1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Opening port to external properly

Discussion in 'Asuswrt-Merlin' started by Marko Polo, Aug 6, 2017.

  1. Marko Polo

    Marko Polo Senior Member

    Joined:
    May 23, 2017
    Messages:
    256
    Well, I splitted my issue from another thread, as was suggested. I applied the suggested by @ColinTaylor rule to my iptables

    Code:
    iptables -I INPUT -i eth0 -p udp -m udp --dport 5060 -j ACCEPT
    and it was added below the mentioned DROP/LOGDROP rule. And I still cannot access Asterisk from outside. Now my iptables looks like this:
    Code:
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:51413
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:51413
    DROP       icmp --  anywhere             anywhere             icmp echo-request
    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
    DROP       all  --  anywhere             anywhere             state INVALID
    PTCSRVWAN  all  --  anywhere             anywhere
    PTCSRVLAN  all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere             state NEW
    ACCEPT     all  --  anywhere             anywhere             state NEW
    ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
    SSHBFP     tcp  --  anywhere             anywhere             tcp dpt:29 state NEW
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8082
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
    INPUT_ICMP  icmp --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:5060
    And here is my firewall-start script:
    Code:
    #!/bin/sh
    iptables -I INPUT -p tcp --destination-port 51413 -j ACCEPT
    iptables -I INPUT -p udp --destination-port 51413 -j ACCEPT
    
    # SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
    iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
    ~
    What am I doing wrong?
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,119
    Your firewall-start is still calling iptables -A...
     
    Marko Polo likes this.
  4. Marko Polo

    Marko Polo Senior Member

    Joined:
    May 23, 2017
    Messages:
    256
    Damn! Thanks for the hint. Now it works.
     
    Jack Yaz likes this.
  5. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,119
    No problem, you'd posted everything you needed, I bet you were going a little script blind by the end of it and missed it. Happens to me all the time!
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!