Hi, this topic was discussed in numerous places before. But I think my problem is a bit different... I have a Asterisk box which is supposed to register a trunk with sipgate. It uses dns lookups to find out my external IP address, which is correctly placed in the sip messages (I can see it on the Asterisk CLI with some logging enabled). To sum it up, everything is set like in many other discussions related to SIP problems.
The gateway (CentOS 5.6 with Shorewall 4.4.19.2) should then masq the related traffic, but it doesn't. It uses the private IP of the Asterisk box as source address. Of course sipgate cannot ever answer the request. At the moment I have absolutely no idea what the problem is about... All other traffic is masqueraded fine. I even removed the ip_nat_sip and ip_conntrack_sip module and added it to DONT_LOAD (according to FAQ 77). Additionally I have also added the DNAT rules for incoming SIP traffic. The network configuration is more or less as usual: Asterisk Box <-LAN-1 (seth0)-> Gateway (NAT) <-(seth3) ISP-> Sipgate Virtual Boxes<-LAN-2 (seth1)-> The systems in LAN 2 are not related to any SIP traffic. I attached the output of "shorewall dump" to this email and copied the line of a SIP packet: udp 17 29 src=192.168.10.240 dst=217.10.79.9 sport=5060 dport=5060 packets=1166 bytes=554092 [UNREPLIED] src=217.10.79.9 dst=192.168.10.240 sport=5060 dport=5060 packets=0 bytes=0 mark=0 secmark=0 use=1 217.10.79.9 is sipgate.de and 192.168.10.240 the Asterisk box on my local network. Here is the mentioned Asterisk log of the sip packet: Retransmitting #3 (NAT) to 217.10.79.9:5060: OPTIONS sip:sipgate.de SIP/2.0 Via: SIP/2.0/UDP 91.64.242.13:5060;branch=z9hG4bK756bc67e;rport Max-Forwards: 70 From: "Unknown" <sip:[email protected]>;tag=as62f154fd To: <sip:sipgate.de> Contact: <sip:[email protected]:5060> Call-ID: [email protected]:5060 CSeq: 102 OPTIONS User-Agent: FPBX-2.8.1(1.8.0) Date: Mon, 18 Jul 2011 23:11:02 GMT Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Length: 0 You can clearly see, that the client side detection of the external address works... (STUN is not involved) So what am I missing? Thx and best regards, Martin. __________ Hinweis von ESET NOD32 Antivirus, Signaturdatenbank-Version 6305 (20110718) __________ E-Mail wurde gepruft mit ESET NOD32 Antivirus. http://www.eset.com
status.tgz
Description: application/compressed
------------------------------------------------------------------------------ Storage Efficiency Calculator This modeling tool is based on patent-pending intellectual property that has been used successfully in hundreds of IBM storage optimization engage- ments, worldwide. Store less, Store more with what you own, Move data to the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
