On Tue, 2011-07-19 at 01:34 +0200, Martin Krellmann wrote: > this topic was discussed in numerous places before. But I think my problem > is a bit different... > I have a Asterisk box which is supposed to register a trunk with sipgate. It > uses dns lookups to find out my external IP address, which is correctly > placed in the sip messages (I can see it on the Asterisk CLI with some > logging enabled). To sum it up, everything is set like in many other > discussions related to SIP problems. > > The gateway (CentOS 5.6 with Shorewall 4.4.19.2) should then masq the > related traffic, but it doesn't. It uses the private IP of the Asterisk box > as source address. Of course sipgate cannot ever answer the request. > At the moment I have absolutely no idea what the problem is about... All > other traffic is masqueraded fine. I even removed the ip_nat_sip and > ip_conntrack_sip module and added it to DONT_LOAD (according to FAQ 77). > Additionally I have also added the DNAT rules for incoming SIP traffic. > > The network configuration is more or less as usual: > Asterisk Box <-LAN-1 (seth0)-> Gateway (NAT) <-(seth3) ISP-> Sipgate > Virtual Boxes<-LAN-2 (seth1)-> > The systems in LAN 2 are not related to any SIP traffic. > > I attached the output of "shorewall dump" to this email and copied the line > of a SIP packet: > > udp 17 29 src=192.168.10.240 dst=217.10.79.9 sport=5060 dport=5060 > packets=1166 bytes=554092 [UNREPLIED] src=217.10.79.9 dst=192.168.10.240 > sport=5060 dport=5060 packets=0 bytes=0 mark=0 secmark=0 use=1 > > 217.10.79.9 is sipgate.de and 192.168.10.240 the Asterisk box on my local > network.
> So what am I missing? This typically happens when there is an attempt by the Asterisk box to communicate with the gateway before Shorewall is started (before the NAT rules are in place). The solution is to install the conntrack package and use 'shorewall start -p' (or shorewall restart -p) and/or install and configure shorewall-init so that the firewall is closed prior to Shorewall being started during boot. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
