Re: [Shorewall-users] Shorewall is eating my Asterisk egress traffic

Fri, 23 May 2008 17:17:55 -0700 

Jamie J. Begin wrote:



-----Original Message-----
From: [EMAIL PROTECTED] [mailto:shorewall-
[EMAIL PROTECTED] On Behalf Of Tom Eastep
Sent: Friday, May 23, 2008 8:05 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] Shorewall is eating my Asterisk egress
traffic

Jamie J. Begin wrote:

I have four-interface Shorewall config set up.  The "dmz" interface is
bridged with "net" so I can assign public IP's to the servers in the

DMZ.



I
opted to do this rather than SNAT or ARP proxying because one of the

servers

runs Asterisk and SIP and NAT don't always work well together.  Somehow,

my

firewall config is causing a one-way audio problem in Asterisk.

Proxy ARP has nothing to do with NAT -- for Asterisk, proxy ARP and
bridging
should be equivalent.


If a person

calls into the PBX, they cannot hear me speaking, but I can hear them.

If I

plug the Asterisk server directly into the router, bypassing the bridge,

the

problem goes away.


Try specifying this:

        rmmod ip_nat_sip
        rmmod ip_conntrack_sip

In your shorewall.conf:

        DONT_LOAD=ip_nat_sip,ip_conntrack_sip

Does it work now?

-Tom


Brilliant!  If I'm ever out your way, I owe you at least three beers!  I've
been beating my head against the wall for the past two days over this.



Should have checked the mailing list archives. This question gets asked and 
answered frequently.




Am I losing any functionality by nuking those modules?



I've not heard of anyone having problems after removing those modules.


Note that when you upgrade your kernel to 2.6.21 or later, the module names 
change to nf_conntrack_sip and nf_nat_sip.


-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key




Attachment:
signature.asc

Description: OpenPGP digital signature


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to