radius.m4: Load NAT helpers (from d119795).

[firewall] / radius.m4

diff --git a/radius.m4 b/radius.m4
index 978a877..4bf4cea 100644 (file)
--- a/radius.m4
+++ b/radius.m4
@@ -69,6 +69,16 @@ run iptables -t nat -A outbound -j RETURN -d 172.29.198.0/23
 run iptables -t nat -A outbound -j SNAT --to-source 62.49.204.158
 run iptables -t nat -A POSTROUTING -j outbound
 
+## Set up NAT protocol helpers.  In particular, SIP needs some special
+## twiddling.
+run modprobe nf_conntrack_sip \
+  ports=5060 \
+  sip_direct_signalling=0 \
+  sip_direct_media=0
+for p in ftp sip h323; do
+  run modprobe nf_nat_$p
+done
+
 ## Forbid anything complicated to the NAT address.
 run iptables -A INPUT -d 62.49.204.158 ! -p icmp -j REJECT