radius.m4: Load NAT helpers (from d119795).

author Mark Wooding <mdw@distorted.org.uk>

Fri, 20 Apr 2012 20:44:14 +0000 (21:44 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Fri, 20 Apr 2012 21:03:46 +0000 (22:03 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Fri, 20 Apr 2012 20:44:14 +0000 (21:44 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Fri, 20 Apr 2012 21:03:46 +0000 (22:03 +0100)
diff --git a/radius.m4 b/radius.m4

index 978a877..4bf4cea 100644 (file)
--- a/radius.m4
+++ b/radius.m4
@@ -69,6 +69,16 @@ run iptables -t nat -A outbound -j RETURN -d 172.29.198.0/23
  run iptables -t nat -A outbound -j SNAT --to-source 62.49.204.158
  run iptables -t nat -A POSTROUTING -j outbound
  
+## Set up NAT protocol helpers.  In particular, SIP needs some special
+## twiddling.
+run modprobe nf_conntrack_sip \
+  ports=5060 \
+  sip_direct_signalling=0 \
+  sip_direct_media=0
+for p in ftp sip h323; do
+  run modprobe nf_nat_$p
+done
+
  ## Forbid anything complicated to the NAT address.
  run iptables -A INPUT -d 62.49.204.158 ! -p icmp -j REJECT
author	Mark Wooding <mdw@distorted.org.uk>
	Fri, 20 Apr 2012 20:44:14 +0000 (21:44 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Fri, 20 Apr 2012 21:03:46 +0000 (22:03 +0100)