Public bug reported: We have a problem with module nf_conntrack_h323. Module doesn't make expectations for RTP/RTCP traffic in conntrack expect table. I think module does.n see H.245/Q931 informations in connection. If We try to use SIP with module nf_conntrack_sip, SIP work fine.
Our architecture - Client <----SIP/H.323---->DNAT/SNAT <----IPIP tunnel----> Router(ubuntu)<---->VoIP Soft Switch. We have 3 Servers with DNAT/SNAT translation and 3 routing tables on ubuntu router server for each other. #ip r ls table TUN1 default dev tun1 scope link # ip r ls table TUN2 default dev tun2 scope link # ip r ls table TUN3 default dev tun3 scope link We marked input traffic from tunnels and restore mark for backward with iptables. -A PREROUTING -i tun1 -j CONNMARK --set-xmark 0x1/0xffffffff -A PREROUTING -i tun2 -j CONNMARK --set-xmark 0x2/0xffffffff -A PREROUTING -i tun3 -j CONNMARK --set-xmark 0x3/0xffffffff -A PREROUTING -s 192.168.253.0/24 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff Send traffic to tunnels with ip rules 32762: from all fwmark 0x1 lookup TUN1 32763: from all fwmark 0x3 lookup TUN3 32764: from all fwmark 0x2 lookup TUN2 If We trying SIP all works fine. Packets marked and restored, also for RTP/RTCP. # conntrack -L | grep "91.210.105.210" udp 17 3549 src=91.210.105.210 dst=192.168.253.223 sport=5060 dport=5060 src=192.168.253.223 dst=91.210.105.210 sport=5060 dport=5060 [ASSURED] mark=1 helper=sip use=1 # conntrack -L expect| grep "91.210.105.210" 32 proto=17 src=0.0.0.0 dst=91.210.105.210 sport=0 dport=19092 mask-src=0.0.0.0 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=91.210.105.210 master-dst=192.168.253.223 sport=5060 dport=5060 class=1 helper=sip If We change protocol to h.323 RTP/RTCP doesn't work. No Audio with call. # conntrack -L | grep "91.210.105.210" ESTABLISHED src=91.210.105.210 dst=192.168.253.223 sport=12030 dport=1720 src=192.168.253.223 dst=91.210.105.210 sport=1720 dport=12030 [ASSURED] mark=1 helper=Q.931 use=1 No record in expectation table conntrack -L expect| grep "91.210.105.210" loaded modules with commands: /sbin/modprobe nf_conntrack_sip sip_direct_signalling=0 sip_direct_media=0 /sbin/modprobe nf_nat_sip /sbin/modprobe nf_conntrack_h323 gkrouted_only=0 callforward_filter=0 /sbin/modprobe nf_nat_h323 ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.19.0-59-generic 3.19.0-59.65~14.04.1 ProcVersionSignature: Ubuntu 3.19.0-59.65~14.04.1-generic 3.19.8-ckt19 Uname: Linux 3.19.0-59-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 Date: Fri May 20 08:29:56 2016 InstallationDate: Installed on 2016-05-09 (10 days ago) InstallationMedia: Ubuntu-Server 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805) SourcePackage: linux-lts-vivid UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: linux-lts-vivid (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-lts-vivid in Ubuntu. https://bugs.launchpad.net/bugs/1583924 Title: nf_conntrack_h323 no expectations Status in linux-lts-vivid package in Ubuntu: New Bug description: We have a problem with module nf_conntrack_h323. Module doesn't make expectations for RTP/RTCP traffic in conntrack expect table. I think module does.n see H.245/Q931 informations in connection. If We try to use SIP with module nf_conntrack_sip, SIP work fine. Our architecture - Client <----SIP/H.323---->DNAT/SNAT <----IPIP tunnel----> Router(ubuntu)<---->VoIP Soft Switch. We have 3 Servers with DNAT/SNAT translation and 3 routing tables on ubuntu router server for each other. #ip r ls table TUN1 default dev tun1 scope link # ip r ls table TUN2 default dev tun2 scope link # ip r ls table TUN3 default dev tun3 scope link We marked input traffic from tunnels and restore mark for backward with iptables. -A PREROUTING -i tun1 -j CONNMARK --set-xmark 0x1/0xffffffff -A PREROUTING -i tun2 -j CONNMARK --set-xmark 0x2/0xffffffff -A PREROUTING -i tun3 -j CONNMARK --set-xmark 0x3/0xffffffff -A PREROUTING -s 192.168.253.0/24 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff Send traffic to tunnels with ip rules 32762: from all fwmark 0x1 lookup TUN1 32763: from all fwmark 0x3 lookup TUN3 32764: from all fwmark 0x2 lookup TUN2 If We trying SIP all works fine. Packets marked and restored, also for RTP/RTCP. # conntrack -L | grep "91.210.105.210" udp 17 3549 src=91.210.105.210 dst=192.168.253.223 sport=5060 dport=5060 src=192.168.253.223 dst=91.210.105.210 sport=5060 dport=5060 [ASSURED] mark=1 helper=sip use=1 # conntrack -L expect| grep "91.210.105.210" 32 proto=17 src=0.0.0.0 dst=91.210.105.210 sport=0 dport=19092 mask-src=0.0.0.0 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=91.210.105.210 master-dst=192.168.253.223 sport=5060 dport=5060 class=1 helper=sip If We change protocol to h.323 RTP/RTCP doesn't work. No Audio with call. # conntrack -L | grep "91.210.105.210" ESTABLISHED src=91.210.105.210 dst=192.168.253.223 sport=12030 dport=1720 src=192.168.253.223 dst=91.210.105.210 sport=1720 dport=12030 [ASSURED] mark=1 helper=Q.931 use=1 No record in expectation table conntrack -L expect| grep "91.210.105.210" loaded modules with commands: /sbin/modprobe nf_conntrack_sip sip_direct_signalling=0 sip_direct_media=0 /sbin/modprobe nf_nat_sip /sbin/modprobe nf_conntrack_h323 gkrouted_only=0 callforward_filter=0 /sbin/modprobe nf_nat_h323 ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.19.0-59-generic 3.19.0-59.65~14.04.1 ProcVersionSignature: Ubuntu 3.19.0-59.65~14.04.1-generic 3.19.8-ckt19 Uname: Linux 3.19.0-59-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 Date: Fri May 20 08:29:56 2016 InstallationDate: Installed on 2016-05-09 (10 days ago) InstallationMedia: Ubuntu-Server 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805) SourcePackage: linux-lts-vivid UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-lts-vivid/+bug/1583924/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp