SIP through a NAT

This topic contains 1 reply, has 0 voices, and was last updated by  JamesR 6 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #43579

    JamesR
    Member

    I’m using a polycom VOIP solution here with my ZS 2.0 RC2.

    Phones, of course, are on private IP’s NATted through ZeroShell.

    Phone connect, by SIP, to a phone service out on the Internet.

    SIP connections out from the phone to the VOIP server are going over 5090/udp.

    For incoming Calls, the rtp session isn’t completely established so I can’t hear the incoming audio although outgoing audio works. Outgoing calls seem to be OK.

    I tried this to make the netfilter connection tracking work but was unsuccessful in tracking:


    rmmod nf_nat_sip
    rmmod nf_conntrack_sip
    modprobe nf_conntrack_sip ports=5060,5090
    modprobe nf_nat_sip

    This makes it worse: i.e. no audio


    rmmod nf_nat_sip
    rmmod nf_conntrack_sip
    modprobe nf_conntrack_sip ports=5060,5090 sip_direct_signalling=0 sip_direct_media=0
    modprobe nf_nat_sip

    ETH00 is my outside interface (dhcp)
    My phones are on ETH01.11

    NICs…. some info has been obscured….


    root@rtr net> ifconfig -a
    BRIDGE00 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:20921 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:1535554 (1.4 Mb)

    BRIDGE00: Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    BRIDGE01 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:24328802 errors:0 dropped:0 overruns:0 frame:0
    TX packets:26908593 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:10463274351 (9978.5 Mb) TX bytes:25793241821 (24598.3 Mb)

    BRIDGE01: Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    BRIDGE02 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:14267878 errors:0 dropped:0 overruns:0 frame:0
    TX packets:14182298 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:7441598927 (7096.8 Mb) TX bytes:14435362929 (13766.6 Mb)

    BRIDGE02: Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    DEFAULTBR Link encap:Ethernet HWaddr 0A:67:9D:58:CC:B6
    BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    ETH00 Link encap:Ethernet HWaddr 00:11:11:70:DD:15EE
    inet addr:nn.www.xxx.yyy Bcast:nn.www.xxx.255 Mask:255.255.255.128
    inet6 addr: fe80::211:11ff:fe70:ddee/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:50110807 errors:0 dropped:0 overruns:0 frame:0
    TX packets:35492053 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:41095298302 (39191.5 Mb) TX bytes:18285744916 (17438.6 Mb)
    Interrupt:16

    ETH01 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:37347514 errors:0 dropped:1 overruns:0 frame:0
    TX packets:41114100 errors:0 dropped:5076 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:16179233770 (15429.7 Mb) TX bytes:39210963209 (37394.4 Mb)

    ETH01.10 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:971877 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:50895872 (48.5 Mb)

    ETH01.11 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:24340556 errors:0 dropped:0 overruns:0 frame:0
    TX packets:27731625 errors:0 dropped:89 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:10495780712 (10009.5 Mb) TX bytes:25756865007 (24563.6 Mb)

    ETH01.12 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet6 addr: fe80::2e0:53ff:fe08:2129/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:11632349 errors:0 dropped:0 overruns:0 frame:0
    TX packets:12425016 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:4792619095 (4570.5 Mb) TX bytes:13411355692 (12790.0 Mb)

    ETH01:00 Link encap:Ethernet HWaddr 00:E0:53:08:21:29
    inet addr:192.168.3.254 Bcast:192.168.3.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    ETH02 Link encap:Ethernet HWaddr 00:E0:53:07:35:61
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    ETH02:00 Link encap:Ethernet HWaddr 00:E0:53:07:35:61
    inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
    UP BROADCAST MULTICAST MTU:1500 Metric:1

    VPN99 Link encap:Ethernet HWaddr A6:C4:FB:FB:23:FD
    inet6 addr: fe80::a4c4:fbff:fefb:23fd/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:30875 errors:0 dropped:0 overruns:0 frame:0
    TX packets:41606 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:2456354 (2.3 Mb) TX bytes:44064931 (42.0 Mb)

