Hi,
I am using Shorewall (4.0.12 shell) on a CentOS box which is mainly running
Asterisk (SIP server).
The box is also used as a gateway to internet using pppoe through one of its
ethernet interfaces.
PPPoE is run on eth1 and ppp0 interface is the wan interface.
The lan interface is br0 which also acts as a bridge for both eth2 and ath0
interfaces. Ath0 is used for wlan clients.
So mainly the shorewall acts as a firewall and NAT feature between br0 and
ppp0 interfaces.
I have SIP clients on the br0 interface (physically connected to eth2) which
register to the SIP server on the box.
Recently I noticed a problem with these SIP clients:
They send register messages to the SIP server every 600 seconds.
When the box is fresh (new rebooted) they successfully register every 600
seconds.
After some time, I see that the SIP packets are received on br0 but not
delivered to the application layer.
I understand that from the SIP debugs on Asterisk.
In this state, if I clear the connection tracking table with "conntrack -F"
, the SIP packets get delivered to the application.
Well, it seems like a problem with connection tracking table, but I am not
an expert.
How can I solve this issue ?
I am attaching the dump from shorewall to this message. Also, below you can
find "ip addr show" output from the box:
[trixbox1.localdomain ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0d:b9:12:cf:90 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth1
inet6 fe80::20d:b9ff:fe12:cf90/64 scope link
valid_lft forever preferred_lft forever
3: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0d:b9:12:cf:91 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20d:b9ff:fe12:cf91/64 scope link
valid_lft forever preferred_lft forever
4: wifi0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
199
link/ieee802.11 00:80:48:4f:21:8d brd ff:ff:ff:ff:ff:ff
5: ath0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2290 qdisc noqueue
link/ether 00:80:48:4f:21:8d brd ff:ff:ff:ff:ff:ff
inet6 fe80::280:48ff:fe4f:218d/64 scope link
valid_lft forever preferred_lft forever
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb
link/ether 00:0d:b9:12:cf:91 brd ff:ff:ff:ff:ff:ff
inet 192.168.254.254/24 brd 192.168.254.255 scope global br0
inet6 fe80::20d:b9ff:fe12:cf91/64 scope link
valid_lft forever preferred_lft forever
13: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
15: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc htb qlen
3
link/ppp
inet 195.87.156.15 peer 192.168.20.1/32 scope global ppp0
[trixbox1.localdomain ~]#
Thanks.
status.txt.gz
Description: GNU Zip compressed data
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
