Hej Erich and Sassy, hej list, Am 12.05.20 um 00:10 schrieb Erich Titl: > Hi Boris > > Am 12.05.2020 um 00:08 schrieb Boris: >> Am 11.05.20 um 23:35 schrieb Sassy Natan: >>> Hi, >>> >>> Can you please try to unload the nf_nat_sip? >>> >>> Just put this in /etc/modprobe.d/blacklist.conf >>> >>> blacklist nf_nat_sip >>> blacklist nf_conntrack_sip >>> blacklist nf_conntrack_h323 >>> blacklist nf_nat_h323 >>> >>> and give it a try. >>> Sassy >> >> Your plan made me look at the running old environment and search for >> those helpers - they are called ip_* as Erich found out.....: >> >> agate# lsmod | grep ip_ >> ip_nat_irc 1704 0 (unused) >> ip_nat_ftp 2152 0 (unused) >> iptable_nat 14388 3 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc >> ip_nat_ftp] >> ip_conntrack_irc 2484 1 >> ip_conntrack_ftp 3132 1 >> ip_conntrack 16548 2 [ipt_state ipt_helper ipt_conntrack >> ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat >> ip_conntrack_irc ip_conntrack_ftp] >> >> So, there is no *_sip and no *_h323 there.... > > Yes and one suggestion in FAQ77 suggests the same. >
Wow, what a success! Thank you so very much! That was the key! I wrote the two sip-helpers in DONT_LOAD in shorewall.conf and the phonecall work just perfect! Now the last issue is receiving the mail.... In this case pop3s is used and the traffic is redirected to a different port as well. Is there another helper to be disabled?? Boris _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
