Michel Di Croci wrote: >So the issue is: > >I'm using a SIP client to connect to a SIP server to allow me >working with my phone # when I work from home. > >I don't know what the shorewall box is doing but I know that before >I was using the shorewall box, I was using a small dlink router >which allow me without difficultties to access my corporate network
Just a thought, do you have the SIP helper module installed ? IIRC, later kernels have a SIP module which I think will probably mangle SIP packets. If your SIP client is doing something like STUN then having the packets mangled by the gateway will break it. I've not done SIP through such a system, by I do know that SIP works very nicely through a Linux based router without a SIP helper module loaded. IIRC it does full cone NAT and doesn't mangle port numbers if avoidable - hence STUN works very well with it. I normally diagnose this problem by looking at the incoming SIP packets at the PBX (with Wireshark). The usual symptom of this, and also horrible routers like Zyxels that do symmetric NAT, is that the source port in the SIP message doesn't match the source port of the packet. The giveaway in the first place is that you see register packets from the device, your PBX responds, then you see the same register packet after another 20s (or whatever the client is set to) - the client keeps trying to register, but the replies don't make it back. Stabbing wildly around in the dark, if this is the case then try one of the following : 1) disable the SIP helper module 2) disable STUN (or whatever discovery protocol it uses) on the client - that would make it use the 'wrong' internal address which will get 'fixed' by the SIP helper. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
