On 4/1/2014 2:25 PM, İlker Aktuna wrote: > Yes. In fact, that's my real problem. When I try to connect to my SIP > proxy (Asterisk) from internet, I come from ppp0 address. However, > Asterisk decides to reply with ppp1 address sometimes. And then I can > not register, because my sip client does not accept the reply from > ppp1 address.
This can be a problem with UDP sockets. With your current Shorewall configuration, you are not even using packet marks to attempt to direct locally-generated SIP packets out of a particular interface. With UDP sockets, the client has no control over the source IP address. This normally isn't a problem, because for any given IP address, there is usually only one interface that can be used to send packets and the kernel picks the primary IP address of that interface. The problem arises when there are multiple interfaces that can send to a given host. Until the packet is routed, it has source IP address zero which won't match the conntrack entry that was created when the initial UDP packet in the flow was sent from the client. I don't have a solution to that problem, other than to move the Asterisk server off of the gateway. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
