Re: nf_conntrack_sip problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jul 01, 2009 at 06:16:21PM +0200, Patrick McHardy wrote:
> Joerg Dorchain wrote:
>> On Wed, Jul 01, 2009 at 05:05:49PM +0200, Patrick McHardy wrote:
>>>> I tried this. Actually, it makes things worse. Now Asterisk
>>>> complains: [Jul  1 16:17:46] WARNING[20516]: chan_sip.c:1787  
>>>> __sip_xmit:
>>>> sip_xmit of 0x86f8de0 (len 384) to 217.10.79.9:5060 returned -1:
>>>> Operation not permitted
>>>>
>>>> (Trying to register with sipgate.de; registration in parallel
>>>> with tel.lu seems to work)
>>> sipgate needs sip_direct_media=0 since the RTP streams originate from
>>> a seperate cluster.
>>
>> I loaded the module with sip_direct_signalling=0 and
>> sip_direct_media=0 to get these messages.
>
> That should be fine. Possibly related to NAT without the helper,
> see below.
>
>>> Did you load the NAT module before the conntrack module?
>>
>> I did not load the nat modules at all. As said, I am only
>> interested in dynamically accepting the rtp streams.
>>>> nf_conntrack_sip without options on a trial incoming call however gives:
>>>>
>>>> # conntrack -E expect
>>>> 180 proto=17 src=85.93.219.114 dst=212.88.133.153 sport=0 dport=7070
>>>> 180 proto=17 src=85.93.219.114 dst=212.88.133.153 sport=0 dport=7071
>>
>> Also for tel.lu the expected IP should be 85.93.219.122.
>
> It takes the addresses from the SDP payload. The gateway seems to be
> handling RTP stream with a different server as well.

Aehm, 85.93.219.122 is the address from the SDP payload for the
RTP stream as attached. 85.93.219.114 is is address of where the SIP REGISTER
is sent to.

I will try again with only sip_direct_media=0.
>
>> *nat
>> :PREROUTING ACCEPT [1385:93589]
>> :POSTROUTING ACCEPT [319:26979]
>> :OUTPUT ACCEPT [5114:401834]
>> -A PREROUTING ! -i ppp0 -p udp -m udp --dport 5060 -j REDIRECT=20
>> -A POSTROUTING -o ppp0 -j MASQUERADE=20
>> COMMIT
>
> So you are using NAT? You *need* the NAT helper in that case for
> remapping clashing ports.

I intend to to so. Currently I am only talking about packet send
and received from the host in question by local sockets, not
about forwarded packets. I.e. the asterisks runs on the host
intended to play SIP gateway, but also masqerading router for
e.g. http and other protocols.

Bye,

Joerg

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux