On 9/23/09 6:09 AM, "Sven Richter" <[email protected]> wrote:
> Hi List, > > After having solved my logging problem i am still struggling with our > voip adapter. I have basically the same setup like in the actual > postings that are flooding around here > (http://sourceforge.net/mailarchive/forum.php?thread_name=450EB7580E6AE7469F88 > 26BFBF09BAB60889F1%40earwax.uent.com&forum_name=shorewall-users) > > Short sum up. > Internet (EXT) -> linux router with shorewall (FW) -> LAN (INT) -> VOIP > Adapter > > Now the problem is that the voip adapter cannot connect to the sip provider. > > First of all, this is what i can exclude. > The VOIP works and is setup right, it works at my home lan and it > works in the office directly connected the internet without firewall. > Shorewall works too very fine and did everything as should up to now. > Route int to ext and let pass some connections from ext to int like > imap, http and so on. > > I tried several settings within shorewall now, none with success and i > am a bit desperate now. > > Attached is the actual shorewall dump, i hope somebody can help me. > > Ah, i almost forgot that. > > I logged the shorewall traffic, but all i could see were packets > getting out of the net to proxy.live.sipgate.de, but none ever > returned. > The i started tshark and watched the internet connected interface. > There i always get these three messages: > 462.312900 77.20.237.113 -> 217.10.68.147 SIP Request: REGISTER sip:sipgate.de > 466.312000 77.20.237.113 -> 217.10.68.147 IP Fragmented IP protocol > (proto=UDP 0x11, off=0) > 466.312026 77.20.237.113 -> 217.10.68.147 SIP Request: REGISTER sip:sipgate.de > > Googling didnt help me either. > > I also setup the voip adapter to log error messages to my server and > there i get the following messages: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B System started: > [email protected], reboot reason:H0 > Sep 23 13:11:41 192.168.15.9 001D7ED5812B System started: > [email protected], reboot reason:H0 > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 1 Proxy:sipgate.de > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 1 Proxy:sipgate.de > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 1 Outbound > Proxy:proxy.live.sipgate.de > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 1 Outbound > Proxy:proxy.live.sipgate.de > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 2 Proxy: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 2 Proxy: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 2 Outbound Proxy: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 2 Outbound Proxy: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Profile Rule:/init.cfg > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Profile Rule:/init.cfg > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Profile Rule B: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Profile Rule B: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Profile Rule C: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Profile Rule C: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Profile Rule D: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Profile Rule D: > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 1 Preferred Codec:G711u > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 1 Preferred Codec:G711u > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 2 Preferred Codec:G711u > Sep 23 13:11:41 192.168.15.9 001D7ED5812B Line 2 Preferred Codec:G711u > Sep 23 13:11:41 192.168.15.9 001D7ED5812B RTP Packet Size:0.020 > Sep 23 13:11:41 192.168.15.9 001D7ED5812B RTP Packet Size:0.020 > Sep 23 13:11:41 192.168.15.9 001D7ED5812B [0]Reg Addr Change(0) > 0:0->d90a4493:5060 > Sep 23 13:11:56 192.168.15.9 last message repeated 3 times > Sep 23 13:14:58 192.168.15.9 001D7ED5812B [0]Reg Addr Change(0) > 0:5060->d90a4493:5060 > Sep 23 13:15:03 192.168.15.9 last message repeated 3 times > > > Thanks in Advance > Sven > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users I am far from an expert, however, even without reading your shorewall dump, I can tell you that SIP is incredibly finicky when it comes to NAT. Although this url refers to Asterisk (open-source PBX), it is very applicable to issues involving SIP and NAT. http://www.voip-info.org/wiki/view/Asterisk+SIP+NAT+solutions I'd assume in your case the reason you are getting no returns from your sip provider to your VOIP adapter behind the shorewall is because the sip server is responding to the internal address of the SIP adapter. You'll need to use a SIP proxy, STUN, or one-to-one NAT'ing and / or port forwarding to get it all to work properly. Some VOIP adapters have the ability to enter a private IP AND a public IP so that the packets are properly forwarded upstream. -- Keith Mitchell CTO Productivity Associates, Inc. 5625 Ruffin Rd STE 220 San Diego, CA 92123 858-495-3528 (Work) 858-495-3540 (Fax) ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
