* SIP connection tracking
@ 2003-12-03 15:29 prabha
0 siblings, 0 replies; 9+ messages in thread
From: prabha @ 2003-12-03 15:29 UTC (permalink / raw)
To: netfilter@lists.netfilter.org
Hi
I would like to know if there is a SIP connection tracking support
in IPTables now.
Regards
Prabha
^ permalink raw reply [flat|nested] 9+ messages in thread
* SIP Connection Tracking
@ 2004-04-13 7:48 Anirudha Chinmulgund
0 siblings, 0 replies; 9+ messages in thread
From: Anirudha Chinmulgund @ 2004-04-13 7:48 UTC (permalink / raw)
To: netfilter-devel
Hi,
Is there a SIP Connections tracking/NAT module implemented?
Thanks
-Jadya
_________________________________________________________________
Get rid of annoying pop-up ads with the new MSN Toolbar – FREE!
http://toolbar.msn.com/go/onm00200414ave/direct/01/
^ permalink raw reply [flat|nested] 9+ messages in thread
* SIP connection tracking
@ 2006-05-09 5:37 Sagara Wijetunga
2006-05-09 6:00 ` Marius-Iulian Corici
2006-05-09 8:53 ` Rob Sterenborg
0 siblings, 2 replies; 9+ messages in thread
From: Sagara Wijetunga @ 2006-05-09 5:37 UTC (permalink / raw)
To: netfilter
Hi all
I'm trying to prioritize the out going SIP related
traffic from my desktop computer.
I tried:
iptables -t mangle -A POSTROUTING \
-m helper --helper sip -m state --state
ESTABLISHED,RELATED \
-j ...
It simply doesn't detect SIP related traffic!
I'm using Linux kernel 2.6.11.9, iptables 1.3.5 and
sip-conntrack-nat from patch-o-matic-ng-20060502.
I have enabled the Mangling, SIP support in the kernel
(as built-in, not as a module).
Have I missed something? any ideas?
Thanks
Kind regards
Sagara
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: SIP connection tracking
2006-05-09 5:37 SIP connection tracking Sagara Wijetunga
@ 2006-05-09 6:00 ` Marius-Iulian Corici
2006-05-09 8:33 ` Sagara Wijetunga
2006-05-09 8:53 ` Rob Sterenborg
1 sibling, 1 reply; 9+ messages in thread
From: Marius-Iulian Corici @ 2006-05-09 6:00 UTC (permalink / raw)
To: netfilter
Only the SIP (signaling traffic) or also the voice traffic (RTP traffic - you
can see it with tcpdump)?
Take a short look at the priotitization in OpenWRT distribution.
It prioritizes on some "a little" bit different criteria.
Anyway, usually the SIP is udp
Marius
On Tuesday 09 May 2006 07:37, Sagara Wijetunga wrote:
> Hi all
>
> I'm trying to prioritize the out going SIP related
> traffic from my desktop computer.
>
> I tried:
>
> iptables -t mangle -A POSTROUTING \
> -m helper --helper sip -m state --state
> ESTABLISHED,RELATED \
> -j ...
>
> It simply doesn't detect SIP related traffic!
>
> I'm using Linux kernel 2.6.11.9, iptables 1.3.5 and
> sip-conntrack-nat from patch-o-matic-ng-20060502.
>
> I have enabled the Mangling, SIP support in the kernel
> (as built-in, not as a module).
>
> Have I missed something? any ideas?
>
> Thanks
>
> Kind regards
> Sagara
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
--
Dipl. Eng. Marius-Iulian Corici
FOKUS/NGNI
We are changing the world because God helped us hack His source code ...
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: SIP connection tracking
2006-05-09 6:00 ` Marius-Iulian Corici
@ 2006-05-09 8:33 ` Sagara Wijetunga
0 siblings, 0 replies; 9+ messages in thread
From: Sagara Wijetunga @ 2006-05-09 8:33 UTC (permalink / raw)
To: Marius-Iulian Corici; +Cc: netfilter
--- Marius-Iulian Corici
<marius-Iulian.corici@fokus.fraunhofer.de> wrote:
> Only the SIP (signaling traffic) or also the voice
> traffic (RTP traffic - you
> can see it with tcpdump)?
> Take a short look at the priotitization in OpenWRT
> distribution.
> It prioritizes on some "a little" bit different
> criteria.
> Anyway, usually the SIP is udp
>
Thanks for the reply.
I can see all packets passing thru the interface
(ppp0).
The issue is the rule does not match to either SIP
(signaling traffic) or RTP traffic at all.
Does it work for you?
I'll have a look at the OpenWRT.
Thanks again
Sagara
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: SIP connection tracking
2006-05-09 5:37 SIP connection tracking Sagara Wijetunga
2006-05-09 6:00 ` Marius-Iulian Corici
@ 2006-05-09 8:53 ` Rob Sterenborg
2006-05-09 9:38 ` Sagara Wijetunga
1 sibling, 1 reply; 9+ messages in thread
From: Rob Sterenborg @ 2006-05-09 8:53 UTC (permalink / raw)
To: netfilter
On Tue, May 9, 2006 07:37, Sagara Wijetunga wrote:
> Hi all
>
> I'm trying to prioritize the out going SIP related
> traffic from my desktop computer.
