Hi all,
I have two servers with public and private IP address running a sip proxy on
eth0 and asterisk box on eth1. Each box is running Shorewall 4.5.21. Making
calls within a server is fine but I would like the sip proxy to also use
asterisk box on the other machine for load balancing.
However for some reason calls and qualify OPTIONS packets are not being passed
over asterisk box to the other sip proxy based on tcpdump and ngrep. I suspect
my masquerade rules are to blame but after countless tweaking, this is failing
me.
Scenario (addresses have been scrambled)
OPTIONS (qualify=yes)
BOX 1 Asterisk ----------------> Sip Proxy
10.131.45.56 :5060 178.89.67.12:5060
OPTIONS
BOX 2 Sip proxy ----------------> Asterisk
178.89.67.12:5060 10.131.45.56 :5060
These packets are not being answered with 200 OK.
This is what I have in my configs:
rules
ACCEPT net $FW udp 5060 <------- Accept sip
requests to sip proxy
Policy
loc net ACCEPT
$FW net ACCEPT
loc $FW ACCEPT
$FW loc ACCEPT
net all DROP info
all all REJECT info
masq
BOX 1
INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
USER/ SWITCH ORIGINAL
# GROUP DEST
eth0:178.89.67.12 10.131.45.56 - udp 5060 <------- asterisk to
proxy through eth0
BOX 2
INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK
USER/ SWITCH ORIGINAL
# GROUP DEST
eth1:10.131.45.56 178.89.67.12 - udp 5060 <-------- proxy to
asterisk through eth1
What am i missing?
Eric
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
