lpa du morvan wrote: > Hi > > I have zone1(eth1) with asterisk and zone2(eth2) with a client softphone > > 1/ Without activating ip_conntrack_sip, I have the rules > > ACCEPT zone2 zone1 TCP 5060 > ACCEPT zone2 zone1 UDP 5060 > ACCEPT zone2 zone1 UDP 10000:20000 (without this rule no audio!) > > all work fine, shorewall is silencer
Shorewall is *always* silent once "shorewall start" completes -- see below. > > b/ Now, I have loading ip_nat_sip and ip_conntrack_sip in > /usr/share/shorewall/modules, I have the rules > > ACCEPT zone2 zone1 TCP 5060 > ACCEPT zone2 zone1 UDP 5060 > (I have deleting the rule ACCEPT zone2 zone1 UDP 10000:20000) > > all work fine but shorewall say: > > zone22all:REJECT:IN=eth2 OUT=eth1 SRC=ip_client DST=ip_asterisk PROTO=UDP > SPT=ramdom DPT=between 10000 and 20000 > > shorewall can't detect that ip_conntrack/nat_sip is functionnal !!!!!! It is not Shorewall that is generating those messages -- it is Netfilter running in your kernel. There is no Shorewall code running at all once "shorewall start" completes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
