Hi, On Oct 20, 2011, at 8:33 AM, JimDoesVoip wrote:
> Hi All, We're running opensips 1.6.4 and mediaproxy 2.5.2, both on a single > server running centos 6. When iptables is turned off media-relay works > properly, calls connect and have audio, we see media flow from a IP client, > to the media-relay back to IP client. We can't see any entries using the > conntrack -L command at this time (maybe because iptables is off?) When we > turn iptables on, we see entries in conntrack -L for a bunch of items > including the sip signaling to each of the clients, but we do not see any > entries for media when in a call (should we?). Our iptables config adds a few > accept lines to the filter chain to allow any traffic on a few private > interfaces and to allow sip traffic on a high port on any interface. These > keep opensips working while iptables is running. > # iptables -t filter -L -v > Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 203 23785 ACCEPT all -- any any anywhere anywhere > state RELATED,ESTABLISHED > 2 152 ACCEPT icmp -- any any anywhere anywhere > > 1 201 ACCEPT all -- lo any anywhere anywhere > > 7 3629 ACCEPT all -- bond0 any anywhere anywhere > > 0 0 ACCEPT all -- eth0 any anywhere anywhere > > 0 0 ACCEPT all -- eth1 any anywhere anywhere > > 0 0 ACCEPT tcp -- any any anywhere anywhere > state NEW tcp dpt:ssh > 0 0 ACCEPT tcp -- any any anywhere anywhere > state NEW tcp dpt:15060 > 9 1177 ACCEPT udp -- any any anywhere anywhere > state NEW udp dpt:15060 > 0 0 REJECT all -- any any anywhere anywhere > reject-with icmp-host-prohibited > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 REJECT all -- any any anywhere anywhere > reject-with icmp-host-prohibited > > Chain OUTPUT (policy ACCEPT 137 packets, 33701 bytes) > pkts bytes target prot opt in out source > destination > > > # iptables -t raw -L -v > Chain PREROUTING (policy ACCEPT 11495 packets, 2699K bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 118 packets, 32010 bytes) > pkts bytes target prot opt in out source > destination > # > > It seems like something isn't getting connected properly, but unfortunately I > didn't find a similar problem. When iptables is running there are no errors > from media-relay, but no audio is relayed. When iptables is off we see errors > complaining about iptables not being loaded, but media is relayed / works in > both directions. Thanks very much, Jim O What do you mean by "iptables on"? Having the modules loaded and forwarding enabled in /proc is enough. I'm not sure about what CentOS may do when you start the iptables service, we don't use that with Debian :-S You should see entries in both the raw table and conntrack -L. You also mentioned that in some case you got an error, can you paste it? Regards, -- Saúl Ibarra Corretgé AG Projects _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
