I recently did a set up where I replaced a simple D-link home router that was having trouble processing a T1's worth of bandwidth with a linux machine running iptables. the kernel was 2.6.29-r5 and I chose the SIP connection tracking modules from the menuconfig.
Router worked fine for normal traffic, but I was unable to get the SIP phones to work. Using ngrep it was plain to see that the although the packets going out were reaching their destination the data inside the sip headers all contained non routable IPs. I used lsmod and saw that the following modules: nf_nat_sip 5084 0 nf_nat 16400 3 nf_nat_sip,ipt_MASQUERADE,iptable_nat nf_conntrack_ipv4 11912 3 iptable_nat,nf_nat nf_defrag_ipv4 1788 1 nf_conntrack_ipv4 were loaded. I also googled and found the http://www.iptel.org/ sipalg/ website, but since this seemed to be a little dated I assumed the modules contained in the kernel source tree were newer and more "reliable" my questions are: What is the correct way(or resource to find a way) to get a linux firewall to work with SIP so that the NAT issue is not an issue ? _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users