Hi,
In the end i implemented an rmmod in the if-up.local of the ppp connection, in
order to remove the sip_nat and sip_conntrack modules everytime a new DSL
connection is established.
This fixed the issue and so far no problems, the mileage is good.
Anyhow i agree that CentOS/RedHat should deliver a patch for this bug, but so
far i found none.
I agree that this is an issue with the 2.6.32 kernel CentOs is using and may
well be patched in kernel v.3 .
Thanks a lot guys for the insight and help
Cheers
Alberto
----- Messaggio originale -----
Da: "Fred Maillou" <frederrif...@yahoo.ca>
A: "Shorewall Users" <shorewall-users@lists.sourceforge.net>
Inviato: Giovedì, 29 agosto 2013 23:42:49
Oggetto: Re: [Shorewall-users] sip conntrack dropping packets?
Hello,
Earlier this year I contacted Patrick McHardy for fixing a SIP conntrack
problem and he produced a patch. Unfortunately, I do not have the exchanged
emails although I'd presume the patch made to the netfilter modules upstream.
The work Patrick did was per contract. He's the maintainer of several
components. I could have a bit more details next week if needed.\
Cheers.
De : Lee Brown <l...@ratnaling.org>
À : Shorewall Users <shorewall-users@lists.sourceforge.net>
Envoyé le : mercredi 21 août 2013 14h39
Objet : Re: [Shorewall-users] sip conntrack dropping packets?
On my CentOS 6.4 box (2.6.32-358.14.1.el6.x86_64) I found that nf_conntrack_sip
and nf_nat_sip caused problems with sip traffic (silently dropping traffic) and
I run without them. I was getting random non connection issues (failed
registration) before I removed those modules. My regular custom traffic shaping
was not effected.
CentOS tends to ship with older, sometimes incomplete modules so YMMV.
On Wed, Aug 21, 2013 at 11:15 AM, Alberto Di Fede < alberto.dif...@gmail.com >
wrote:
sure they are from sip conntrack module.
i would like to understand why it happens and if it is a configuration issue.
i think that removing the modules will hurt the traffic shaping.
any idea on how to debug?
On Tue, Aug 20, 2013 at 11:08 PM, Pablo Sebastian Greco <
shorew...@fliagreco.com.ar > wrote:
<blockquote>
Those messages are not from the firewall itself, they are from
nf_conntrack_sip. Have you tried unloading nf_conntrack_sip and nf_nat_sip ?
Pablo.
El 20/08/13 14:34, johnny bowen escribió:
<blockquote>
Btw.. it only happens on one or two phones also, but I can't remember which
ones.
On Tue, Aug 20, 2013 at 10:33 AM, johnny bowen < jbow...@gmail.com > wrote:
<blockquote>
I get that too. I've never solved the problem I just stopped rsyslog from
logging to my console. So if I ever come across a fix I'll post it
On Tue, Aug 20, 2013 at 9:20 AM, Alberto Di Fede < alberto.dif...@gmail.com >
wrote:
<blockquote>
Hi,
i see this on the console and in the firewall logs while i try to make sip
calls using my sip server (although this appears to happen only from a the
Counterpath Bria softphone)
Message from syslogd@server at Aug 20 17:24:39 ...
kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address>
DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52154
PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
Message from syslogd@server at Aug 20 17:24:39 ...
kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address>
DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52155
PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
Message from syslogd@server at Aug 20 17:24:40 ...
kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address>
DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52156
PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
Message from syslogd@server at Aug 20 17:24:41 ...
kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address>
DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52159
PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
Message from syslogd@server at Aug 20 17:24:45 ...
kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address>
DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52161
PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
after a few drops obviously the SIP call is dropped.
i searched online for solutions, but apparently there seems to be no technical
issue for my kernel/netfilter/shorewall version, most probably is related to my
configuration.
is there anything standing out for you?
thank you
Alberto
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
</blockquote>
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
</blockquote>
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
</blockquote>
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
</blockquote>
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13.
http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
