Alan McKay <[email protected]> wrote: > I completely blew away my firewall but saved my shorewall directory. > Went from Ubuntu 13.10 to 14.04 and whatever the cooresponding versions > of Shorewall are on each. ... > I run tcpdump on the external interface and I can see my Cisco router trying > to get out. But I get no dial tone. Here is a capture going to > toronto.voip.ms > > You see it still has my internal IP and no mention of my external one. > > Anyone have any idea here?
Try blacklisting the SIP helper module(s). SIP is one of those things that are well and truly broken by NAT, and IME the kernel's SIP helper is an unnecessary complication. Either : 1a) (Statically) Configure your internal device with it's public IP information - useful if running a private PBX with (eg) Asterisk, but can be done with a single phone. 1b) Let the device use STUN to figure out the NAT and take care of it. 2) Use the VoIP provider's NAT proxy (or other means) so it doesn't really matter what your end sends, the other end will work out what real values to use. I suspect that you have one or other of these active AND the SIP helper module. So things get "corrected' twice. ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
