| View previous topic :: View next topic |
| Author |
Message |
JamesR
Joined: 30 Jan 2013
Posts: 27
|
 Posted: Fri Feb 22, 2013 7:11 am Post subject: SIP through a NAT |
 |
|
I'm using a polycom VOIP solution here with my ZS 2.0 RC2.
Phones, of course, are on private IP's NATted through ZeroShell.
Phone connect, by SIP, to a phone service out on the Internet.
SIP connections out from the phone to the VOIP server are going over 5090/udp.
For incoming Calls, the rtp session isn't completely established so I can't hear the incoming audio although outgoing audio works. Outgoing calls seem to be OK.
I tried this to make the netfilter connection tracking work but was unsuccessful in tracking:
| Code: |
rmmod nf_nat_sip
rmmod nf_conntrack_sip
modprobe nf_conntrack_sip ports=5060,5090
modprobe nf_nat_sip
|
This makes it worse: i.e. no audio
| Code: |
rmmod nf_nat_sip
rmmod nf_conntrack_sip
modprobe nf_conntrack_sip ports=5060,5090 sip_direct_signalling=0 sip_direct_media=0
modprobe nf_nat_sip
|
ETH00 is my outside interface (dhcp)
My phones are on ETH01.11
NICs.... some info has been obscured....
| Code: |
root@rtr net> ifconfig -a
BRIDGE00 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:20921 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:1535554 (1.4 Mb)
BRIDGE00: Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
BRIDGE01 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24328802 errors:0 dropped:0 overruns:0 frame:0
TX packets:26908593 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10463274351 (9978.5 Mb) TX bytes:25793241821 (24598.3 Mb)
BRIDGE01: Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
BRIDGE02 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14267878 errors:0 dropped:0 overruns:0 frame:0
TX packets:14182298 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7441598927 (7096.8 Mb) TX bytes:14435362929 (13766.6 Mb)
BRIDGE02: Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
DEFAULTBR Link encap:Ethernet HWaddr 0A:67:9D:58:CC:B6
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ETH00 Link encap:Ethernet HWaddr 00:11:11:70:DD:15EE
inet addr:nn.www.xxx.yyy Bcast:nn.www.xxx.255 Mask:255.255.255.128
inet6 addr: fe80::211:11ff:fe70:ddee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50110807 errors:0 dropped:0 overruns:0 frame:0
TX packets:35492053 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:41095298302 (39191.5 Mb) TX bytes:18285744916 (17438.6 Mb)
Interrupt:16
ETH01 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:37347514 errors:0 dropped:1 overruns:0 frame:0
TX packets:41114100 errors:0 dropped:5076 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16179233770 (15429.7 Mb) TX bytes:39210963209 (37394.4 Mb)
ETH01.10 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:971877 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:50895872 (48.5 Mb)
ETH01.11 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24340556 errors:0 dropped:0 overruns:0 frame:0
TX packets:27731625 errors:0 dropped:89 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10495780712 (10009.5 Mb) TX bytes:25756865007 (24563.6 Mb)
ETH01.12 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11632349 errors:0 dropped:0 overruns:0 frame:0
TX packets:12425016 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4792619095 (4570.5 Mb) TX bytes:13411355692 (12790.0 Mb)
ETH01:00 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
inet addr:192.168.3.254 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
ETH02 Link encap:Ethernet HWaddr 00:E0:53:07:35:61
