Hi Jeff, Thanks. I looked at this earlier as well. I swapped the REJECT line out for a blanked ACCEPT with forwards and it didn't seem to have an effect. I keep wondering if there is something in raw that needs to be put in place based upon the messages from iptables as it exists. I took another look based on your note and I think I found something meaningful.
iptables (at least on centos) appears to load different tables independently when you use the --list option. So I started a call with only the raw table loaded. no audio. I then stopped iptables and had audio. I then loaded filter and nat tables and each time still had audio. Then as the call was going I loaded the raw table, and the call still had audio. I stopped the call and started a new one: no audio. Unloaded the raw table; audio. # iptables -t raw --list Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination # /etc/init.d/iptables stop iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: raw [ OK ] iptables: Unloading modules: [ OK ] # So it feels likely that the raw part of my iptables config is blocking things. Perhaps, even though it says it is defaulting to ACCEPT, it is blocking packets from getting to conntrack rules setup by media-relay? Thanks, Jim Jeff Pyle wrote: > > Jim, > > One difference between my iptables setup and yours on my relay is I allow > the FORWARD to go, default policy ACCEPT. Perhaps this is relevant. > > > - Jeff > > > -- View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/media-relay-not-relaying-when-iptables-running-tp6911797p6913422.html Sent from the OpenSIPS - Users mailing list archive at Nabble.com. _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
