On Thu, May 14, 2015 at 3:28 PM, Eric Koome <eko...@yahoo.com> wrote: > Hi all, > > I have two servers with public and private IP address running a sip proxy on > eth0 and asterisk box on eth1. Each box is running Shorewall 4.5.21. Making > calls within a server is fine but I would like the sip proxy to also use > asterisk box on the other machine for load balancing. > > However for some reason calls and qualify OPTIONS packets are not being > passed over asterisk box to the other sip proxy based on tcpdump and ngrep. I > suspect my masquerade rules are to blame but after countless tweaking, this > is failing me. > > Scenario (addresses have been scrambled) > OPTIONS (qualify=yes) > BOX 1 Asterisk ----------------> Sip Proxy > 10.131.45.56 :5060 178.89.67.12:5060 > OPTIONS > BOX 2 Sip proxy ----------------> Asterisk > 178.89.67.12:5060 10.131.45.56 :5060 > > These packets are not being answered with 200 OK. > > > This is what I have in my configs: > rules > ACCEPT net $FW udp 5060 <------- Accept sip > requests to sip proxy > > Policy > loc net ACCEPT > $FW net ACCEPT > loc $FW ACCEPT > $FW loc ACCEPT > net all DROP info > all all REJECT info > > masq > BOX 1 > INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK > USER/ SWITCH ORIGINAL > # GROUP DEST > eth0:178.89.67.12 10.131.45.56 - udp 5060 <------- asterisk to > proxy through eth0 > > BOX 2 > INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK > USER/ SWITCH ORIGINAL > # GROUP DEST > eth1:10.131.45.56 178.89.67.12 - udp 5060 <-------- proxy to > asterisk through eth1 > > What am i missing? > > Eric
Eric, On my CentOS 6.4 box (2.6.32-358.14.1.el6.x86_64) I found that nf_conntrack_sip and nf_nat_sip caused problems with sip traffic (silently dropping traffic) and I run without them. I was getting random non connection issues (failed registration) before I removed those modules. CentOS tends to ship with older, sometimes incomplete modules so YMMV. I don't have a proxy in my configuration. Hope that helps, Lee ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
