Yenya's World

Fri, 06 Oct 2006

SIP versus conntrack

Recently I had problems with SIP calls - using tcpdump I have figured out, that the call setup using SIP works fine, but the actual data stream is sent to host, instead to the host from which the remote user is logged in.

After playing with this for a while, I have reported it to the Ekiga mailing list. With Damien Sandras' help, we have found that the SIP Invite packet gets changed somewhere between the sending side and the receiving side - and the change was exactly the reason of malfunction - the IP address was rewritten to the address of host. Some more tests and tcpdump runs later I have figured out that the problem is in our firewall - I have a connection tracking and NAT code compiled in, even though for now I do not use it. But it seems that the SIP helper in the NAT code triggers in even though no NAT is actually set up.

So I have disabled the connection tracking (iptables -t raw -A PREROUTING -j NOTRACK) for now, and SIP calls work again as expected. The further development can be seen in the Netfilter bug #522 (sorry for the misspelled words there :-( ).

Section: /computers (RSS feed) | Permanent link | 0 writebacks


Yenya's World: Linux and beyond - Yenya's blog.


RSS feed

Jan "Yenya" Kasprzak

The main page of this blog



Blog roll:

alphabetically :-)