=CF=
=D6=CE=CF, =C5=D3=D4=D8
=C9 =C4=D2=D5=C7=C9=C5 =CE=C1=D0=C9=D3=C1=CE=CE=D9=C5 =D3=D4=CF=CC=D8 =D6=
=C5 =CE=C5=C1=CB=CB=D5=D2=C1=D4=CE=CF =D0=D2=C1=D7=C9=CC=C1).

=EF=C2=D9=DE=CE=CF =D0=D2=CF=DD=C5 =D7=D3=C5=C7=CF =D3=CF=DA=C4=C1=D4=D8 =
=CE=C5=D3=CB=CF=CC=D8=CB=CF =C3=C5=D0=CF=DE=C5=CB =D0=CF =D7=C8=CF=C4=CE=CF=
=CD=D5 =C9=CE=D4=C5=D2=C6=C5=CA=D3=D5:

  iptables -N forward_lan
  iptables -N forward_wan
  iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -A FORWARD -m state --state INVALID -j DROP
  iptables -A FORWARD -i eth0 -j forward_wan
  iptables -A FORWARD -i eth1 -j forward_lan
  iptables -A FORWARD -j REJECT

=C1 =DA=C1=D4=C5=CD =C4=CF=C2=C1=D7=CC=D1=D4=D8 =D0=D2=C1=D7=C9=CC=C1 =C4=
=CC=D1 =D2=C1=DA=D2=C5=DB=C5=CE=C9=D1 =D3=CF=C5=C4=C9=CE=C5=CE=C9=CA =D5=D6=
=C5 =D7 =C3=C5=D0=CF=DE=CB=C9 =C4=CC=D1
=CB=CF=CE=CB=D2=C5=D4=CE=CF=C7=CF =C9=D3=D4=CF=DE=CE=C9=CB=C1:

  iptables -A forward_lan -o eth1 -j ACCEPT
  iptables -A forward_lan -p udp --dport 5060 -j ACCEPT

=F0=C5=D2=D7=CF=C5 =D0=D2=C1=D7=C9=CC=CF, =D2=C1=DA=D2=C5=DB=C1=C0=DD=C5=C5=
 =D0=D2=CF=C8=CF=D6=C4=C5=CE=C9=C5 =D0=C1=CB=C5=D4=CF=D7 =C9=DA LAN =CF=C2=
=D2=C1=D4=CE=CF =D7 LAN,
=CD=CF=D6=C5=D4 =C2=D9=D4=D8 =CE=D5=D6=CE=CF =C4=CC=D1 NAT loopback - =D7 =
=D3=C9=D4=D5=C1=C3=C9=C9, =CB=CF=C7=C4=C1 =C9=DA =D7=CE=D5=D4=D2=C5=CE=CE=
=C5=CA
=D3=C5=D4=C9 =D0=D2=CF=C9=D3=C8=CF=C4=C9=D4 =CF=C2=D2=C1=DD=C5=CE=C9=C5 =CB=
 =D7=CE=C5=DB=CE=C5=CD=D5 IP-=C1=C4=D2=C5=D3=D5 =DB=CC=C0=DA=C1, =CB=CF=D4=
=CF=D2=CF=C5 =CE=C1 =D3=C1=CD=CF=CD
=C4=C5=CC=C5 =DE=C5=D2=C5=DA DNAT =D0=C5=D2=C5=CE=C1=D0=D2=C1=D7=CC=D1=C5=
=D4=D3=D1 =CE=C1 =CF=C4=C9=CE =C9=DA =D7=CE=D5=D4=D2=C5=CE=CE=C9=C8 =C1=C4=
=D2=C5=D3=CF=D7;
=D5=DE=D4=C9=D4=C5, =DE=D4=CF =D7 =DC=D4=CF=CD =D3=CC=D5=DE=C1=C5 =CE=C1 =
=DB=CC=C0=DA=C5 =D0=D2=C9=C4=A3=D4=D3=D1 =C4=C5=CC=C1=D4=D8 =C5=DD=A3 =C9 S=
NAT, =C9
=D3=C5=D2=D7=C5=D2 =D5=D7=C9=C4=C9=D4 =D7=CD=C5=D3=D4=CF =C1=C4=D2=C5=D3=C1=
 =CB=CC=C9=C5=CE=D4=C1 =D7=CF =D7=CE=D5=D4=D2=C5=CE=CE=C5=CA =D3=C5=D4=C9 =
=C1=C4=D2=C5=D3 =DB=CC=C0=DA=C1;
=DE=D4=CF=C2=D9 =C9=DA=C2=C5=D6=C1=D4=D8 =DC=D4=CF=C7=CF, =D0=D2=C9=C4=A3=
=D4=D3=D1 =D7=D9=CE=CF=D3=C9=D4=D8 =D0=CF=C4=CF=C2=CE=D9=C5 =D3=C5=D2=D7=C5=
=D2=C1 =D7 =CF=D4=C4=C5=CC=D8=CE=D5=C0
=D3=C5=D4=D8 (DMZ).

> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $EXTERNAL_ADDR=
ESS

=FC=D4=CF =D7 =D0=D2=C9=CE=C3=C9=D0=C5 =D0=D2=C1=D7=C9=CC=D8=CE=CF (=C2=CF=
=CC=C5=C5 =D4=CF=CE=CB=D5=C0 =C6=C9=CC=D8=D4=D2=C1=C3=C9=C0 =D7 =D4=C1=C2=
=CC=C9=C3=C5 nat
=D0=D2=CF=D7=CF=C4=C9=D4=D8 =CE=C5 =CE=D5=D6=CE=CF, =C4=CC=D1 =DC=D4=CF=C7=
=CF =C5=D3=D4=D8 =D4=C1=C2=CC=C9=C3=C1 filter).

--EeQfGwPcQSOJBaQU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlCn3DEACgkQW82GfkQfsqJoggCfa77SKIVwD5eeFlvep3XkDNrW
Xm4Anjw3moofEeKivH0atOe7jNij+oZb
=obKi
-----END PGP SIGNATURE-----

--EeQfGwPcQSOJBaQU--