vampire.m4: Load protocol-specific NAT helper modules.

[firewall] / vampire.m4

diff --git a/vampire.m4 b/vampire.m4
index 75845662e7fc3e83ce3718035ccf9d28eb927c5a..55c7961fcf0b8af41760568bdbc03d1ba3966d54 100644 (file)
--- a/vampire.m4
+++ b/vampire.m4
@@ -108,5 +108,15 @@ run iptables -t nat -A outbound -j RETURN -d 172.29.198.0/23
 run iptables -t nat -A outbound -j SNAT --to-source 62.49.204.158
 run iptables -t nat -A POSTROUTING -j outbound
 
+## Set up NAT protocol helpers.  In particular, SIP needs some special
+## twiddling.
+run modprobe nf_conntrack_sip \
+  ports=5060 \
+  sip_direct_signalling=0 \
+  sip_direct_media=0
+for p in ftp sip h323; do
+  run modprobe nf_nat_$p
+done
+
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------