Fri, 06 Oct 2006
SIP versus conntrack
Recently I had problems with SIP calls - using
I have figured out, that the call setup using SIP works fine, but the
actual data stream is sent to
ekiga.net host, instead to
the host from which the remote user is logged in.
After playing with this for a while, I have reported it to the Ekiga
mailing list. With Damien Sandras' help, we have found that the SIP
Invite packet gets changed somewhere between the sending side and
the receiving side - and the change was exactly the reason of malfunction
- the IP address was
rewritten to the address of
ekiga.net host. Some more tests
tcpdump runs later I have figured out that the problem is
in our firewall - I have a connection tracking and NAT code compiled in,
even though for now I do not use it. But it seems that the SIP helper
in the NAT code triggers in even though no NAT is actually set up.
So I have disabled the connection tracking (
iptables -t raw -A
PREROUTING -j NOTRACK) for now, and SIP calls work again as
expected. The further development can be seen in the Netfilter
#522 (sorry for the misspelled words there :-( ).