Re: [Efw-user] Endian Modifying Packet!
Absolutely, pretty much everything works except for one type of call. Either way, it is somewhat irrelevant. In this scenario I did the two capture simultaneously at eth1 (WAN) in the Endian and on the IP-PBX. I compared the two captures side by side and here is the difference . . . This is the identical packet on each of the interfaces which is going out to the ITSP. You can see in the second capture (External on Endian) how the (c) has changed. I am completely lost . . It is my understanding there is no SIP Helper/Proxy in this release and I'm not a linux expert, but this seems to be the case best I can tell. I can think of no other reason why the Endian would change this, or why it would change to this bogus IP even if there was a proxy? Internal Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 69.61.101.90 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 69.61.xx.xx Session Name (s): 3cxPS Audio call Connection Information (c): IN IP4 69.61.xx.xx Connection Network Type: IN Connection Address Type: IP4 Connection Address: 69.61.xx.xx External Endian Interface Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 134.2.0.0 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 134.2.0.0 Session Name (s): 3cxPS Audio call Connection Information (c): IN IP4 134.2.0.0 Connection Network Type: IN Connection Address Type: IP4 Connection Address: 134.2.0.0 Sincerely, Scott Howell Mobile : 404-735-5273 On Thu, May 30, 2013 at 12:41 AM, Matt Hayes domin...@slackadelic.comwrote: Just a question, but do you have port 5060 port forwarding or a 1-to-1 NAT or anything? On Wed, May 29, 2013 at 4:23 PM, Scott Howell scott.howel...@gmail.comwrote: I can't think of any reason this is happening but it is. I have a 3CX IP-PBX behind Community 2.5.1. I ran a Wireshark on my PBX and at the same time did a tcpdump within the Endian at the same time. When looking at the two captures side by side the Endian is modifying the (c) Connection information during Session Description. On the PBX I see it going out as my WAN IP, but the same packet in the Endian has a bogus IP of 134.2.0.0 in this part of the Message Body. What the heck is going on?? Any help is greatly appreciated. Sincerely, Scott -- Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with 2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with 2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with 2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Endian Modifying Packet!
This cuts off, but I just ssh'd into my Endian and did lsmod | grep sip and here's my results: nf_nat_sip 3710 0 nf_conntrack_sip 10485 1 nf_nat_sip nf_nat 10267 9 iptable_nat,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_tftp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda nf_conntrack 38475 23 xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_conntrack_netbios_ns,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_sip,nf_nat_pptp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_nat_tftp,nf_conntrack_tftp,nf_nat_irc,nf_conntrack_irc,nf_nat_h323,nf_conntrack_h323,nf_nat_ftp,nf_conntrack_ftp,nf_nat_amanda,nf_nat,nf_conntrack_amanda,nf_conntrack_ipv4 The reason that the sip proxy was removed is that now there's a sip conntrack module in iptables. Unfortunately, I have yet to setup a true IP PBX behind Endian. I know others have, however, as you can tell, this mailing list and any other support medium for the community edition of Endian is shit anymore. -Matt On Thu, May 30, 2013 at 8:46 AM, Scott Howell scott.howel...@gmail.comwrote: Absolutely, pretty much everything works except for one type of call. Either way, it is somewhat irrelevant. In this scenario I did the two capture simultaneously at eth1 (WAN) in the Endian and on the IP-PBX. I compared the two captures side by side and here is the difference . . . This is the identical packet on each of the interfaces which is going out to the ITSP. You can see in the second capture (External on Endian) how the (c) has changed. I am completely lost . . It is my understanding there is no SIP Helper/Proxy in this release and I'm not a linux expert, but this seems to be the case best I can tell. I can think of no other reason why the Endian would change this, or why it would change to this bogus IP even if there was a proxy? Internal Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 69.61.101.90 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 69.61.xx.xx Session Name (s): 3cxPS Audio call Connection Information (c): IN IP4 69.61.xx.xx Connection Network Type: IN Connection Address Type: IP4 Connection Address: 69.61.xx.xx External Endian Interface Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 134.2.0.0 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 134.2.0.0 Session Name (s): 3cxPS Audio call Connection Information (c): IN IP4 134.2.0.0 Connection Network Type: IN Connection Address Type: IP4 Connection Address: 134.2.0.0 Sincerely, Scott Howell Mobile : 404-735-5273 On Thu, May 30, 2013 at 12:41 AM, Matt Hayes domin...@slackadelic.comwrote: Just a question, but do you have port 5060 port forwarding or a 1-to-1 NAT or anything? On Wed, May 29, 2013 at 4:23 PM, Scott Howell scott.howel...@gmail.comwrote: I can't think of any reason this is happening but it is. I have a 3CX IP-PBX behind Community 2.5.1. I ran a Wireshark on my PBX and at the same time did a tcpdump within the Endian at the same time. When looking at the two captures side by side the Endian is modifying the (c) Connection information during Session Description. On the PBX I see it going out as my WAN IP, but the same packet in the Endian has a bogus IP of 134.2.0.0 in this part of the Message Body. What the heck is going on?? Any help is greatly appreciated. Sincerely, Scott -- Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with 2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user -- Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for
Re: [Efw-user] Endian Modifying Packet!
