On Tue, Oct 30, 2007 at 04:45:41PM -0600, Kenneth Burgener wrote: > Hello, > > Let me first start by saying Shorewall is awesome, and I use it > everywhere from single box firewall, to home network firewall, even to > our corporate firewall. > Welcome to the world of Shorewall :-)
> I am experiencing a problem getting my home firewall to work with my > BroadVoice VoIP connection. I use the Sipura SPA-2100 ATA (Analog > Telephone Adapter) that came with my BroadVoice account. This happened > when I tried to replace my Linksys WRT54G Wireless-G Broadband Router > with a Linux Shorewall Firewall. > > My initial setup was this: > > Internet <-> Comcast Modem <-> *Linksys Router* <-> Sipra ATA > > I want to swap the Linksys Router with a Linux Shorewall Firewall like this: > > Internet <-> Comcast Modem <-> *Linux Shorewall* <-> Switch <-> Sipra ATA > > I used the most basic Shorewall configuration, and my internal PCs can > access outbound, and the DNATed traffic (HTTP) can find its way in fine. > OK. That is good. > The symptoms I am experiencing are: > 1. I can make a call inbound or outbound to my cell phone, and either > phone rings. > 2. If I dial out from my home phone to my cell phone I can hear audio > from my cell phone on the home phone speaker, but not the other way. > 3. If I dial in from my cell phone, I cannot hear audio from either > direction. > > I watched /var/log/messages, and occasionally I would see a packet > dropped similar to this: > > Oct 27 11:20:56 fw kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= > MAC=00:a0:c9:1a:fa:5c:00:01:5c:24:29:c2:08:00 SRC=24.64.26.203 > DST=67.164.192.73 LEN=512 TOS=0x00 PREC=0x20 TTL=66 ID=56131 PROTO=UDP > SPT=24850 DPT=1028 LEN=492 > > Oct 27 11:22:49 fw kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= > MAC=00:a0:c9:1a:fa:5c:00:01:5c:24:29:c2:08:00 SRC=24.64.52.70 > DST=67.164.192.73 LEN=512 TOS=0x00 PREC=0x20 TTL=64 ID=61945 PROTO=UDP > SPT=24105 DPT=1026 LEN=492 > I doubt that these packets are related. That is, unless your call is going to/from someone in China: $ host 24.64.52.70 70.52.64.24.in-addr.arpa domain name pointer S0106000f3d65d525.cn.shawcable.net. > But I am not even sure these are related, as these dropped packets don't > seem to appear exactly when I think they should. They seem to appear in > a regular interval, as maybe some sort of SIP ping? > > Any ideas what might be causing this? Why would it "magically" work > with the Linksys Router (I did not specify any port forwarding or port > triggering to get the Sipra to work). > > Hmm. > > /zones > fw firewall > net ipv4 > lan ipv4 > > /interfaces > net eth0 detect routefilter,norfc1918,tcpflags > lan eth1 detect tcpflags > > /masq > eth0 eth1 > > /policy > # Yes I know these are accepting too much, but I am trying anything to > get this to work > lan net ACCEPT > lan $FW ACCEPT > $FW lan ACCEPT > $FW net ACCEPT > net all DROP info > all all REJECT info > > /rules > ACCEPT net $FW tcp ssh > # > # Web traffic > DNAT net lan:10.10.10.3 tcp 80 > # > # DESPERATE ATTEMPT #1 - DID NOT WORK > # Allow IAX2, SIP and RTP To Firewall > #DNAT net lan:10.10.10.225 udp > 4569,5060,10000:20000 > # > # MORE DESPERATE ATTEMPT #2 - DID NOT WORK > # FORWARD *ALL* TRAFFIC > #DNAT net lan:10.10.10.225 udp 0:65535 > #DNAT net lan:10.10.10.225 tcp 0:65535 > Start here: http://www.shorewall.net/troubleshoot.htm If you still have problems: http://www.shorewall.net/support.htm Be sure and include a 'shorewall dump' in your next message. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
