Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP? (FIXED!)

Problem fixed, see below... Brian Camp wrote: On Oct 31, 2007, at 3:27 PM, Tom Eastep wrote: On the flip side, note that we've seen cases where loading ip_conntrack_sip has actually _broken_ working SIP installations. That reminds me.. To work around the ip_nat_sip problem, I first

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP? (FIXED!)

Indeed, It should be posted somewhere in big and in bold: if you're using a SIP device within your private network, and you have its NAT capabilities turned-on, make sure to disable the SIP-NAT capabilities on the firewall. It's a common problem with a lot of firewall products out there that do

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

Brian Camp wrote: On Oct 31, 2007, at 3:27 PM, Tom Eastep wrote: On the flip side, note that we've seen cases where loading ip_conntrack_sip has actually _broken_ working SIP installations. That reminds me.. To work around the ip_nat_sip problem, I first appended 'rmmod ip_nat sip

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

Kenneth Burgener wrote: This is a SIP device, and you probably have the SIP NAT problem - the problem being that SIP is a stupid protocol. rantOn a matter of personal opinion, it's not the SIP that's stupid, it works 'just fine' on an unbroken network ! Where NAT is involved, the network

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

On Tue, Oct 30, 2007 at 10:03:46PM -0600, Kenneth Burgener wrote: Andrew Suffield wrote: On Tue, Oct 30, 2007 at 04:45:41PM -0600, Kenneth Burgener wrote: I use the Sipura SPA-2100 ATA (Analog Telephone Adapter) that came with my BroadVoice account. This is a SIP device, and you

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

On Wed, Oct 31, 2007 at 07:55:28AM +0100, Simon Hobson wrote: This is a SIP device, and you probably have the SIP NAT problem - the problem being that SIP is a stupid protocol. rantOn a matter of personal opinion, it's not the SIP that's stupid, it works 'just fine' on an unbroken

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

Andrew Suffield wrote: I subscribe only to the NAT is awkward school, not the NAT is evil one, but SIP's a pretty stupid protocol even without NAT. There's just no good excuse for the way it scatters traffic through unrelated ports - it would have worked just as well if it had used only one

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kenneth Burgener wrote: Andrew Suffield wrote: On Tue, Oct 30, 2007 at 04:45:41PM -0600, Kenneth Burgener wrote: I use the Sipura SPA-2100 ATA (Analog Telephone Adapter) that came with my BroadVoice account. This is a SIP device, and you probably

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

Tom Eastep wrote: On the flip side, note that we've seen cases where loading ip_conntrack_sip has actually _broken_ working SIP installations. -Tom How do I no load ip_conntrack_sip? I didn't manually load it in the first place. I assume it is either built into the OS to auto load, or

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

Kenneth Burgener wrote: Tom Eastep wrote: On the flip side, note that we've seen cases where loading ip_conntrack_sip has actually _broken_ working SIP installations. -Tom How do I no load ip_conntrack_sip? I didn't manually load it in the first place. I assume it is either built

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

On Oct 31, 2007, at 3:27 PM, Tom Eastep wrote: On the flip side, note that we've seen cases where loading ip_conntrack_sip has actually _broken_ working SIP installations. That reminds me.. To work around the ip_nat_sip problem, I first appended 'rmmod ip_nat sip /dev/null' to our start

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

Brian Camp wrote: I understand that shorewall check should not run the start file, but is it necessary that it loads the modules file? It seems that something like shorewall check should produce no side effects. The 'check' command validates the configuration against the capabilities

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

On Tue, Oct 30, 2007 at 04:45:41PM -0600, Kenneth Burgener wrote: Hello, Let me first start by saying Shorewall is awesome, and I use it everywhere from single box firewall, to home network firewall, even to our corporate firewall. Welcome to the world of Shorewall :-) I am experiencing

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

Kenneth Burgener wrote: I am experiencing a problem getting my home firewall to work with my BroadVoice VoIP connection. I use the Sipura SPA-2100 ATA (Analog Telephone Adapter) that came with my BroadVoice account. This happened when I tried to replace my Linksys WRT54G Wireless-G Broadband

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

On Tue, Oct 30, 2007 at 04:45:41PM -0600, Kenneth Burgener wrote: I use the Sipura SPA-2100 ATA (Analog Telephone Adapter) that came with my BroadVoice account. This is a SIP device, and you probably have the SIP NAT problem - the problem being that SIP is a stupid protocol. Adding the

Re: [Shorewall-users] How do I configure shorewall to work with VoIP SIP?

Andrew Suffield wrote: On Tue, Oct 30, 2007 at 04:45:41PM -0600, Kenneth Burgener wrote: I use the Sipura SPA-2100 ATA (Analog Telephone Adapter) that came with my BroadVoice account. This is a SIP device, and you probably have the SIP NAT problem - the problem being that SIP is a stupid