Le jeudi 01 février 2007 à 09:13 -0200, Gustavo Maciel Dias Vieira a écrit : > Hi all, > > First of all, thank you for the nice work bringing Ekiga to the world. > It's one of the best softphones out there, and it's free! >
Thanks and sorry for the delay, your email was held in the queue. > I've run into a problem trying to set up Ekiga and luckily was able to > fix it. As I didn't find a (specific) mention of it in the FAQ and it > seems to me to be fairly common, I'm sending it to you in hope of > helping someone else. Maybe it should go to the FAQ? > > Here is the problem: I've got a simple setup, Linux (Fedora 6), no NAT, > a direct connection to the net, but I've got a strict firewall > (iptables, stateful). Concerning UDP, only ESTABLISHED,RELATED packets > are allowed in, all packets are allowed out. Pretty simple, pretty > common, I suppose. The problem is, with this setup Ekiga (as configured > by the wizard, with STUN) only receives calls just after connecting to > ekiga.net (or any other SIP provider). I can make calls, but if I let > Ekiga running after some time I can't receive any calls. > > Here is the cause: Ekiga (probably following SIP) registers with a > service using UDP and the service (probably following SIP) expects to > find Ekiga at the port it sent the registration (I guess :)). Well, in > Linux with IP iptables, this port is only accessible for 180 seconds > after the registration. After this time, the firewall will block the > packets coming from the SIP service, as it considers the "session" to be > over. > > Here is the solution: There are two ways of coping with that. If you can > control your host (root), you can set the UDP iptables timeout to one > hour: > # echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream > The FAQ hints at this buried in the script of section 6.2, but it points > to the wrong variable ip_conntrack_udp_timeout instead of > ip_conntrack_udp_timeout_stream. See > http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN730 for > more details. You can use the sysctl utility to set kernel variables > more easily. If you don't have control of your host, you can configure > each account to refresh the registration every 180 seconds. > > That's it. Hope I've got it right and that it is useful. :) What is the difference between udp_timeout and udp_timeout_stream ? Also, do you know that Ekiga is supposed to send a packet every 30 seconds to the SIP host in order to refresh the binding ? Is it possible for you to sniff the trafic and see why it does not happen ? Thanks ! -- _ Damien Sandras (o- //\ Ekiga Softphone : http://www.ekiga.org/ v_/_ NOVACOM : http://www.novacom.be/ FOSDEM : http://www.fosdem.org/ SIP Phone : sip:[EMAIL PROTECTED] _______________________________________________ ekiga-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/ekiga-list
