Aaron O'Hara wrote:
Tim,
Aside from the firewall logs in /var/log/messages, what tools did u find
most helpful for seeing SIP/RTP traffic?
What are some of the key things to look for to see if there's a problem?
Oh, I generally use tcpdump to grab the packets and save them to a file,
then load them with ethereal at a workstation to analzye them.
You can also use ngrep to watch sip traffic.
Some things to watch for:
- make sure all SIP traffic on the outside interface of each firewall
advertises its external IP to the other side
- make sure that the host and port in the SDP payload of the SIP packet
looks sane (port within redirection range, host is external IP)
For example, here is a SIP problem I just troubleshot:
I have a friend with a d-link router and a sipura 2000 behind it,
connecting to free world dialup. I have an * server behind a NAT and
*thought* everything was working ( I have a few SIP connections that all
seem to work).
When he called me, everything was fine
When I called him, we had one way audio.
one way audio + NAT's on both sides = 99% Probability it is NAT related
I started by watching the traffic arrive on my external interface (using
ngrep) . I made sure the INVITE from him (actually from free world
dialup) looked sane (contained his external IP address in the SDP
payload, and the port was withing the range programmed into his sipura
2000 - so it would be forwarded properly by his redirection rules on the
d-link).
Then I watched my response, and make sure again that the SDP payload in
my response was advertising my IP address and a port within the range
secified in my rtp.conf.
Everything seemed ok. Just to make sure, I grabbed a bunch of packets
with tcpdump and loaded them up in ethereal. Everything looked like it
should work.
So next, I watched my firewall log in realtime (the drop log) to see if
I was dropping anything inadvertently on the firewall. Nothing. I open
two sessions into the firewall, and watch all communication to either
fwd or my friend (in just a one line summary per packet) on both the
Internal and External interface. This shows a different picture. I can
follow the SIP conversation coming from FWD and my response. It is when
we begin trying to talk (using RTP) that I see that his RTP packets are
in fact coming to me, but I don't see them cross the firewall (I see
them on the outside, and not on the inside). I know that my firewall is
not dropping them, so it must be something else.
I enabled debugging on my firewall (pfctl -x loud) and watched my system
log. Sure enough, I am getting a state error on every inbound RTP packet
from him. I have had this problem before, and it has to do with pf using
the state table to handle redirects. I had established a state already
for some reason (probably a keep-state rule somewhere) that is clashing
with the inbound rdr.
I just found the problem, I havn't fixed it yet, but at least I know
where it is. Interestingly it wasn't really a NAT problem, but more how
I've decided to implement my firewall.
Sorry if this is long and maybe obvious to you, but this is basically
the process that I follow whenever I have SIP or NAT problems.
Tim
_______________________________________________
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
