[Spce-user] [EXTERNAL] Physical interface VS virtual interface on iptables rules

Dario Busso dbusso at sipwise.com
Wed Sep 18 03:57:40 EDT 2024 

The rule you shared is for TCP on the interface's port 5060. I don't know
if you meant enabling it or the UDP protocol.
It depends on which interface you have assigned the type "sip_ext" in the
network.yml file; based on that, the scripts work accordingly to create the
appropriate firewall rules.
Dario

On Wed, Sep 18, 2024 at 8:30 AM Javier Valencia <javier.valencia at voiper.es>
wrote:

> Hi there!
>
> My NGCP CE mr9.5.7 (on bullseye (11.10) 5.10.0-30-amd64 SMP) box isn't
> responding on sip_ext, because it's generating "/etc/iptables/rules.v4"
> with virtual ethernet interface instead physical ethernet interface.
>
> In example:
> -A INPUT -i *neth0:0* -p tcp --dport 5060 -j ACCEPT -m comment --comment
> "sip_ext"
>
> Must be:
> -A INPUT -i *neth0* -p tcp --dport 5060 -j ACCEPT -m comment --comment
> "sip_ext"
>
> When I delete the first line and insert into iptables (with cli commands)
> the second line, the server starts to respond.
>
> There an *iface* alternative variable to make a custom template?
> [%
>    FOREACH iface IN hosts.$hostname.interfaces;
>      FOREACH net IN hosts.$hostname.$iface.type;
>        # handle certain aliases
>        IF net != 'rtp_int' && net.match('^rtp_');
>          net_alias = 'rtp_ext';
>        ELSIF net.match('^sip_ext_');
>          net_alias = 'sip_ext';
>        ELSE;
>          net_alias = net;
>        END;
>
>        IF rules.$net_alias && rules.$net_alias.size && iface != 'lo' &&
> hosts.$hostname.$iface.ip;
>          FOREACH rule IN rules.$net_alias;
> -%]
> -A INPUT -i [% *iface* %] [% rule %] -m comment --comment "[% net %]"
> [%
>          END;
>        END;
>      END;
>    END;
> -%]
>
> thx
>
> P.S: I'm so sorry about my english
>
> --
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/mailman/listinfo/spce-user_lists.sipwise.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20240918/23b6689e/attachment.htm>

More information about the Spce-user mailing list