[Shorewall-users] shorewall sip/iax masquerading

Mon, 31 Mar 2008 03:19:25 -0700 

Hello,
i used shorewall(backport from debian etch) on debian sarge. I now have
upgraded debian sarge to debian etch. Since this upgrade, the
masquerading is not working correctly. Behind 2 interfaces there are
asterisk-server. The asterisk-server are now not able to connect to
their provider. When i sniff(tcpdump -ni <inetif> host <internalip> or
host <anotherinternalip>)  on the internet-interface on the firewall i
could see, that the masquerading for those connection is not working. I
see the internal ips of the asterisk-server going to the provider on the
external interface of the firewall. It seems that only IAX, SIP and NTP
does not work.

In my /etc/shorewall/shorewall.conf there is IP_FORWARDING=On

my /etc/shorewall/masq:
$INETIF                 $LANIF          $MASQIP
$INETIF                 $WLANIF         $MASQIP
$INETIF                 $TECHIF         $MASQIP
$INETIF                 $XKEYIF         $XKEYIP

shorewall show nat(not dnat):
Shorewall-3.2.6 NAT Table at lingate.may.co.at - Mon Mar 31 11:51:15
CEST 2008

Counters reset Mon Mar 31 11:04:55 CEST 2008

Chain PREROUTING (policy ACCEPT 48754 packets, 3263K bytes)
 pkts bytes target     prot opt in     out     source
destination
20233 1277K inet_dnat  0    --  eth2   *       0.0.0.0/0
0.0.0.0/0           policy match dir in pol none

Chain POSTROUTING (policy ACCEPT 27799 packets, 1975K bytes)
 pkts bytes target     prot opt in     out     source
destination
25353 1830K eth2_masq  0    --  *      eth2    0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 4570 packets, 302K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain eth2_masq (1 references)
 pkts bytes target     prot opt in     out     source
destination
 7036  475K SNAT       0    --  *      *       172.30.48.0/22
0.0.0.0/0           policy match dir out pol none to:212.41.224.130
  223 11765 SNAT       0    --  *      *       172.30.47.0/24
0.0.0.0/0           policy match dir out pol none to:212.41.224.130
    0     0 SNAT       0    --  *      *       192.168.4.0/24
0.0.0.0/0           policy match dir out pol none to:212.41.224.130
  579 29951 SNAT       0    --  *      *       192.168.5.0/24
0.0.0.0/0           policy match dir out pol none to:212.41.224.193


I hope somebody could help me. I am very happy with shorewall and before
this upgrade it was working great.

Greets
Wolfgang

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to