Author: Patrick McHardy Date: To: Victor Julien CC: Netfilter Developers List Subject: Re: Patch for H323 connection tracking for kernel 2.6.14 and Panic
with SIP tracking
Victor Julien wrote: > Hmmm, while it still hasn't crashed on me, i can't get it to operate
> either. I am using 2.6.15 + pom 20060101 + the above fix. I am trying to
> get the following setup working:
>
> softphone (lan) --- sip proxy on gateway --- sip server (@isp)
>
> I have rules to allow port 5060/udp. I expected that by loading
> ip_conntrack_sip this rule, together with accepting
> all RELATED traffic, sip conversations would work.
>
> If i call a number, i see the following entry appear in
> /proc/net/ip_conntrack_expect:
> 176 proto=17 src=217.66.118.164 dst=80.126.xx.xx sport=0 dport=7071
> 176 proto=17 src=192.168.1.1 dst=192.168.1.2 sport=0 dport=8000
>
> (lan client 192.168.1.2, firewall has 192.168.1.1 and 80.126.xx.xx, sip
> server is 217.66.118.164).
>
> But the connection does not work. I have added the following rule to all
> chains in all tables (mangle, nat, filter):
> iptables -t <table> -I <chain> 1 -m helper --helper sip
> to see if the sip match ever gets reached, but all counters remain on 0
> all the time.
>
> If i do the same for ftp, i can see the counters increase.
>
> Does anyone have an idea what is going wrong?
Try to find out if the expectations ports are correct by logging
the incoming traffic or using tcpdump.