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ETH02:00 Link encap:Ethernet HWaddr 00:E0:53:07:35:61
inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
VPN99 Link encap:Ethernet HWaddr A6:C4:FB:FB:23:FD
inet6 addr: fe80::a4c4:fbff:fefb:23fd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30875 errors:0 dropped:0 overruns:0 frame:0
TX packets:41606 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2456354 (2.3 Mb) TX bytes:44064931 (42.0 Mb)
VPN99:00 Link encap:Ethernet HWaddr A6:C4:FB:FB:23:FD
inet addr:192.168.250.254 Bcast:192.168.250.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
WLAN01 Link encap:Ethernet HWaddr B8:A3:86:80:11:22
inet6 addr: fe80::baa3:86ff:fe80:3873/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:109080 errors:0 dropped:0 overruns:0 frame:0
TX packets:3051294 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17372948 (16.5 Mb) TX bytes:345453185 (329.4 Mb)
WLAN02 Link encap:Ethernet HWaddr B8:A3:86:80:38:74
inet6 addr: fe80::baa3:86ff:fe80:3874/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2859644 errors:0 dropped:0 overruns:0 frame:0
TX packets:2690020 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2758616880 (2630.8 Mb) TX bytes:1242852700 (1185.2 Mb)
bond0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond1 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond2 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond3 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond4 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond5 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond6 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond7 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond8 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond9 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
dummy0 Link encap:Ethernet HWaddr 1E:77:9E:36:CA:53
inet addr:192.168.141.142 Bcast:192.168.141.255 Mask:255.255.255.0
BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:140 (140.0 b)
dummy1 Link encap:Ethernet HWaddr 6E:69:AE:30:D6:B1
inet addr:192.168.142.142 Bcast:192.168.142.255 Mask:255.255.255.255
inet6 addr: fe80::6c69:aeff:fe30:d6b1/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:210 (210.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12929361 errors:0 dropped:0 overruns:0 frame:0
TX packets:12929361 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1946770864 (1856.5 Mb) TX bytes:1946770864 (1856.5 Mb)
mon.WLAN0 Link encap:UNSPEC HWaddr B8-A3-86-80-11-11-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23386809 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1592804340 (1519.0 Mb) TX bytes:0 (0.0 b)
mon.WLAN0 Link encap:UNSPEC HWaddr B8-A3-86-80-11-11-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23386809 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1592804340 (1519.0 Mb) TX bytes:0 (0.0 b)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
wlan0 Link encap:Ethernet HWaddr B8:A3:86:80:11:11
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
Bridges
| Code: |
root@rtr net> brctl show
bridge name bridge id STP enabled interfaces
BRIDGE00 8000.00e053082129 yes ETH01.10
BRIDGE01 8000.00e053082129 yes ETH01.11
WLAN01
BRIDGE02 8000.00e053082129 no ETH01.12
WLAN02
DEFAULTBR 8000.000000000000 no
|
Here's my fw tables.
filter table
| Code: |
Chain INPUT (policy ACCEPT)
target prot opt source destination
SYS_GUI all -- 0.0.0.0/0 0.0.0.0/0
SYS_INPUT all -- 0.0.0.0/0 0.0.0.0/0
SYS_HTTPS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
SYS_HTTPS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
SYS_SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT all -- 0.0.0.0/0 192.168.1.1 state NEW,ESTABLISHED
