|
|
|
Re: nf_conntrack_sip problem | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Joerg Dorchain wrote:
On Wed, Jul 01, 2009 at 02:03:40PM +0200, Patrick McHardy wrote:Depending on how your SIP provider works, you might need to set the sip_direct_signalling option to zero (in case signalling connections can arrive from different addresses than the one registered with), additionally you might need to set the sip_direct_media option to 0 in case the RTP streams arrive from different addresses than the signalling endpoint.I tried this. Actually, it makes things worse. Now Asteriskcomplains: [Jul 1 16:17:46] WARNING[20516]: chan_sip.c:1787 __sip_xmit:sip_xmit of 0x86f8de0 (len 384) to 217.10.79.9:5060 returned -1: Operation not permitted (Trying to register with sipgate.de; registration in parallel with tel.lu seems to work)
sipgate needs sip_direct_media=0 since the RTP streams originate from a seperate cluster. Did you load the NAT module before the conntrack module?
nf_conntrack_sip without options on a trial incoming call however gives: # conntrack -E expect 180 proto=17 src=85.93.219.114 dst=212.88.133.153 sport=0 dport=7070 180 proto=17 src=85.93.219.114 dst=212.88.133.153 sport=0 dport=7071
Besides the direct_media option, I assume you're accepting EXPECTED and RELATED packets? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development] [Linux Kernel Development] [TCP/IP Books] [Linux Resources] [LARTC] [Home] [Bugtraq] [Consulting] [Free Internet Dating] [Yosemite Forum] [Photo]
|
|