Hi I have zone1(eth1) with asterisk and zone2(eth2) with a client softphone
1/ Without activating ip_conntrack_sip, I have the rules ACCEPT zone2 zone1 TCP 5060 ACCEPT zone2 zone1 UDP 5060 ACCEPT zone2 zone1 UDP 10000:20000 (without this rule no audio!) all work fine, shorewall is silencer b/ Now, I have loading ip_nat_sip and ip_conntrack_sip in /usr/share/shorewall/modules, I have the rules ACCEPT zone2 zone1 TCP 5060 ACCEPT zone2 zone1 UDP 5060 (I have deleting the rule ACCEPT zone2 zone1 UDP 10000:20000) all work fine but shorewall say: zone22all:REJECT:IN=eth2 OUT=eth1 SRC=ip_client DST=ip_asterisk PROTO=UDP SPT=ramdom DPT=between 10000 and 20000 shorewall can't detect that ip_conntrack/nat_sip is functionnal !!!!!! but that does not prevent correct operation !!! only the log filled !!!! same remark with ip_conntrack/nat_h323, it's very functionnal but shorewall is very talkative with rejection line......and always the log fills unnecessarily !!!! VUILLET Damien ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