Thank a lot Matt for the info. At least this gives me something else to look into before I yank the Endian. I will begin some research now and see if this is where the problem lies. As far as this mailing list and the forums you are correct it it garbage. I don't really understand why though. I have tried just about every open source UTM on the market and all their communities are vibrant. The Endian stacks up well against all of them yet the community is non-existent. It's a shame for such a well polished product in so many ways. Sincerely, Scott Howell Mobile : 404-735-5273 On Thu, May 30, 2013 at 9:57 AM, Matt Hayes domin...@slackadelic.comwrote: This cuts off, but I just ssh'd into my Endian and did lsmod | grep sip and here's my results: nf_nat_sip 3710 0 nf_conntrack_sip 10485 1 nf_nat_sip nf_nat 10267 9 iptable_nat,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_tftp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda nf_conntrack 38475 23 xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_conntrack_netbios_ns,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_sip,nf_nat_pptp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_nat_tftp,nf_conntrack_tftp,nf_nat_irc,nf_conntrack_irc,nf_nat_h323,nf_conntrack_h323,nf_nat_ftp,nf_conntrack_ftp,nf_nat_amanda,nf_nat,nf_conntrack_amanda,nf_conntrack_ipv4 The reason that the sip proxy was removed is that now there's a sip conntrack module in iptables. Unfortunately, I have yet to setup a true IP PBX behind Endian. I know others have, however, as you can tell, this mailing list and any other support medium for the community edition of Endian is shit anymore. -Matt On Thu, May 30, 2013 at 8:46 AM, Scott Howell scott.howel...@gmail.comwrote: Absolutely, pretty much everything works except for one type of call. Either way, it is somewhat irrelevant. In this scenario I did the two capture simultaneously at eth1 (WAN) in the Endian and on the IP-PBX. I compared the two captures side by side and here is the difference . . . This is the identical packet on each of the interfaces which is going out to the ITSP. You can see in the second capture (External on Endian) how the (c) has changed. I am completely lost . . It is my understanding there is no SIP Helper/Proxy in this release and I'm not a linux expert, but this seems to be the case best I can tell. I can think of no other reason why the Endian would change this, or why it would change to this bogus IP even if there was a proxy? Internal Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 69.61.101.90 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 69.61.xx.xx Session Name (s): 3cxPS Audio call Connection Information (c): IN IP4 69.61.xx.xx Connection Network Type: IN Connection Address Type: IP4 Connection Address: 69.61.xx.xx External Endian Interface Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 134.2.0.0 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 134.2.0.0 Session Name (s): 3cxPS Audio call Connection Information (c): IN IP4 134.2.0.0 Connection Network Type: IN Connection Address Type: IP4 Connection Address: 134.2.0.0 Sincerely, Scott Howell Mobile : 404-735-5273 On Thu, May 30, 2013 at 12:41 AM, Matt Hayes domin...@slackadelic.comwrote: Just a question, but do you have port 5060 port forwarding or a 1-to-1 NAT or anything? On Wed, May 29, 2013 at 4:23 PM, Scott Howell scott.howel...@gmail.comwrote: I can't think of any reason this is happening but it is. I have a 3CX IP-PBX behind Community 2.5.1. I ran a Wireshark on my PBX and at the same time did a tcpdump within the Endian at the same time. When looking at the two captures side by side the Endian is modifying the (c) Connection information during Session Description. On the PBX I see it going out as my WAN IP, but the same packet in the Endian has a bogus IP of 134.2.0.0 in this part of the Message Body. What the heck is going on?? Any help is greatly appreciated. Sincerely, Scott -- Introducing AppDynamics Lite, a free
Re: [Efw-user] Endian Modifying Packet!