    VPN99:00 Link encap:Ethernet HWaddr A6:C4:FB:FB:23:FD
    inet addr:192.168.250.254 Bcast:192.168.250.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    WLAN01 Link encap:Ethernet HWaddr B8:A3:86:80:11:22
    inet6 addr: fe80::baa3:86ff:fe80:3873/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:109080 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3051294 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:17372948 (16.5 Mb) TX bytes:345453185 (329.4 Mb)

    WLAN02 Link encap:Ethernet HWaddr B8:A3:86:80:38:74
    inet6 addr: fe80::baa3:86ff:fe80:3874/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:2859644 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2690020 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2758616880 (2630.8 Mb) TX bytes:1242852700 (1185.2 Mb)

    bond0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    bond1 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    bond2 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    bond3 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    bond4 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    bond5 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    bond6 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    bond7 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    bond8 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    bond9 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MASTER MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    dummy0 Link encap:Ethernet HWaddr 1E:77:9E:36:CA:53
    inet addr:192.168.141.142 Bcast:192.168.141.255 Mask:255.255.255.0
    BROADCAST NOARP MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:140 (140.0 b)

    dummy1 Link encap:Ethernet HWaddr 6E:69:AE:30:D6:B1
    inet addr:192.168.142.142 Bcast:192.168.142.255 Mask:255.255.255.255
    inet6 addr: fe80::6c69:aeff:fe30:d6b1/64 Scope:Link
    UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:210 (210.0 b)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:12929361 errors:0 dropped:0 overruns:0 frame:0
    TX packets:12929361 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:1946770864 (1856.5 Mb) TX bytes:1946770864 (1856.5 Mb)

    mon.WLAN0 Link encap:UNSPEC HWaddr B8-A3-86-80-11-11-00-00-00-00-00-00-00-00-00-00
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:23386809 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1592804340 (1519.0 Mb) TX bytes:0 (0.0 b)

    mon.WLAN0 Link encap:UNSPEC HWaddr B8-A3-86-80-11-11-00-00-00-00-00-00-00-00-00-00
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:23386809 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1592804340 (1519.0 Mb) TX bytes:0 (0.0 b)

    sit0 Link encap:IPv6-in-IPv4
    NOARP MTU:1480 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    wlan0 Link encap:Ethernet HWaddr B8:A3:86:80:11:11
    BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    Bridges


    root@rtr net> brctl show
    bridge name bridge id STP enabled interfaces
    BRIDGE00 8000.00e053082129 yes ETH01.10
    BRIDGE01 8000.00e053082129 yes ETH01.11
    WLAN01
    BRIDGE02 8000.00e053082129 no ETH01.12
    WLAN02
    DEFAULTBR 8000.000000000000 no