>
> I tried:
>
> iptables -t mangle -A POSTROUTING -m helper --helper \
> sip -m state --state ESTABLISHED,RELATED \
> -j ...
>
> It simply doesn't detect SIP related traffic!
Perhaps only NEW traffic passes the mangle table, just like the nat table.. If
that is the case, ESTABLISHED and RELATED packets are (probably) treated the
same way as the NEW packet.
But, I'm not sure about this.. Did you test that ?
Gr,
Rob
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: SIP connection tracking
2006-05-09 8:53 ` Rob Sterenborg
@ 2006-05-09 9:38 ` Sagara Wijetunga
0 siblings, 0 replies; 9+ messages in thread
From: Sagara Wijetunga @ 2006-05-09 9:38 UTC (permalink / raw)
To: Rob Sterenborg; +Cc: netfilter
--- Rob Sterenborg <rob@sterenborg.info> wrote:
> On Tue, May 9, 2006 07:37, Sagara Wijetunga wrote:
> > Hi all
> >
> > I'm trying to prioritize the out going SIP related
> > traffic from my desktop computer.
> >
> > I tried:
> >
> > iptables -t mangle -A POSTROUTING -m helper
> --helper \
> > sip -m state --state ESTABLISHED,RELATED \
> > -j ...
> >
> > It simply doesn't detect SIP related traffic!
>
> Perhaps only NEW traffic passes the mangle table,
> just like the nat table.. If
> that is the case, ESTABLISHED and RELATED packets
> are (probably) treated the
> same way as the NEW packet.
> But, I'm not sure about this.. Did you test that ?
>
iptables -t mangle -A POSTROUTING \
-p udp --dport 5060 \
-j <mark packets>
Tcpdump shows entire SIP communication is marked up to
the last ACK packet.
This shows packets related to an ESTABLISHED
connection goes thru the mangle table.
Iptables man page doesn't say any restriction.
Regards
Sagara
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
^ permalink raw reply [flat|nested] 9+ messages in thread
* Sip Connection Tracking
@ 2006-08-14 9:56 Siqhamo Sifo
2006-08-15 1:22 ` Ming-Ching Tiew
0 siblings, 1 reply; 9+ messages in thread
From: Siqhamo Sifo @ 2006-08-14 9:56 UTC (permalink / raw)
To: netfilter
I recently recompiled my kernel with Sip support and now I have a problem
with
ip_nat_sip and ip_conntrack_sip.They do not seem to be working , see I do
port
forwarding to my asterisk box behind the NAT and I can connect
successfully from outside using xlite.The problem is that I do not get any
audio , reason being that when I take a look at the packets which r
coming from my asterisk box thorough the nat I find that I the SIP headers
under the SDP section the connection address still refers to my asterisk
box behind the NAT and hence the RTP packets r sent to my 10.* ip which
does not make sense .
Siqhamo
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Sip Connection Tracking
2006-08-14 9:56 Sip Connection Tracking Siqhamo Sifo
@ 2006-08-15 1:22 ` Ming-Ching Tiew
0 siblings, 0 replies; 9+ messages in thread
From: Ming-Ching Tiew @ 2006-08-15 1:22 UTC (permalink / raw)
To: netfilter
I have similar experience with 2.6.17 ( patch-o-matic ng ) and
2.6.18 ( vanilla ). Now I really wonder if the sip conntrack is
working.
----- Original Message -----
From: "Siqhamo Sifo" <siqhamo@newlunar.co.za>
To: <netfilter@lists.netfilter.org>
Sent: Monday, August 14, 2006 5:56 PM
Subject: Sip Connection Tracking
> I recently recompiled my kernel with Sip support and now I have a problem
> with
> ip_nat_sip and ip_conntrack_sip.They do not seem to be working , see I do
> port
> forwarding to my asterisk box behind the NAT and I can connect
> successfully from outside using xlite.The problem is that I do not get any
> audio , reason being that when I take a look at the packets which r
> coming from my asterisk box thorough the nat I find that I the SIP headers
> under the SDP section the connection address still refers to my asterisk
> box behind the NAT and hence the RTP packets r sent to my 10.* ip which
> does not make sense .
>
> Siqhamo
>
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2006-08-15 1:22 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-12-03 15:29 SIP connection tracking prabha
-- strict thread matches above, loose matches on Subject: below --
2004-04-13 7:48 SIP Connection Tracking Anirudha Chinmulgund
2006-05-09 5:37 SIP connection tracking Sagara Wijetunga
2006-05-09 6:00 ` Marius-Iulian Corici
2006-05-09 8:33 ` Sagara Wijetunga
2006-05-09 8:53 ` Rob Sterenborg
2006-05-09 9:38 ` Sagara Wijetunga
2006-08-14 9:56 Sip Connection Tracking Siqhamo Sifo
2006-08-15 1:22 ` Ming-Ching Tiew
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.