Author: Patrick McHardy Date: To: Victor Julien CC: Netfilter Developers List New-Topics: sip connection tracking & expectations Subject: Re: Patch for H323 connection tracking for kernel 2.6.14 and Panic
with SIP tracking
Victor Julien wrote: >> Try to find out if the expectations ports are correct by logging
>> the incoming traffic or using tcpdump.
>>
>
> When making a call:
>
> # cat /proc/net/ip_conntrack_expect
> 174 proto=17 src=217.66.118.164 dst=80.126.43.45 sport=0 dport=7071
> 174 proto=17 src=192.168.1.1 dst=192.168.1.2 sport=0 dport=8000
>
> tcpdump:
> 13:05:46.220869 IP 192.168.1.2.8000 > 192.168.1.1.7072: UDP, length: 172
>
> syslog:
> Jan 6 13:05:46 sanctorium kernel: vrmr: REJECT reject-in IN=eth0 OUT=
> MAC=aa:00:04:00:0a:04:00:90:27:57:31:29:08:00 SRC=192.168.1.2
> DST=192.168.1.1 LEN=200 TOS=0x00 PREC=0x00 TTL=64 ID=401 DF PROTO=UDP
> SPT=8000 DPT=7072 LEN=180
>
> REJECT is the default policy for lan to firewall traffic.
>
> Can it be that the expectation direction is wrong?
> dropped traffic is src 192.168.1.2:8000 to dst 192.168.1.1:7072
> expect is src 192.168.1.1 to dst 192.168.1.2:8000
Possible. In which direction (relative to registration) does
the call go?
