Hi everybody, I am having this issue.
I have 2 ADSL in my box, one for SIP connections only (VoIP) and the other
one for Internet general traffic. The problem is that suddenly my Sip
software or phone disconnects from my sip server. I do a if down ppp0 or
ppp1 ( Sometimes work with one or the other, I can figure it why) and then
my sip software get connected.
I dont know why. Maybe is something with the default route or when my adsl
change the dynamic ip. I dont know.
Here is my complete conf. I something is missing, let me know.
My box has shorewall installed with 2 ADSL and pptpd
ppp0 - ADSL connection (I use this only for VoIP). this is in eth1
ppp1 - ADSL connection. Internet Traffic. This is in eth2
eth0 - LAN - 192.168.10.0/24
IFCONFIG
----------------
eth0 Link encap:Ethernet HWaddr 00:14:85:AB:93:84
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr 90:F6:52:03:A0:B6
inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth2 Link encap:Ethernet HWaddr 00:01:02:E8:6D:6F
inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
ppp0 Link encap:Point-to-Point Protocol
inet addr:186.48.234.250 P-t-P:200.40.21.7 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
ppp1 Link encap:Point-to-Point Protocol
inet addr:186.48.226.199 P-t-P:200.40.21.7 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
ppp2 Link encap:Point-to-Point Protocol
inet addr:192.168.10.80 P-t-P:192.168.10.90 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
SHOREWALL CONF
---------------------------------
INTERFACES
==========
FORMAT 2
###############################################################################
#ZONE INTERFACE OPTIONS
loc eth0
net ppp0
net ppp1
vpn ppp2 routeback
ZONES
======
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
vpn ipv4
MASQ
=====
#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S)
IPSEC MARK USER/ SWITCH
eth0 192.168.10.0/24
ppp1 192.168.10.0/24
ppp0 192.168.10.0/24
ppp2 192.168.10.0/24
RULES (this is for now while I am testing)
=====
ACCEPT loc net all
PROVIDERS
=========
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
voip 1 1 - ppp0 -
track
internet 2 2 - ppp1 -
track
RTRULES (that IP address in the DEST is my VoIP box)
=======
#SOURCE DEST PROVIDER PRIORITY
MASK
eth0 208.43.135.17 voip
1000
TCRULE (5060 my sip port)
======
1:P 192.168.10.0/24 0.0.0.0/0 tcp 5060,5061,5062
1:P 192.168.10.0/24 0.0.0.0/0 udp 5060,5061,5062
ROUTE -N
======
Destination Gateway Genmask Flags Metric Ref Use
Iface
200.40.21.7 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
200.40.21.7 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0
Shorewall.conf
===========
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTO_COMMENT=Yes
AUTOMAKE=No
BLACKLISTNEWONLY=Yes
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
LEGACY_FASTSTART=Yes
LOAD_HELPERS_ONLY=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX=ko
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=0
OPTIMIZE_ACCOUNTING=No
REQUIRE_INTERFACE=No
RESTORE_DEFAULT_ROUTE=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=No
USE_DEFAULT_RT=Yes
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
################################################################################
# L E G A C Y O P T I O N
# D O N O T D E L E T E O R A L T E R
################################################################################
IPSECFILE=zones
Thanks
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
