Quoting Tom Eastep <teas...@shorewall.net>:
On 10/7/2013 10:25 PM, Mark D. Montgomery II wrote:I had to restart one of my routers tonight and since then shorewall on it has been dropping SIP packets coming in from one machine instead of forwarding them to the freebpx server. Shorewall:net2all:DROP:IN=eth0 OUT= MAC=<removed> SRC=<my home network external ip> DST=<server network external ip> LEN=575 TOS=0x00 PREC=0x20 TTL=78 ID=230 PROTO=UDP SPT=5061 DPT=5060 LEN=555 Of course this is the SIP trunk between the server and my Obi110 box in the house that is dropping. The odd thing is that I also have a SIP client on my home network as well and it is connected fine. My other trunks are fine as well. My rules on the box are just straight DNAT: DNAT net loc10:10.10.42.4 tcp 5060:5069 DNAT net loc10:10.10.42.4 udp 5060:5069 Everything was working fine before I restarted the router. Shorewall 4.5.5.3 running on Debian Wheezy. Any suggestion on figuring out why it has suddenly decided to drop these instead of forwarding them like the rules actually say to?This happens when the SIP client attempts to send before Shorewall is started. An erroneous non-NAT conntrack entry gets created and continues to be used after Shorewall has created the appropriate NAT rule. Install the 'conntrack' utility, identify the erroneous conntrack entry (shorewall show conntrack) and use /sbin/conntrack to delete it.
I isntalled conntrack.shorewall show conntrack gives me "ERROR: Chain 'conntrack' not recognized by /sbin/iptables."
shorewall show doesn't show me any conntrack chain.
-Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
-- Mark D. Montgomery II http://www.techiem2.net
bin9RMZ4zfZEs.bin
Description: PGP Public Key
pgpYbm9xD_DoQ.pgp
Description: PGP Digital Signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
