Not sure I understand. More specific what rules should I have to direct packets from proxy sent from its public ip directed to other asterisk box's rfc 1918 private address?
>From ngrep this is what I see. Options packet: Box 1 178.89.67.12:5060 --------> Box 2 10.131.45.56 :5060 This packet needs to be re-written somehow as it will never be delivered. Any help would be great. On 15 May 2015, at 07:47, Simon Matter <[email protected]> wrote: >> Hi all, >> >> I have two servers with public and private IP address running a sip proxy >> on eth0 and asterisk box on eth1. Each box is running Shorewall 4.5.21. >> Making calls within a server is fine but I would like the sip proxy to >> also use asterisk box on the other machine for load balancing. >> >> However for some reason calls and qualify OPTIONS packets are not being >> passed over asterisk box to the other sip proxy based on tcpdump and >> ngrep. I suspect my masquerade rules are to blame but after countless >> tweaking, this is failing me. >> >> Scenario (addresses have been scrambled) >> OPTIONS (qualify=yes) >> BOX 1 Asterisk ----------------> Sip Proxy >> 10.131.45.56 :5060 178.89.67.12:5060 >> OPTIONS >> BOX 2 Sip proxy ----------------> Asterisk >> 178.89.67.12:5060 10.131.45.56 :5060 >> >> These packets are not being answered with 200 OK. >> >> >> This is what I have in my configs: >> rules >> ACCEPT net $FW udp 5060 <------- Accept >> sip requests to sip proxy >> >> Policy >> loc net ACCEPT >> $FW net ACCEPT >> loc $FW ACCEPT >> $FW loc ACCEPT >> net all DROP info >> all all REJECT info >> >> masq >> BOX 1 >> INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK >> USER/ SWITCH ORIGINAL >> # GROUP DEST >> eth0:178.89.67.12 10.131.45.56 - udp 5060 <------- asterisk >> to proxy through eth0 >> >> BOX 2 >> INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK >> USER/ SWITCH ORIGINAL >> # GROUP DEST >> eth1:10.131.45.56 178.89.67.12 - udp 5060 <-------- proxy to >> asterisk through eth1 >> >> What am i missing? >> >> Eric > > Is this only UDP traffic, do you not need TCP too? > > Regards, > Simon > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
