On 10/7/2013 10:25 PM, Mark D. Montgomery II wrote: > > I had to restart one of my routers tonight and since then shorewall on > it has been dropping SIP packets coming in from one machine instead of > forwarding them to the freebpx server. > > Shorewall:net2all:DROP:IN=eth0 OUT= MAC=<removed> SRC=<my home network > external ip> DST=<server network external ip> LEN=575 TOS=0x00 PREC=0x20 > TTL=78 ID=230 PROTO=UDP SPT=5061 DPT=5060 LEN=555 > > Of course this is the SIP trunk between the server and my Obi110 box in > the house that is dropping. > The odd thing is that I also have a SIP client on my home network as > well and it is connected fine. > > My other trunks are fine as well. > > My rules on the box are just straight DNAT: > > DNAT net loc10:10.10.42.4 tcp 5060:5069 > DNAT net loc10:10.10.42.4 udp 5060:5069 > > Everything was working fine before I restarted the router. > Shorewall 4.5.5.3 running on Debian Wheezy. > > > Any suggestion on figuring out why it has suddenly decided to drop these > instead of forwarding them like the rules actually say to?
This happens when the SIP client attempts to send before Shorewall is started. An erroneous non-NAT conntrack entry gets created and continues to be used after Shorewall has created the appropriate NAT rule. Install the 'conntrack' utility, identify the erroneous conntrack entry (shorewall show conntrack) and use /sbin/conntrack to delete it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