I completely agree. I love the product, just wish the community edition had more attention. In the past few years the support in the community has just gone way down hill. It used to be quite active. On Thu, May 30, 2013 at 11:54 AM, Scott Howell scott.howel...@gmail.comwrote: Thank a lot Matt for the info. At least this gives me something else to look into before I yank the Endian. I will begin some research now and see if this is where the problem lies. As far as this mailing list and the forums you are correct it it garbage. I don't really understand why though. I have tried just about every open source UTM on the market and all their communities are vibrant. The Endian stacks up well against all of them yet the community is non-existent. It's a shame for such a well polished product in so many ways. Sincerely, Scott Howell Mobile : 404-735-5273 On Thu, May 30, 2013 at 9:57 AM, Matt Hayes domin...@slackadelic.comwrote: This cuts off, but I just ssh'd into my Endian and did lsmod | grep sip and here's my results: nf_nat_sip 3710 0 nf_conntrack_sip 10485 1 nf_nat_sip nf_nat 10267 9 iptable_nat,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_tftp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda nf_conntrack 38475 23 xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_conntrack_netbios_ns,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_sip,nf_nat_pptp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_nat_tftp,nf_conntrack_tftp,nf_nat_irc,nf_conntrack_irc,nf_nat_h323,nf_conntrack_h323,nf_nat_ftp,nf_conntrack_ftp,nf_nat_amanda,nf_nat,nf_conntrack_amanda,nf_conntrack_ipv4 The reason that the sip proxy was removed is that now there's a sip conntrack module in iptables. Unfortunately, I have yet to setup a true IP PBX behind Endian. I know others have, however, as you can tell, this mailing list and any other support medium for the community edition of Endian is shit anymore. -Matt On Thu, May 30, 2013 at 8:46 AM, Scott Howell scott.howel...@gmail.comwrote: Absolutely, pretty much everything works except for one type of call. Either way, it is somewhat irrelevant. In this scenario I did the two capture simultaneously at eth1 (WAN) in the Endian and on the IP-PBX. I compared the two captures side by side and here is the difference . . . This is the identical packet on each of the interfaces which is going out to the ITSP. You can see in the second capture (External on Endian) how the (c) has changed. I am completely lost . . It is my understanding there is no SIP Helper/Proxy in this release and I'm not a linux expert, but this seems to be the case best I can tell. I can think of no other reason why the Endian would change this, or why it would change to this bogus IP even if there was a proxy? Internal Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 69.61.101.90 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 69.61.xx.xx Session Name (s): 3cxPS Audio call Connection Information (c): IN IP4 69.61.xx.xx Connection Network Type: IN Connection Address Type: IP4 Connection Address: 69.61.xx.xx External Endian Interface Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 134.2.0.0 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 134.2.0.0 Session Name (s): 3cxPS Audio call Connection Information (c): IN IP4 134.2.0.0 Connection Network Type: IN Connection Address Type: IP4 Connection Address: 134.2.0.0 Sincerely, Scott Howell Mobile : 404-735-5273 On Thu, May 30, 2013 at 12:41 AM, Matt Hayes domin...@slackadelic.comwrote: Just a question, but do you have port 5060 port forwarding or a 1-to-1 NAT or anything? On Wed, May 29, 2013 at 4:23 PM, Scott Howell scott.howel...@gmail.com wrote: I can't think of any reason this is happening but it is. I have a 3CX IP-PBX behind Community 2.5.1. I ran a Wireshark on my PBX and at the same time did a tcpdump within the Endian at the same time. When looking at the two captures side by side the Endian is modifying the (c) Connection information during Session Description. On the PBX I see it going out as my WAN IP,
Re: [Efw-user] Endian Modifying Packet!