LOG tcp -- 192.168.1.0/24 192.168.0.3 limit: avg 4/hour burst 15 LOG flags 0 level 4 prefix "INPUT/008"
ACCEPT tcp -- 192.168.1.0/24 192.168.0.3
LOG all -- 0.0.0.0/0 192.168.0.0/24 limit: avg 10/hour burst 15 LOG flags 0 level 4 prefix "INPUT/009"
REJECT all -- 0.0.0.0/0 192.168.0.0/24 reject-with icmp-net-unreachable
LOG all -- 0.0.0.0/0 192.168.2.0/24 state NEW limit: avg 5/hour burst 15 LOG flags 0 level 4 prefix "INPUT/010"
DROP all -- 0.0.0.0/0 192.168.2.0/24 state NEW
LOG all -- 0.0.0.0/0 192.168.2.2 state NEW,RELATED,ESTABLISHED limit: avg 10/hour burst 15 LOG flags 0 level 4 prefix "INPUT/011"
ACCEPT all -- 0.0.0.0/0 192.168.2.2 state NEW,RELATED,ESTABLISHED
REJECT all -- 0.0.0.0/0 192.168.2.0/24 reject-with icmp-host-unreachable
LOG udp -- 192.168.2.0/24 208.67.220.123 udp dpt:53 limit: avg 10/hour burst 5 LOG flags 0 level 4 prefix "INPUT/013"
ACCEPT udp -- 192.168.2.0/24 208.67.220.123 udp dpt:53
LOG udp -- 0.0.0.0/0 208.67.222.123 udp dpt:53 limit: avg 2/hour burst 15 LOG flags 0 level 4 prefix "INPUT/014"
ACCEPT udp -- 0.0.0.0/0 208.67.222.123 udp dpt:53
LOG udp -- 192.168.2.0/24 0.0.0.0/0 udp dpt:53 limit: avg 10/hour burst 15 LOG flags 0 level 4 prefix "INPUT/015"
DROP udp -- 192.168.2.0/24 0.0.0.0/0 udp dpt:53
LOG all -- 0.0.0.0/0 192.168.1.0/24 limit: avg 2/min burst 15 LOG flags 0 level 4 prefix "INPUT/016"
DROP all -- 0.0.0.0/0 192.168.1.0/24
LOG all -- 0.0.0.0/0 192.168.0.0/24 limit: avg 1/min burst 15 LOG flags 0 level 4 prefix "INPUT/017"
DROP all -- 0.0.0.0/0 192.168.0.0/24
ACCEPT udp -- 0.0.0.0/0 255.255.255.255
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
ACCEPT all -- 0.0.0.0/0 224.0.0.0/9
LOG all -- 0.0.0.0/0 !192.168.0.0/16 limit: avg 4/hour burst 15 LOG flags 0 level 4 prefix "INPUT/021"
ACCEPT all -- 0.0.0.0/0 !192.168.0.0/16
LOG all -- 0.0.0.0/0 !192.168.0.0/16 PHYSDEV match --physdev-in WLAN02 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix "INPUT/022"
ACCEPT all -- 0.0.0.0/0 !192.168.0.0/16 PHYSDEV match --physdev-in WLAN02
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LOG udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5090 limit: avg 3/min burst 15 LOG flags 0 level 4 prefix "FORWARD/002"
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5090
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SYS_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
LOG udp -- 0.0.0.0/0 192.168.1.66 state NEW,RELATED,ESTABLISHED limit: avg 5/min burst 15 LOG flags 0 level 4 prefix "OUTPUT/009"
ACCEPT udp -- 0.0.0.0/0 192.168.1.66 state NEW,RELATED,ESTABLISHED
LOG udp -- 192.168.1.66 0.0.0.0/0 state NEW,RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix "OUTPUT/010"
ACCEPT udp -- 192.168.1.66 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
Chain NetBalancer (0 references)
target prot opt source destination
Chain Proxy (0 references)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain SYS_GUI (1 references)
target prot opt source destination
ACCEPT tcp -- 192.168.1.181 0.0.0.0/0 tcp dpt:12081
Chain SYS_HTTPS (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain SYS_INPUT (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8245 state ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:123 state ESTABLISHED
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain SYS_OUTPUT (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8245
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain SYS_SSH (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.3.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
|
mangle table
