On Mon, 2009-08-03 at 13:29 -0400, Ketema Harris wrote: > I recently did a set up where I replaced a simple D-link home router > that was having trouble processing a T1's worth of bandwidth with a > linux machine running iptables. the kernel was 2.6.29-r5 and I chose > the SIP connection tracking modules from the menuconfig. > > Router worked fine for normal traffic, but I was unable to get the SIP > phones to work. Using ngrep it was plain to see that the although the > packets going out were reaching their destination the data inside the > sip headers all contained non routable IPs. I used lsmod and saw that > the following modules: > > nf_nat_sip 5084 0 > nf_nat 16400 3 nf_nat_sip,ipt_MASQUERADE,iptable_nat > nf_conntrack_ipv4 11912 3 iptable_nat,nf_nat > nf_defrag_ipv4 1788 1 nf_conntrack_ipv4 > > were loaded. I also googled and found the http://www.iptel.org/ > sipalg/ website, but since this seemed to be a little dated I assumed > the modules contained in the kernel source tree were newer and more > "reliable" > > my questions are: What is the correct way(or resource to find a way) > to get a linux firewall to work with SIP so that the NAT issue is not > an issue ? <snip> Not an area of great expertise for me. I would think nf_nat_sip would take care of it but I'm surprised to not see conntrack_sip.
Here is what is running on our firewall (not that we do a lot with NAT'd sip but the little we've done seems to work): [r...@fw01 ~]# lsmod | grep sip ip_nat_sip 37313 0 ip_conntrack_sip 41745 1 ip_nat_sip ip_nat 52845 5 ip_nat_h323,ip_nat_irc,ip_nat_ftp,ip_nat_sip,iptable_nat ip_conntrack 91237 13 ip_nat_h323,ip_nat_irc,ip_nat_ftp,ip_nat_sip,ip_conntrack_tftp,ip_conntrack_irc,ip_conntrack_h323,ip_conntrack_ftp,ip_conntrack_sip,ip_conntrack_netbios_ns,xt_state,iptable_nat,ip_nat -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users