Hello,
Earlier this year I contacted Patrick McHardy for fixing a SIP conntrack
problem and he produced a patch. Unfortunately, I do not have the exchanged
emails although I'd presume the patch made to the netfilter modules upstream.
The work Patrick did was per contract. He's the maintainer of several
components. I could have a bit more details next week if needed.\
Cheers.
________________________________
De : Lee Brown <[email protected]>
À : Shorewall Users <[email protected]>
Envoyé le : mercredi 21 août 2013 14h39
Objet : Re: [Shorewall-users] sip conntrack dropping packets?
On my CentOS 6.4 box (2.6.32-358.14.1.el6.x86_64) I found that nf_conntrack_sip
and nf_nat_sip caused problems with sip traffic (silently dropping traffic) and
I run without them. I was getting random non connection issues (failed
registration) before I removed those modules. My regular custom traffic
shaping was not effected.
CentOS tends to ship with older, sometimes incomplete modules so YMMV.
On Wed, Aug 21, 2013 at 11:15 AM, Alberto Di Fede <[email protected]>
wrote:
sure they are from sip conntrack module.
>i would like to understand why it happens and if it is a configuration issue.
>i think that removing the modules will hurt the traffic shaping.
>
>any idea on how to debug?
>
>
>
>
>
>On Tue, Aug 20, 2013 at 11:08 PM, Pablo Sebastian Greco
><[email protected]> wrote:
>
>Those messages are not from the firewall itself, they are from
>nf_conntrack_sip. Have you tried unloading nf_conntrack_sip and nf_nat_sip ?
>>
>>Pablo.
>>
>>El 20/08/13 14:34, johnny bowen escribió:
>>
>>Btw.. it only happens on one or two phones also, but I can't remember which
>>ones.
>>>
>>>
>>>
>>>
>>>
>>>On Tue, Aug 20, 2013 at 10:33 AM, johnny bowen <[email protected]> wrote:
>>>
>>>I get that too. I've never solved the problem I just stopped rsyslog from
>>>logging to my console. So if I ever come across a fix I'll post it
>>>>
>>>>
>>>>
>>>>
>>>>On Tue, Aug 20, 2013 at 9:20 AM, Alberto Di Fede <[email protected]>
>>>>wrote:
>>>>
>>>>Hi,
>>>>>
>>>>>
>>>>>i see this on the console and in the firewall logs while i try to make sip
>>>>>calls using my sip server (although this appears to happen only from a the
>>>>>Counterpath Bria softphone)
>>>>>
>>>>>Message from syslogd@server at Aug 20 17:24:39
...
>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0
SRC=<my public ip address> DST=<SIP
provider public ip address> LEN=860
TOS=0x00 PREC=0x00 TTL=64 ID=52154 PROTO=UDP
SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
>>>>>
>>>>>Message from syslogd@server at Aug 20 17:24:39
...
>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0
SRC=<my public ip address> DST=<SIP
provider public ip address> LEN=860
TOS=0x00 PREC=0x00 TTL=64 ID=52155 PROTO=UDP
SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
>>>>>
>>>>>Message from syslogd@server at Aug 20 17:24:40
...
>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0
SRC=<my public ip address> DST=<SIP
provider public ip address> LEN=860
TOS=0x00 PREC=0x00 TTL=64 ID=52156 PROTO=UDP
SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
>>>>>
>>>>>Message from syslogd@server at Aug 20 17:24:41
...
>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0
SRC=<my public ip address> DST=<SIP
provider public ip address> LEN=860
TOS=0x00 PREC=0x00 TTL=64 ID=52159 PROTO=UDP
SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
>>>>>
>>>>>Message from syslogd@server at Aug 20 17:24:45
...
>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0
SRC=<my public ip address> DST=<SIP
provider public ip address> LEN=860
TOS=0x00 PREC=0x00 TTL=64 ID=52161 PROTO=UDP
SPT=5060 DPT=5060 LEN=840 UID=493 GID=490
>>>>>
>>>>>
>>>>>after a few drops obviously the SIP call is dropped.
>>>>>
>>>>>
i searched online for solutions, but apparently there seems to be no technical
issue for my kernel/netfilter/shorewall version, most probably is related to my
configuration.
>>>>>
>>>>>
>>>>>
>>>>>is there anything standing out for you?
>>>>>
>>>>>
>>>>>thank you
>>>>>
>>>>>
>>>>>
>>>>>Alberto
>>>>>
>>>>>
------------------------------------------------------------------------------
>>>>>Introducing Performance Central, a new site from
SourceForge and
>>>>>AppDynamics. Performance Central is your source for
news, insights,
>>>>>analysis and resources for efficient Application
Performance Management.
>>>>>Visit us today!
>>>>>http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
>>>>>_______________________________________________
>>>>>Shorewall-users mailing list
>>>>>[email protected]
>>>>>https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>>------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
>>>
>>>
>>>_______________________________________________
Shorewall-users mailing list [email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>------------------------------------------------------------------------------
>>Introducing Performance Central, a new site from SourceForge and
>>AppDynamics. Performance Central is your source for news, insights,
>>analysis and resources for efficient Application Performance Management.
>>Visit us today!
>>http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
>>_______________________________________________
>>Shorewall-users mailing list
>>[email protected]
>>https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>
>------------------------------------------------------------------------------
>Introducing Performance Central, a new site from SourceForge and
>AppDynamics. Performance Central is your source for news, insights,
>analysis and resources for efficient Application Performance Management.
>Visit us today!
>http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
>_______________________________________________
>Shorewall-users mailing list
>[email protected]
>https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