| Code: |
root@rtr net> iptables -n -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
QoS all -- 0.0.0.0/0 0.0.0.0/0
Chain NB_CT_POST (0 references)
target prot opt source destination
CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK save
Chain NB_CT_PRE (0 references)
target prot opt source destination
CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK save
Chain NB_FO_PRE (0 references)
target prot opt source destination
Chain NB_STAT (0 references)
target prot opt source destination
Chain NetBalancer (0 references)
target prot opt source destination
Chain OpenVPN (0 references)
target prot opt source destination
Chain QoS (1 references)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK and 0x0
MARK udp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp spts:5060:5090 MARK set 0xb
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5100 MARK set 0xb
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:8000:8200 MARK set 0xb
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:16384:16482 MARK set 0xb
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
MARK all -- 192.168.1.101 0.0.0.0/0 MARK set 0xd
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
MARK udp -- 192.168.2.0/24 0.0.0.0/0 udp dpts:!67:68 connbytes 307200 connbytes mode bytes connbytes direction both MARK set 0xf
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
MARK all -- 192.168.2.0/24 0.0.0.0/0 MARK set 0xf
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
MARK udp -- 0.0.0.0/0 192.168.2.0/24 udp dpts:!67:68 connbytes 307200 connbytes mode bytes connbytes direction both MARK set 0xe
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
MARK all -- 0.0.0.0/0 192.168.2.0/24 connbytes 204800 connbytes mode bytes connbytes direction both MARK set 0xe
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
|
nat table
| Code: |
root@rtr net> iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Proxy tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNATVS all -- 0.0.0.0/0 0.0.0.0/0
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
OpenVPN all -- 0.0.0.0/0 0.0.0.0/0
Chain OpenVPN (1 references)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.250.1-192.168.250.253
Chain Proxy (1 references)
target prot opt source destination
REDIRECT tcp -- 192.168.0.0/24 0.0.0.0/0 redir ports 55559
Chain SNATVS (1 references)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 source IP range 10.10.10.1-10.10.10.250
|
I'm really not current on iptables so I'm certain that I have done something silly or missed something
modules
| Code: |
root@rtr net> lsmod
Module Size Used by
nf_nat_sip 5327 0
nf_conntrack_sip 15548 1 nf_nat_sip
ecb 1533 0
ppp_mppe 4948 0
ppp_async 5846 0
ppp_generic 16053 2 ppp_mppe,ppp_async
slhc 4157 1 ppp_generic
xt_layer7 9783 0
nf_conntrack_netlink 16132 0
xt_iprange 1180 2
ipt_REDIRECT 803 1
cls_fw 3390 13
sch_sfq 8530 13
sch_htb 12571 5
ipt_MASQUERADE 1254 3
bonding 80618 0
8021q 14801 0
garp 4512 1 8021q
tun 11550 2
bridge 63988 0
stp 1096 2 garp,bridge
iptable_nat 3055 1
xt_connbytes 1611 3
xt_mark 817 19
xt_physdev 1328 2
ipt_REJECT 1917 2
xt_LOG 10315 14
xt_limit 1279 14
xt_state 891 15
xt_connmark 1353 2
iptable_mangle 1012 1
iptable_filter 852 1
ip_tables 8748 3 iptable_nat,iptable_mangle,iptable_filter
nf_nat_pptp 1870 0
nf_nat_proto_gre 941 1 nf_nat_pptp
nf_nat_ftp 1240 0
nf_nat_h323 5027 0
nf_nat 11200 8 nf_nat_sip,ipt_REDIRECT,ipt_MASQUERADE,iptable_nat,nf_nat_pptp,nf_nat_proto_gre,nf_nat_ftp,nf_nat_h323
nf_conntrack_tftp 2489 0
nf_conntrack_pptp 3541 1 nf_nat_pptp
nf_conntrack_proto_gre 3480 1 nf_conntrack_pptp