    Here’s my fw tables.
    filter table


    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    SYS_GUI all -- 0.0.0.0/0 0.0.0.0/0
    SYS_INPUT all -- 0.0.0.0/0 0.0.0.0/0
    SYS_HTTPS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    SYS_HTTPS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    SYS_SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    ACCEPT all -- 0.0.0.0/0 192.168.1.1 state NEW,ESTABLISHED
    LOG tcp -- 192.168.1.0/24 192.168.0.3 limit: avg 4/hour burst 15 LOG flags 0 level 4 prefix "INPUT/008"
    ACCEPT tcp -- 192.168.1.0/24 192.168.0.3
    LOG all -- 0.0.0.0/0 192.168.0.0/24 limit: avg 10/hour burst 15 LOG flags 0 level 4 prefix "INPUT/009"
    REJECT all -- 0.0.0.0/0 192.168.0.0/24 reject-with icmp-net-unreachable
    LOG all -- 0.0.0.0/0 192.168.2.0/24 state NEW limit: avg 5/hour burst 15 LOG flags 0 level 4 prefix "INPUT/010"
    DROP all -- 0.0.0.0/0 192.168.2.0/24 state NEW
    LOG all -- 0.0.0.0/0 192.168.2.2 state NEW,RELATED,ESTABLISHED limit: avg 10/hour burst 15 LOG flags 0 level 4 prefix "INPUT/011"
    ACCEPT all -- 0.0.0.0/0 192.168.2.2 state NEW,RELATED,ESTABLISHED
    REJECT all -- 0.0.0.0/0 192.168.2.0/24 reject-with icmp-host-unreachable
    LOG udp -- 192.168.2.0/24 208.67.220.123 udp dpt:53 limit: avg 10/hour burst 5 LOG flags 0 level 4 prefix "INPUT/013"
    ACCEPT udp -- 192.168.2.0/24 208.67.220.123 udp dpt:53
    LOG udp -- 0.0.0.0/0 208.67.222.123 udp dpt:53 limit: avg 2/hour burst 15 LOG flags 0 level 4 prefix "INPUT/014"
    ACCEPT udp -- 0.0.0.0/0 208.67.222.123 udp dpt:53
    LOG udp -- 192.168.2.0/24 0.0.0.0/0 udp dpt:53 limit: avg 10/hour burst 15 LOG flags 0 level 4 prefix "INPUT/015"
    DROP udp -- 192.168.2.0/24 0.0.0.0/0 udp dpt:53
    LOG all -- 0.0.0.0/0 192.168.1.0/24 limit: avg 2/min burst 15 LOG flags 0 level 4 prefix "INPUT/016"
    DROP all -- 0.0.0.0/0 192.168.1.0/24
    LOG all -- 0.0.0.0/0 192.168.0.0/24 limit: avg 1/min burst 15 LOG flags 0 level 4 prefix "INPUT/017"
    DROP all -- 0.0.0.0/0 192.168.0.0/24
    ACCEPT udp -- 0.0.0.0/0 255.255.255.255
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
    ACCEPT all -- 0.0.0.0/0 224.0.0.0/9
    LOG all -- 0.0.0.0/0 !192.168.0.0/16 limit: avg 4/hour burst 15 LOG flags 0 level 4 prefix "INPUT/021"
    ACCEPT all -- 0.0.0.0/0 !192.168.0.0/16
    LOG all -- 0.0.0.0/0 !192.168.0.0/16 PHYSDEV match --physdev-in WLAN02 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix "INPUT/022"
    ACCEPT all -- 0.0.0.0/0 !192.168.0.0/16 PHYSDEV match --physdev-in WLAN02

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    LOG udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5090 limit: avg 3/min burst 15 LOG flags 0 level 4 prefix "FORWARD/002"
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5090

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    SYS_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
    LOG udp -- 0.0.0.0/0 192.168.1.66 state NEW,RELATED,ESTABLISHED limit: avg 5/min burst 15 LOG flags 0 level 4 prefix "OUTPUT/009"
    ACCEPT udp -- 0.0.0.0/0 192.168.1.66 state NEW,RELATED,ESTABLISHED
    LOG udp -- 192.168.1.66 0.0.0.0/0 state NEW,RELATED,ESTABLISHED limit: avg 10/min burst 15 LOG flags 0 level 4 prefix "OUTPUT/010"
    ACCEPT udp -- 192.168.1.66 0.0.0.0/0 state NEW,RELATED,ESTABLISHED

    Chain NetBalancer (0 references)
    target prot opt source destination

    Chain Proxy (0 references)
    target prot opt source destination
    ACCEPT all -- 192.168.0.0/24 0.0.0.0/0
    DROP all -- 0.0.0.0/0 0.0.0.0/0

    Chain SYS_GUI (1 references)
    target prot opt source destination
    ACCEPT tcp -- 192.168.1.181 0.0.0.0/0 tcp dpt:12081

    Chain SYS_HTTPS (2 references)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

    Chain SYS_INPUT (1 references)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8245 state ESTABLISHED
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:123 state ESTABLISHED
    RETURN all -- 0.0.0.0/0 0.0.0.0/0

    Chain SYS_OUTPUT (1 references)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8245
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123
    RETURN all -- 0.0.0.0/0 0.0.0.0/0

    Chain SYS_SSH (1 references)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 192.168.3.0/24 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    DROP all -- 0.0.0.0/0 0.0.0.0/0

    mangle table


    root@rtr net> iptables -n -t mangle -L
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    QoS all -- 0.0.0.0/0 0.0.0.0/0

    Chain NB_CT_POST (0 references)
    target prot opt source destination
    CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK save

