I have two network interface, eth0 is the internal network necessary for the connection of PCs with the softphone and eth1 to link to internet. I'm using iptables on CentOS 6.5 to direct all the outputs of the Freepbx (Asterisk) to eth1, but I don't have success.
The rule
iptables -A PREROUTING -i eth1 -t mangle -p tcp --dport 5060 -j MARK --set-mark 1
Take a ook at sip.conf. In the [general] section, there is a bindaddress or udpbindaddress. Set it to 0.0.0.0 to make sure asterisk listens on all interfaces. You can check it by:
netstat -lnap | grep 5060
udp 0 0 0.0.0.0:5060 0.0.0.0:* 30822/asterisk
Then restrict access to unnecessary interfaces using iptables, like (note the order):
iptables -A INPUT -i eth1 -p udp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp --dport 5060 -j DROP
iptables -A OUTPUT -o eth1 -p udp --sport 5060 -j ACCEPT
iptables -A OUTPUT -p udp --sport 5060 -j DROP