For now I'm using "siproxd" to solve this. I glad to hear that already has a patch for this. I will wait for official kernel support (Ubuntu)! 2013/1/17 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>: > On Mon, Dec 17, 2012 at 08:33:58PM -0800, Kevin Cernekee wrote: >> Most SIP devices use a source port of 5060/udp on SIP requests, so the >> response automatically comes back to port 5060: >> >> phone_ip:5060 -> proxy_ip:5060 REGISTER >> proxy_ip:5060 -> phone_ip:5060 100 Trying >> >> The newer Cisco IP phones, however, use a randomly chosen high source >> port for the SIP request but expect the response on port 5060: >> >> phone_ip:49173 -> proxy_ip:5060 REGISTER >> proxy_ip:5060 -> phone_ip:5060 100 Trying >> >> Standard Linux NAT, with or without nf_nat_sip, will send the reply back >> to port 49173, not 5060: >> >> phone_ip:49173 -> proxy_ip:5060 REGISTER >> proxy_ip:5060 -> phone_ip:49173 100 Trying >> >> But the phone is not listening on 49173, so it will never see the reply. >> >> This patch modifies nf_*_sip to work around this quirk by extracting >> the SIP response port from the Via: header, iff the source IP in the >> packet header matches the source IP in the SIP request. > > Applied, thanks Kevin. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
