Change ip_conntrack_sip default port

Change ip_conntrack_sip default port

[Sebastien VECTEN]

Hi,
 
I tried to change the default port of sip_contrack and h323_conntrack in iptables. The problem is those conntrack are "hard compiled" in the kernel (not as module if not the command "modprobe ip_conntrack_sip port=xxxx" is the solution).
 
I would like to know if its possible to change this port (without change kernel) when the conntrack is "hard compiled" and especially where? (file or sysctl.conf etc... I didn't find)
 
By advance thank you for your assistance.
 
 
.VECTEN Sébastien


To: netfilter@lists.netfilter.org
    netfilter-failover@lists.netfilter.org

Re: Change ip_conntrack_sip default port

[michel banguerski]

Hi Sébastien

There is a match module that may do what you want:
"-m helper" with --helper argument that in wour case sould be
"sip-xxxx" I believe

I came across this in the iptables manual but never tested. Please let
me know if it works for You.

Best regards
Michel

2007/8/23, Sebastien VECTEN <svecten@aressi.fr>:
> Hi,
>
> I tried to change the default port of sip_contrack and h323_conntrack in iptables. The problem is those conntrack are "hard compiled" in the kernel (not as module if not the command "modprobe ip_conntrack_sip port=xxxx" is the solution).
>
> I would like to know if its possible to change this port (without change kernel) when the conntrack is "hard compiled" and especially where? (file or sysctl.conf etc... I didn't find)
>
> By advance thank you for your assistance.
>
>
> .VECTEN Sébastien
>
>
> To: netfilter@lists.netfilter.org
>     netfilter-failover@lists.netfilter.org
>
>
>
>
>

Re: Change ip_conntrack_sip default port

[Pascal Hambourg]

Hello,

Sebastien VECTEN a écrit :
>  
> I tried to change the default port of sip_contrack and h323_conntrack
> in iptables. The problem is those conntrack are "hard compiled" in the
> kernel (not as module if not the command "modprobe ip_conntrack_sip
> port=xxxx" is the solution).
>  
> I would like to know if its possible to change this port (without
> change kernel) when the conntrack is "hard compiled" and especially
> where?

In the bootloader (lilo, grub...) configuration file.

 From linux-2.6.x/Documentation/kernel-parameters.txt :

   Module parameters for loadable modules are specified only as the
   parameter name with optional '=' and value as appropriate, such as:

	modprobe usbcore blinkenlights=1

   Module parameters for modules that are built into the kernel image
   are specified on the kernel command line with the module name plus
   '.' plus parameter name, with '=' and value if appropriate, such as:

	usbcore.blinkenlights=1

Re: Change ip_conntrack_sip default port

[Sebastien VECTEN]

Hi,
 
Thank you for your response, the good solution is the helper module to change the defaut port.
 
-m helper --helper sip-5068 in a rule.
 
Thanks.
 
VECTEN Sébastien

To: netfilter@lists.netfilter.org
Cc: netfilter-failover@lists.netfilter.org

Re: Change ip_conntrack_sip default port

[Jozsef Kadlecsik]

On Mon, 27 Aug 2007, Sebastien VECTEN wrote:

> Thank you for your response, the good solution is the helper module to 
> change the defaut port.
>
> -m helper --helper sip-5068 in a rule.

That is absolutely false: that is a *match*, which cannot do whatsoever 
with the ports of the helpers.

The SIP helper supports to specify the ports to listen to:

# modprobe ip_conntrack_sip ports=5060[,up to 8 ports]

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
           H-1525 Budapest 114, POB. 49, Hungary