Hello, Let me first start by saying Shorewall is awesome, and I use it everywhere from single box firewall, to home network firewall, even to our corporate firewall.
I am experiencing a problem getting my home firewall to work with my BroadVoice VoIP connection. I use the Sipura SPA-2100 ATA (Analog Telephone Adapter) that came with my BroadVoice account. This happened when I tried to replace my Linksys WRT54G Wireless-G Broadband Router with a Linux Shorewall Firewall. My initial setup was this: Internet <-> Comcast Modem <-> *Linksys Router* <-> Sipra ATA I want to swap the Linksys Router with a Linux Shorewall Firewall like this: Internet <-> Comcast Modem <-> *Linux Shorewall* <-> Switch <-> Sipra ATA I used the most basic Shorewall configuration, and my internal PCs can access outbound, and the DNATed traffic (HTTP) can find its way in fine. The symptoms I am experiencing are: 1. I can make a call inbound or outbound to my cell phone, and either phone rings. 2. If I dial out from my home phone to my cell phone I can hear audio from my cell phone on the home phone speaker, but not the other way. 3. If I dial in from my cell phone, I cannot hear audio from either direction. I watched /var/log/messages, and occasionally I would see a packet dropped similar to this: Oct 27 11:20:56 fw kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:a0:c9:1a:fa:5c:00:01:5c:24:29:c2:08:00 SRC=24.64.26.203 DST=67.164.192.73 LEN=512 TOS=0x00 PREC=0x20 TTL=66 ID=56131 PROTO=UDP SPT=24850 DPT=1028 LEN=492 Oct 27 11:22:49 fw kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:a0:c9:1a:fa:5c:00:01:5c:24:29:c2:08:00 SRC=24.64.52.70 DST=67.164.192.73 LEN=512 TOS=0x00 PREC=0x20 TTL=64 ID=61945 PROTO=UDP SPT=24105 DPT=1026 LEN=492 But I am not even sure these are related, as these dropped packets don't seem to appear exactly when I think they should. They seem to appear in a regular interval, as maybe some sort of SIP ping? Any ideas what might be causing this? Why would it "magically" work with the Linksys Router (I did not specify any port forwarding or port triggering to get the Sipra to work). Configuration files are below... Thank you in advance, Kenneth Burgener /zones fw firewall net ipv4 lan ipv4 /interfaces net eth0 detect routefilter,norfc1918,tcpflags lan eth1 detect tcpflags /masq eth0 eth1 /policy # Yes I know these are accepting too much, but I am trying anything to get this to work lan net ACCEPT lan $FW ACCEPT $FW lan ACCEPT $FW net ACCEPT net all DROP info all all REJECT info /rules ACCEPT net $FW tcp ssh # # Web traffic DNAT net lan:10.10.10.3 tcp 80 # # DESPERATE ATTEMPT #1 - DID NOT WORK # Allow IAX2, SIP and RTP To Firewall #DNAT net lan:10.10.10.225 udp 4569,5060,10000:20000 # # MORE DESPERATE ATTEMPT #2 - DID NOT WORK # FORWARD *ALL* TRAFFIC #DNAT net lan:10.10.10.225 udp 0:65535 #DNAT net lan:10.10.10.225 tcp 0:65535 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