    Chain NB_CT_PRE (0 references)
    target prot opt source destination
    CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK save

    Chain NB_FO_PRE (0 references)
    target prot opt source destination

    Chain NB_STAT (0 references)
    target prot opt source destination

    Chain NetBalancer (0 references)
    target prot opt source destination

    Chain OpenVPN (0 references)
    target prot opt source destination

    Chain QoS (1 references)
    target prot opt source destination
    MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK and 0x0
    MARK udp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp spts:5060:5090 MARK set 0xb
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5100 MARK set 0xb
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:8000:8200 MARK set 0xb
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:16384:16482 MARK set 0xb
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    MARK all -- 192.168.1.101 0.0.0.0/0 MARK set 0xd
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    MARK udp -- 192.168.2.0/24 0.0.0.0/0 udp dpts:!67:68 connbytes 307200 connbytes mode bytes connbytes direction both MARK set 0xf
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    MARK all -- 192.168.2.0/24 0.0.0.0/0 MARK set 0xf
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    MARK udp -- 0.0.0.0/0 192.168.2.0/24 udp dpts:!67:68 connbytes 307200 connbytes mode bytes connbytes direction both MARK set 0xe
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    MARK all -- 0.0.0.0/0 192.168.2.0/24 connbytes 204800 connbytes mode bytes connbytes direction both MARK set 0xe
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0

    nat table


    root@rtr net> iptables -t nat -L -n
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    Proxy tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    SNATVS all -- 0.0.0.0/0 0.0.0.0/0
    MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
    OpenVPN all -- 0.0.0.0/0 0.0.0.0/0

    Chain OpenVPN (1 references)
    target prot opt source destination
    MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.250.1-192.168.250.253

    Chain Proxy (1 references)
    target prot opt source destination
    REDIRECT tcp -- 192.168.0.0/24 0.0.0.0/0 redir ports 55559

    Chain SNATVS (1 references)
    target prot opt source destination
    MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 source IP range 10.10.10.1-10.10.10.250

    I’m really not current on iptables so I’m certain that I have done something silly or missed something

    modules


    root@rtr net> lsmod
    Module Size Used by
    nf_nat_sip 5327 0
    nf_conntrack_sip 15548 1 nf_nat_sip
    ecb 1533 0
    ppp_mppe 4948 0
    ppp_async 5846 0
    ppp_generic 16053 2 ppp_mppe,ppp_async
    slhc 4157 1 ppp_generic
    xt_layer7 9783 0
    nf_conntrack_netlink 16132 0
    xt_iprange 1180 2
    ipt_REDIRECT 803 1
    cls_fw 3390 13
    sch_sfq 8530 13
    sch_htb 12571 5
    ipt_MASQUERADE 1254 3
    bonding 80618 0
    8021q 14801 0
    garp 4512 1 8021q
    tun 11550 2
    bridge 63988 0
    stp 1096 2 garp,bridge
    iptable_nat 3055 1
    xt_connbytes 1611 3
    xt_mark 817 19
    xt_physdev 1328 2
    ipt_REJECT 1917 2
    xt_LOG 10315 14
    xt_limit 1279 14
    xt_state 891 15
    xt_connmark 1353 2
    iptable_mangle 1012 1
    iptable_filter 852 1
    ip_tables 8748 3 iptable_nat,iptable_mangle,iptable_filter
    nf_nat_pptp 1870 0
    nf_nat_proto_gre 941 1 nf_nat_pptp
    nf_nat_ftp 1240 0
    nf_nat_h323 5027 0
    nf_nat 11200 8 nf_nat_sip,ipt_REDIRECT,ipt_MASQUERADE,iptable_nat,nf_nat_pptp,nf_nat_proto_gre,nf_nat_ftp,nf_nat_h323
    nf_conntrack_tftp 2489 0
    nf_conntrack_pptp 3541 1 nf_nat_pptp
    nf_conntrack_proto_gre 3480 1 nf_conntrack_pptp
    nf_conntrack_irc 2567 0
    nf_conntrack_ftp 4752 1 nf_nat_ftp
    nf_conntrack_h323 35478 1 nf_nat_h323
    dummy 1574 0
    ext4 378005 1
    jbd2 59411 1 ext4
    crc16 1051 1 ext4
    pata_acpi 2252 0
    arc4 1046 2
    ath9k 79902 0
    mac80211 378096 1 ath9k
    ath9k_common 1532 1 ath9k
    ath9k_hw 323027 2 ath9k,ath9k_common
    iTCO_wdt 10569 0
    ath 12405 3 ath9k,ath9k_common,ath9k_hw
    cfg80211 157381 3 ath9k,mac80211,ath
    r8169 40441 0
    iTCO_vendor_support 1441 1 iTCO_wdt
    rfkill 7777 3 cfg80211
    i2c_i801 6742 0
    tg3 121153 0
    mii 3303 1 r8169
    ehci_hcd 47945 0
    uhci_hcd 26718 0

