On 06/19/2017 04:48 PM, Ryan Joiner wrote: > > > On 6/19/2017 1:57 PM, Ian Jones wrote: >> >> I am becoming more convinced that this is a nat issue, since I have >> installed Asterisk on the firewall itself, and it seems to run >> normally with no issues when restarting. The feedback from the >> Asterisk peer support site was that: Asterisk is sending OPTIONs, but >> the peer is not replying, or the request or replies are getting lost, >> in the network. Possibly an automatic NAT or firewall rule has timed >> out. There is no evidence of anything wrong with Asterisk. >> >> Is there anyway to specify the UDP connection timeout? >> >> Regards >> >> Ian >> >> > Ian, > I should have looked at your dump first. I see the helpers are still > loaded despite you telling them to not load. That could be because > something other than shorewall loaded them. > > I know on CentOS it is rmmod "module", so rmmod nf_conntrack_sip. I'm > not so sure for Debian. Maybe it is: > > modprobe -r nf_conntrack_sip > modprobe -r nf_nat_sip > > Then see if the remote extensions magically reconnect. >
Here are the problem requests: udp 17 3596 src=192.168.71.8 dst=109.176.95.130 sport=5060 dport=5060 [UNREPLIED] src=109.176.95.130 dst=xx.xx.xx.xx sport=5060 dport=5060 mark=0 use=2 (that is a Masqueraded request from the local server to 109.176.95.130) udp 17 2522 src=94.23.212.19 dst=xx.xx.xx.xx sport=5229 dport=5060 [UNREPLIED] src=192.168.71.8 dst=94.23.212.19 sport=5060 dport=5229 mark=0 use=2 (that is a DNATed request from 94.23.212.19 that is redirected to the local server) udp 17 1228 src=195.154.185.103 dst=xx.xx.xx.xx sport=5105 dport=5060 [UNREPLIED] src=192.168.71.8 dst=195.154.185.103 sport=5060 dport=5105 mark=0 use=2 (another DNATed request) All that I can say is that these entries are consistent with the ruleset. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
