Hi, Can you please try to unload the nf_nat_sip?
Just put this in /etc/modprobe.d/blacklist.conf blacklist nf_nat_sip blacklist nf_conntrack_sip blacklist nf_conntrack_h323 blacklist nf_nat_h323 and give it a try. Sassy On Tue, May 12, 2020 at 12:12 AM Boris <bo...@cation.de> wrote: > Hej Erich, > hej list, > > Am 10.05.20 um 22:45 schrieb Boris: > > Hej Erich, > > > > > > thank you so much for caring about my stuff.... > > > > Am 10.05.20 um 21:46 schrieb Erich Titl: > >> Hi Boris > >> > >> Am 10.05.2020 um 21:25 schrieb Boris: > >> ... > >> > >>> > >>> Hej Erich, > >>> > >>> this is what makes me crazy about my lack of understanding VoIP! > >>> I have a CISCO SPA112 in my own home LAN working perfect _without any > >>> additional rule or forwarding_. What is the TCPIP-side difference > >>> between the Fritzbox and the SPA112 ?? > >>> OK, there might be server-side differences, because the one we are > >>> talking about ist from Telekom and my SPA112 connects to TNG. > >> > >> From the little I learnt about SIP is that there are different > >> mechanisms of NAT traversal. Also knowing that the installation works > >> fine with an old LEAF release makes me think about iptables. > >> > >> I found the following on the net > >> > >> in the past, the SIP helper(s) were called > >> > >> ip_conntrack_sip ip_nat_sip > >> > >> the current names appear to be > >> > >> nf_conntrack_sip nf_nat_sip > >> > >> in my current release I tried to install them using modprobe (be aware, > >> the modules must be loaded/unloaded using mount_modules/umount_modules. > >> > >> trying modprobe ip_conntrack_sip ip_nat_sip > >> > >> loaded nothing !!! > >> > >> whereas > >> > >> modprobe nf_conntrack_sip nf_nat_sip > >> > >> installed the helper modules. > >> > >> So your big jump from 3.x.x to 6.x.x may well cause this. > >> > >> Check your /etc/modules file. > > > > Wow. This might be a key-hint! > > > > I will try to build a VM with LEAF 6.1.3 an put in the configdb and have > > a look at /etc/modules. > > > > My plan with the VM failed (from other reason) but - lucky I am - I have > another ALIX box on my table. So I wrote leaf.cfg and configdb.lrp into > an existing LEAF 6.2.4... > > Result: > > agate# lsmod | grep nf_nat > nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE, Live 0xb8b1b000 > nf_nat_ipv4 16384 1 iptable_nat, Live 0xb8af1000 > nf_nat_tftp 16384 0 - Live 0xb8a4c000 > nf_nat_snmp_basic 20480 0 - Live 0xb8a43000 > nf_conntrack_snmp 16384 3 nf_nat_snmp_basic, Live 0xb8a3e000 > nf_nat_sip 20480 0 - Live 0xb8a35000 > nf_nat_pptp 16384 0 - Live 0xb8a30000 > nf_nat_proto_gre 16384 1 nf_nat_pptp, Live 0xb8a2b000 > nf_nat_irc 16384 0 - Live 0xb8a26000 > nf_nat_h323 16384 0 - Live 0xb8a21000 > nf_nat_ftp 16384 0 - Live 0xb8a1c000 > nf_nat_amanda 16384 0 - Live 0xb8a0f000 > nf_nat 20480 11 > > nf_nat_masquerade_ipv4,xt_nat,nf_nat_ipv4,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda, > Live 0xb8a16000 > nf_conntrack_amanda 16384 3 nf_nat_amanda, Live 0xb8a05000 > nf_conntrack_tftp 16384 3 nf_nat_tftp, Live 0xb899d000 > nf_conntrack_sip 20480 3 nf_nat_sip, Live 0xb89fc000 > nf_conntrack_pptp 16384 3 nf_nat_pptp, Live 0xb8998000 > nf_conntrack_irc 16384 3 nf_nat_irc, Live 0xb8974000 > nf_conntrack_h323 40960 5 nf_nat_h323, Live 0xb8988000 > nf_conntrack_ftp 16384 3 nf_nat_ftp, Live 0xb894b000 > nf_conntrack 77824 29 > > ipt_MASQUERADE,nf_nat_masquerade_ipv4,xt_nat,nf_nat_ipv4,xt_CT,nf_conntrack_ipv4,xt_conntrack,nf_nat_tftp,nf_nat_snmp_basic,nf_conntrack_snmp,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda,nf_nat,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_broadcast,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_ftp, > Live 0xb89e0000 > libcrc32c 16384 2 nf_nat,nf_conntrack, Live 0xb8931000 > > whereas /etc/modules doesn't contain any of these nf_* nor ip_ . Seems > they are loaded by an other component - Shorewall??? > > Boris > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- Regards, Sassy Natan 972-(0)54-2203702
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
