All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Michael J. Tubby B.Sc. \(Hons\) G8TIC" <mike@thorcom.com>
To: netfilter@lists.netfilter.org
Subject: NAT of Cisco Voice-Over-IP with Skinny protocol and CallManager
Date: Thu, 19 Dec 2002 18:49:19 -0000	[thread overview]
Message-ID: <001d01c2a78f$56e16850$6401a8c0@int.thorcom.com> (raw)

All,

I have acquired access to a Cisco CallManager (on the internet)
and a pile of Cisco VIP-30 VOIP phones. I have got everything
up and working when they are directly connected to the 'net but
now I want to put some of the phones at friend's houses behind
the Linux boxen that I've built as NAT/firewalls for their cable
modem and ADSL connections...

I'm using RedHat 7.3 but with own compiled 2.4.20 kernel and
iptables 1.2.7a.

Problem is that the phone gets it's directory number and connects
just fine using the Skinny protocol on and TCP:2000 and TFTP on
UDP:69, however the called party can hear me but the return UDPs
don't get back in.

A bit of tcpdump-ing shows that there's no obvious/direct relationship
between the outgoing UDP port numbers on the voice stream and
the incomming reply packets, and hence netfilter/nat has no way
to know what do do unless there's a helper.

Searching on google reveals only a posting from back in the summer
by Fred N. van Kempen about the subject/problem:

http://lists.netfilter.org/pipermail/netfilter-devel/2002-July/008844.html

Does anyone know if there's a fix for this? Is there a helper (connection
tracking) module that can prime the netfilter/DNAT to get the packets
back in by watching the connection set up?

Any help appreciated.

Mike




             reply	other threads:[~2002-12-19 18:49 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-19 18:49 Michael J. Tubby B.Sc. (Hons) G8TIC [this message]
     [not found] <3BAC15E02315BC4783152AC5E9621BB501C7BA1F@trcexcsrv01.trcinc.com>
2002-12-27 18:26 ` NAT of Cisco Voice-Over-IP with Skinny protocol and CallManager Michael J. Tubby B.Sc. (Hons) G8TIC

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='001d01c2a78f$56e16850$6401a8c0@int.thorcom.com' \
    --to=mike@thorcom.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.