You are most welcome. On Thu, May 30, 2013 at 1:56 PM, Scott Howell scott.howel...@gmail.comwrote: BTW, thanks for the info. I researched this a bit and think it may be my culprit. I am going to manually unload the nf_conntrack_sip and nf_nat_sip modules tonight and reboot to see if this fixes the issue but I suspect it will. I'll update this thread if it does. Concerning the product there is always a tradeoff with features. I am a big supporter of pfSense and still am, but there are a handful of features on Endian that just work and are so much easier to configure. I have had some strange behavior with the IPSEC VPN however on a this rollout of 9 locations that I may start a new thread on it's just low on my list right now. Sincerely, Scott Howell Mobile : 404-735-5273 On Thu, May 30, 2013 at 12:52 PM, Matt Hayes domin...@slackadelic.comwrote: I completely agree. I love the product, just wish the community edition had more attention. In the past few years the support in the community has just gone way down hill. It used to be quite active. On Thu, May 30, 2013 at 11:54 AM, Scott Howell scott.howel...@gmail.comwrote: Thank a lot Matt for the info. At least this gives me something else to look into before I yank the Endian. I will begin some research now and see if this is where the problem lies. As far as this mailing list and the forums you are correct it it garbage. I don't really understand why though. I have tried just about every open source UTM on the market and all their communities are vibrant. The Endian stacks up well against all of them yet the community is non-existent. It's a shame for such a well polished product in so many ways. Sincerely, Scott Howell Mobile : 404-735-5273 On Thu, May 30, 2013 at 9:57 AM, Matt Hayes domin...@slackadelic.comwrote: This cuts off, but I just ssh'd into my Endian and did lsmod | grep sip and here's my results: nf_nat_sip 3710 0 nf_conntrack_sip 10485 1 nf_nat_sip nf_nat 10267 9 iptable_nat,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_tftp,nf_nat_irc,nf_nat_h323,nf_nat_ftp,nf_nat_amanda nf_conntrack 38475 23 xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_conntrack_netbios_ns,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_sip,nf_nat_pptp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_nat_tftp,nf_conntrack_tftp,nf_nat_irc,nf_conntrack_irc,nf_nat_h323,nf_conntrack_h323,nf_nat_ftp,nf_conntrack_ftp,nf_nat_amanda,nf_nat,nf_conntrack_amanda,nf_conntrack_ipv4 The reason that the sip proxy was removed is that now there's a sip conntrack module in iptables. Unfortunately, I have yet to setup a true IP PBX behind Endian. I know others have, however, as you can tell, this mailing list and any other support medium for the community edition of Endian is shit anymore. -Matt On Thu, May 30, 2013 at 8:46 AM, Scott Howell scott.howel...@gmail.com wrote: Absolutely, pretty much everything works except for one type of call. Either way, it is somewhat irrelevant. In this scenario I did the two capture simultaneously at eth1 (WAN) in the Endian and on the IP-PBX. I compared the two captures side by side and here is the difference . . . This is the identical packet on each of the interfaces which is going out to the ITSP. You can see in the second capture (External on Endian) how the (c) has changed. I am completely lost . . It is my understanding there is no SIP Helper/Proxy in this release and I'm not a linux expert, but this seems to be the case best I can tell. I can think of no other reason why the Endian would change this, or why it would change to this bogus IP even if there was a proxy? Internal Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 69.61.101.90 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 69.61.xx.xx Session Name (s): 3cxPS Audio call Connection Information (c): IN IP4 69.61.xx.xx Connection Network Type: IN Connection Address Type: IP4 Connection Address: 69.61.xx.xx External Endian Interface Code: Message Body Session Description Protocol Session Description Protocol Version (v): 0 Owner/Creator, Session Id (o): 3cxPS 275414777856 414900551682 IN IP4 134.2.0.0 Owner Username: 3cxPS Session ID: 275414777856 Session Version: 414900551682 Owner Network Type: IN Owner Address Type: IP4 Owner Address: 134.2.0.0 Session Name (s): 3cxPS