nf_conntrack_irc 2567 0
nf_conntrack_ftp 4752 1 nf_nat_ftp
nf_conntrack_h323 35478 1 nf_nat_h323
dummy 1574 0
ext4 378005 1
jbd2 59411 1 ext4
crc16 1051 1 ext4
pata_acpi 2252 0
arc4 1046 2
ath9k 79902 0
mac80211 378096 1 ath9k
ath9k_common 1532 1 ath9k
ath9k_hw 323027 2 ath9k,ath9k_common
iTCO_wdt 10569 0
ath 12405 3 ath9k,ath9k_common,ath9k_hw
cfg80211 157381 3 ath9k,mac80211,ath
r8169 40441 0
iTCO_vendor_support 1441 1 iTCO_wdt
rfkill 7777 3 cfg80211
i2c_i801 6742 0
tg3 121153 0
mii 3303 1 r8169
ehci_hcd 47945 0
uhci_hcd 26718 0
|
connection tracking. BTW, the phone is at 192.168.1.66
| Code: |
01:47:55 [UPDATE] udp 17 3585 src=192.168.1.66 dst=199.68.213.126 sport=5078 dport=5090 src=199.68.213.126 dst=nn.www.xxx.yyy sport=5090 dport=5078 [ASSURED]
01:48:12 [NEW] udp 17 30 src=192.168.1.66 dst=199.68.213.126 sport=16384 dport=63794 [UNREPLIED] src=199.68.213.126 dst=nn.www.xxx.yyy sport=63794 dport=16384
01:48:12 [NEW] udp 17 30 src=192.168.1.66 dst=192.168.1.1 sport=1051 dport=53 [UNREPLIED] src=192.168.1.1 dst=192.168.1.66 sport=53 dport=1051
01:48:12 [UPDATE] udp 17 30 src=192.168.1.66 dst=192.168.1.1 sport=1051 dport=53 src=192.168.1.1 dst=192.168.1.66 sport=53 dport=1051
01:48:12 [NEW] udp 17 30 src=192.168.1.66 dst=199.68.213.228 sport=16384 dport=47448 [UNREPLIED] src=199.68.213.228 dst=nn.www.xxx.yyy sport=47448 dport=1058
01:48:17 [NEW] udp 17 30 src=192.168.1.66 dst=199.68.213.228 sport=16385 dport=47449 [UNREPLIED] src=199.68.213.228 dst=nn.www.xxx.yyy sport=47449 dport=16385
01:48:42 [DESTROY] udp 17 src=192.168.1.66 dst=199.68.213.126 sport=16384 dport=63794 packets=4 bytes=800 [UNREPLIED] src=199.68.213.126 dst=nn.www.xxx.yyy sport=63794 dport=16384 packets=0 bytes=0
01:48:42 [DESTROY] udp 17 src=192.168.1.66 dst=192.168.1.1 sport=1051 dport=53 packets=1 bytes=76 src=192.168.1.1 dst=192.168.1.66 sport=53 dport=1051 packets=1 bytes=128
01:48:52 [DESTROY] udp 17 src=192.168.1.66 dst=199.68.213.228 sport=16385 dport=47449 packets=2 bytes=232 [UNREPLIED] src=199.68.213.228 dst=nn.www.xxx.yyy sport=47449 dport=16385 packets=0 bytes=0
01:48:53 [DESTROY] udp 17 src=192.168.1.66 dst=199.68.213.228 sport=16384 dport=47448 packets=565 bytes=111440 [UNREPLIED] src=199.68.213.228 dst=nn.www.xxx.yyy sport=47448 dport=1058 packets=0 bytes=0
|
I'm real tired so I may have missed something. Please excuse mistakes.
Sincerely
James |
|
| Back to top |
|
 |
JamesR
Joined: 30 Jan 2013
Posts: 27
|
| Posted: Fri Feb 22, 2013 11:35 pm Post subject: SIP through a NAT |
|
|
Oh, a few other details which are interesting...
- ZeroShell replaced a DD-WRT router. WRT is a 2.6 Linux kernel and that has the nat tracking of SIP. So I don't think I can say that Linux can't do the job. I didn't change the network design. The phones use the same IP & gateway address.
- Interesting that one of the phones is REALLY bad about the symptom, 192.168.1.66 whilst 192.168.1.67. They are the same phone model. Polycom controls them so I don't know if they're doing something different for one phone over another
- My troubleshooting was with the 1.66 phone
|
|
| Back to top |
|
|
JamesR
Joined: 30 Jan 2013
Posts: 27
|
| Posted: Mon Feb 25, 2013 3:16 am Post subject: Re: SIP through a NAT |
|
|
I determined that I needed to setup my Forward Rule to deal with the NAT. Now I think I did have to set the sip port to track 5090/udp, too which is not likely to survive through a reboot unless I script the change.
Anybody know how to set modprobe parms in ZeroShell? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
Register
Usergroups
Profile
Log in
Private Message
