* SIP NAT CONTRACK Module with Netfilter in kernel 2.4.x
[not found] <cb81d4010603020310x1f865d2dhf14088682952108@mail.gmail.com>
@ 2006-03-02 11:12 ` Huy Vu Pham
2006-03-04 9:04 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Huy Vu Pham @ 2006-03-02 11:12 UTC (permalink / raw)
To: netfilter-devel
Dear Netfilter Devel list,
I got problem very strange with Netfilter in linux kernel 2.4.x.
I apply contrack/nat SIP protocol
(http://openwrt.alphacore.net/patches/buildroot/317-netfilter-nat-sip
) with HELPER module to capture all RTP packets.
(
#Out from WAN site: eth1
iptables -t mangle -A POSTROUTING -o eth1 -p UDP -m helper --helper
sipd00 -j MARK --set-mark 0x20
#Out from LAN site: eth0
iptables -t mangle -A POSTROUTING -o eth0 -p UDP -m helper --helper
sipd00 -j MARK --set-mark 0x21
)
My test case like this:
SIP PHONE A (Outside NAT) ----- NAT BOX (Have SIP ALG) ------- SIP
PHONE B (Inside NAT).
1. Reboot NAT BOX, A call B. SIP MODULE can capture all RTP packets,
Before RTP timeout, I make the call from B to A also OK.
2. Reboot NAT BOX, B call A. SIP MODULE "CAN NOT" capture any RTP packets.
Before RTP timeout, I make the call from A to B also got the same problem.
What is difference between case (1) and case(2)?
I already tested with kernel from 2.4.20 to 2.4.32. The problem is the same.
Thanks,
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: SIP NAT CONTRACK Module with Netfilter in kernel 2.4.x
2006-03-02 11:12 ` SIP NAT CONTRACK Module with Netfilter in kernel 2.4.x Huy Vu Pham
@ 2006-03-04 9:04 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2006-03-04 9:04 UTC (permalink / raw)
To: Huy Vu Pham; +Cc: netfilter-devel
Huy Vu Pham wrote:
> Dear Netfilter Devel list,
> I got problem very strange with Netfilter in linux kernel 2.4.x.
>
> I apply contrack/nat SIP protocol
> (http://openwrt.alphacore.net/patches/buildroot/317-netfilter-nat-sip
> ) with HELPER module to capture all RTP packets.
> (
> #Out from WAN site: eth1
> iptables -t mangle -A POSTROUTING -o eth1 -p UDP -m helper --helper
> sipd00 -j MARK --set-mark 0x20
> #Out from LAN site: eth0
> iptables -t mangle -A POSTROUTING -o eth0 -p UDP -m helper --helper
> sipd00 -j MARK --set-mark 0x21
> )
>
> My test case like this:
> SIP PHONE A (Outside NAT) ----- NAT BOX (Have SIP ALG) ------- SIP
> PHONE B (Inside NAT).
>
> 1. Reboot NAT BOX, A call B. SIP MODULE can capture all RTP packets,
> Before RTP timeout, I make the call from B to A also OK.
>
> 2. Reboot NAT BOX, B call A. SIP MODULE "CAN NOT" capture any RTP packets.
> Before RTP timeout, I make the call from A to B also got the same problem.
>
> What is difference between case (1) and case(2)?
The SIP helper currently only tracks one direction. I wanted to fix
it for some time, but didn't get to it yet.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-03-04 9:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <cb81d4010603020310x1f865d2dhf14088682952108@mail.gmail.com>
2006-03-02 11:12 ` SIP NAT CONTRACK Module with Netfilter in kernel 2.4.x Huy Vu Pham
2006-03-04 9:04 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.