> > There only one line in my script that uses SIP: > > grep SIP firewall-masq > $IPT -t nat -A PREROUTING -i external -p udp --dport 5060 -j LOG > --log-prefix "SIP-BEFORE: " > > And it's run first: > > sh -x firewall-masq > + IPT=/sbin/iptables > + /sbin/iptables -F > + /sbin/iptables -X > + /sbin/iptables -t nat -A PREROUTING -i external -p udp --dport 5060 -j > LOG --log-prefix 'SIP-BEFORE: ' > ........... > > > I don't really understand this output: > > iptables -L -n -v -t nat | grep SIP > 2 262 LOG udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:5060 LOG flags 0 level 4 prefix `SIP-BEFORE: > ' > 144K 24M LOG udp -- * * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 4 prefix `SIP-BEFORE: ' > 41816 5117K LOG udp -- external * 0.0.0.0/0 > 0.0.0.0/0 LOG flags 0 level 4 prefix `SIP-BEFORE: ' > 0 0 LOG udp -- external * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:5060 LOG flags 0 level 4 prefix `SIP-BEFORE: > ' > 0 0 LOG udp -- external * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:5060 LOG flags 0 level 4 prefix `SIP-BEFORE: > ' ... It looks like your nat table isn't getting flushed. Have you tried running 'iptables -t nat -F' before firewall-masq or adding that to the start of the script? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
