From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: SIP NAT CONTRACK Module with Netfilter in kernel 2.4.x Date: Sat, 04 Mar 2006 10:04:53 +0100 Message-ID: <44095835.7010703@trash.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: netfilter-devel@lists.netfilter.org Return-path: To: Huy Vu Pham In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Huy Vu Pham wrote: > Dear Netfilter Devel list, > I got problem very strange with Netfilter in linux kernel 2.4.x. > > I apply contrack/nat SIP protocol > (http://openwrt.alphacore.net/patches/buildroot/317-netfilter-nat-sip > ) with HELPER module to capture all RTP packets. > ( > #Out from WAN site: eth1 > iptables -t mangle -A POSTROUTING -o eth1 -p UDP -m helper --helper > sipd00 -j MARK --set-mark 0x20 > #Out from LAN site: eth0 > iptables -t mangle -A POSTROUTING -o eth0 -p UDP -m helper --helper > sipd00 -j MARK --set-mark 0x21 > ) > > My test case like this: > SIP PHONE A (Outside NAT) ----- NAT BOX (Have SIP ALG) ------- SIP > PHONE B (Inside NAT). > > 1. Reboot NAT BOX, A call B. SIP MODULE can capture all RTP packets, > Before RTP timeout, I make the call from B to A also OK. > > 2. Reboot NAT BOX, B call A. SIP MODULE "CAN NOT" capture any RTP packets. > Before RTP timeout, I make the call from A to B also got the same problem. > > What is difference between case (1) and case(2)? The SIP helper currently only tracks one direction. I wanted to fix it for some time, but didn't get to it yet.