Re: [Shorewall-users] SIP messaging - Masquarading troubles

Fri, 15 May 2015 00:15:18 -0700 

> Hi all,
>
> I have two servers with public and private IP address running a sip proxy
> on eth0 and asterisk box on eth1. Each box is running Shorewall 4.5.21.
> Making calls within a server is fine but I would like the sip proxy to
> also use asterisk box on the other machine for load balancing.
>
> However for some reason calls and qualify OPTIONS packets are not being
> passed over asterisk box to the other sip proxy based on tcpdump and
> ngrep. I suspect my masquerade rules are to blame but after countless
> tweaking, this is failing me.
>
> Scenario (addresses have been scrambled)
>        OPTIONS (qualify=yes)
> BOX 1  Asterisk ----------------> Sip Proxy
> 10.131.45.56 :5060        178.89.67.12:5060
>               OPTIONS
> BOX 2 Sip proxy ---------------->  Asterisk
> 178.89.67.12:5060                    10.131.45.56 :5060
>
> These packets are not being answered with 200 OK.
>
>
> This is what I have in my configs:
> rules
> ACCEPT net        $FW                udp            5060  <------- Accept
> sip requests to sip proxy
>
> Policy
> loc     net     ACCEPT
> $FW     net     ACCEPT
> loc     $FW     ACCEPT
> $FW     loc     ACCEPT
> net     all     DROP        info
> all     all     REJECT      info
>
> masq
> BOX 1
> INTERFACE:DEST     SOURCE      ADDRESS     PROTO   PORT(S) IPSEC   MARK
> USER/   SWITCH  ORIGINAL
> #                                           GROUP       DEST
> eth0:178.89.67.12   10.131.45.56     -    udp     5060 <------- asterisk
> to proxy through eth0
>
> BOX 2
> INTERFACE:DEST     SOURCE      ADDRESS     PROTO   PORT(S) IPSEC   MARK
> USER/   SWITCH  ORIGINAL
> #                                           GROUP       DEST
> eth1:10.131.45.56  178.89.67.12   -       udp     5060 <-------- proxy to
> asterisk through eth1
>
> What am i missing?
>
> Eric

Is this only UDP traffic, do you not need TCP too?

Regards,
Simon


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to