Gabriel Gunderson wrote: > In general, I agree with this. But whatever you use, make sure iptables > has a debugging mode where everything is logged before dropped. It's > likely you will be able to look at your logs, see what is being dropped, > and make changes to fix it. > > Good luck. > > Gabe
I have dropped packets being logged, and I can see the source/destination IP and port of an occasional packet being lost. I am not sure the packets I am seeing a from the direct phone call or some sort of "ping" VoIP traffic. When I put in the rules where it would forward ALL TCP/UDP traffic to the Sipra box, these logs would no longer appear, but the phone calls were still broken. The weekend is over and my wife wishes to have a working phone, so I switched back to the Linksys router, and the phone began to work like magic again. I am still determined to get the Linux firewall working, as I can do so much more with the Linux firewall. The only two thoughts I have as to what could be the problem are: 1. The Linksys does some sort of "special" NAT. The shorewall configuration has both options for "NAT" and "masquerading", and I am using the "masquerading" option. I assume this is just a 1 to many NAT, where the "NAT" option is a 1 to 1 translation of NAT. I assume since I only have one IP address, that the Linksys would be doing the "masquerading" NAT that I have shorewall configured for. 2. Connection tracking. I know with FTP you had to have a special connection tracking module, which is why I brought up that I had the sip-tracking module loaded. I am wondering if it is not working right, but I am not sure there are any configuration options, or even if I have iptables/shorewall setup correctly to indicate this is SIP traffic. Thoughts? Thanks, Kenneth /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
