Eray Bilgin <bilgin@xxxxxxx> wrote: > i noticed this when my voip phone mysteriously stopped ringing. i use > a tp-link router as a gateway which i'm certain is running > linux/netfilters, though i don't know what version. i've observed the > same problem on my raspberry pi running iptables v1.8.2. > > usually the first thing a sip client does is register with the provider's > server. this has the effect of punching a hole through any firewalls in > its path. after that initial registration, my provider keeps the > connection alive by sending messages every 60 seconds. > > when netfilters sees traffic moving back and forth, the connection should > transition to the assured state and set the expiration timer to > nf_conntrack_udp_timeout_stream, which by default is 120 seconds. but in > this case the timer is reset to nf_conntrack_udp_timeout, which is 30 > seconds. the connection does not appear as "assured". Replies during first 2 seconds are ignored in order to prevent DNS requests from triggering assured state + 2m timeout.
