2007/10/3, Simon Hobson <[EMAIL PROTECTED]>:
>
> Michel Di Croci wrote:
>
> >So the issue is:
> >
> >I'm using a SIP client to connect to a SIP server to allow me
> >working with my phone # when I work from home.
> >
> >I don't know what the shorewall box is doing but I know that before
> >I was using the shorewall box, I was using a small dlink router
> >which allow me without difficultties to access my corporate network
>
> Just a thought, do you have the SIP helper module installed ? IIRC,
> later kernels have a SIP module which I think will probably mangle
> SIP packets. If your SIP client is doing something like STUN then
> having the packets mangled by the gateway will break it.
>
> I've not done SIP through such a system, by I do know that SIP works
> very nicely through a Linux based router without a SIP helper module
> loaded. IIRC it does full cone NAT and doesn't mangle port numbers if
> avoidable - hence STUN works very well with it.
>
>
> I normally diagnose this problem by looking at the incoming SIP
> packets at the PBX (with Wireshark). The usual symptom of this, and
> also horrible routers like Zyxels that do symmetric NAT, is that the
> source port in the SIP message doesn't match the source port of the
> packet. The giveaway in the first place is that you see register
> packets from the device, your PBX responds, then you see the same
> register packet after another 20s (or whatever the client is set to)
> - the client keeps trying to register, but the replies don't make it
> back.
>
> Stabbing wildly around in the dark, if this is the case then try one
> of the following :
>
> 1) disable the SIP helper module
> 2) disable STUN (or whatever discovery protocol it uses) on the
> client - that would make it use the 'wrong' internal address which
> will get 'fixed' by the SIP helper.
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
I updated the Nortel VPN client to the version 6.2 (I was on 6.1) and
everything is working fine right now. So you were right, the issue was not
in shorewall and I really doubt it was there :)
Michel
Thanks and have a nice day
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
