On 5/12/2020 5:17 PM, Boris wrote:
> Hej Erich and Sassy,
> hej list,
>
> Am 12.05.20 um 00:10 schrieb Erich Titl:
>> Hi Boris
>>
>> Am 12.05.2020 um 00:08 schrieb Boris:
>>> Am 11.05.20 um 23:35 schrieb Sassy Natan:
>>>> Hi,
>>>>
>>>> Can you please try to unload the nf_nat_sip?
>>>>
>>>> Just put this in /etc/modprobe.d/blacklist.conf
>>>>
>>>> blacklist nf_nat_sip
>>>> blacklist nf_conntrack_sip
>>>> blacklist nf_conntrack_h323
>>>> blacklist nf_nat_h323
>>>>
>>>> and give it a try.
>>>> Sassy
>>>
>>> Your plan made me look at the running old environment and search for
>>> those helpers - they are called ip_* as Erich found out.....:
>>>
>>> agate# lsmod | grep ip_
>>> ip_nat_irc 1704 0 (unused)
>>> ip_nat_ftp 2152 0 (unused)
>>> iptable_nat 14388 3 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc
>>> ip_nat_ftp]
>>> ip_conntrack_irc 2484 1
>>> ip_conntrack_ftp 3132 1
>>> ip_conntrack 16548 2 [ipt_state ipt_helper ipt_conntrack
>>> ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat
>>> ip_conntrack_irc ip_conntrack_ftp]
>>>
>>> So, there is no *_sip and no *_h323 there....
>>
>> Yes and one suggestion in FAQ77 suggests the same.
>>
>
> Wow, what a success! Thank you so very much! That was the key!
> I wrote the two sip-helpers in DONT_LOAD in shorewall.conf and the
> phonecall work just perfect!
>
> Now the last issue is receiving the mail....
> In this case pop3s is used and the traffic is redirected to a different
> port as well. Is there another helper to be disabled??
>
>
No, pop3 uses per default port 110 or 995 ("secure pop3").
--
Matt Darfeuille <m...@shorewall.org>
Shorewall Project Committee, one of four core members
https://sourceforge.net/p/shorewall/mailman/message/36596609/
https://shorewall.org
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