    connection tracking. BTW, the phone is at 192.168.1.66


    01:47:55 [UPDATE] udp 17 3585 src=192.168.1.66 dst=199.68.213.126 sport=5078 dport=5090 src=199.68.213.126 dst=nn.www.xxx.yyy sport=5090 dport=5078 [ASSURED]
    01:48:12 [NEW] udp 17 30 src=192.168.1.66 dst=199.68.213.126 sport=16384 dport=63794 [UNREPLIED] src=199.68.213.126 dst=nn.www.xxx.yyy sport=63794 dport=16384
    01:48:12 [NEW] udp 17 30 src=192.168.1.66 dst=192.168.1.1 sport=1051 dport=53 [UNREPLIED] src=192.168.1.1 dst=192.168.1.66 sport=53 dport=1051
    01:48:12 [UPDATE] udp 17 30 src=192.168.1.66 dst=192.168.1.1 sport=1051 dport=53 src=192.168.1.1 dst=192.168.1.66 sport=53 dport=1051
    01:48:12 [NEW] udp 17 30 src=192.168.1.66 dst=199.68.213.228 sport=16384 dport=47448 [UNREPLIED] src=199.68.213.228 dst=nn.www.xxx.yyy sport=47448 dport=1058
    01:48:17 [NEW] udp 17 30 src=192.168.1.66 dst=199.68.213.228 sport=16385 dport=47449 [UNREPLIED] src=199.68.213.228 dst=nn.www.xxx.yyy sport=47449 dport=16385
    01:48:42 [DESTROY] udp 17 src=192.168.1.66 dst=199.68.213.126 sport=16384 dport=63794 packets=4 bytes=800 [UNREPLIED] src=199.68.213.126 dst=nn.www.xxx.yyy sport=63794 dport=16384 packets=0 bytes=0
    01:48:42 [DESTROY] udp 17 src=192.168.1.66 dst=192.168.1.1 sport=1051 dport=53 packets=1 bytes=76 src=192.168.1.1 dst=192.168.1.66 sport=53 dport=1051 packets=1 bytes=128
    01:48:52 [DESTROY] udp 17 src=192.168.1.66 dst=199.68.213.228 sport=16385 dport=47449 packets=2 bytes=232 [UNREPLIED] src=199.68.213.228 dst=nn.www.xxx.yyy sport=47449 dport=16385 packets=0 bytes=0
    01:48:53 [DESTROY] udp 17 src=192.168.1.66 dst=199.68.213.228 sport=16384 dport=47448 packets=565 bytes=111440 [UNREPLIED] src=199.68.213.228 dst=nn.www.xxx.yyy sport=47448 dport=1058 packets=0 bytes=0

    I’m real tired so I may have missed something. Please excuse mistakes.

    Sincerely
    James

    #52670

    JamesR
    Member

    Oh, a few other details which are interesting…

    1. ZeroShell replaced a DD-WRT router. WRT is a 2.6 Linux kernel and that has the nat tracking of SIP. So I don’t think I can say that Linux can’t do the job. I didn’t change the network design. The phones use the same IP & gateway address.
    2. Interesting that one of the phones is REALLY bad about the symptom, 192.168.1.66 whilst 192.168.1.67. They are the same phone model. Polycom controls them so I don’t know if they’re doing something different for one phone over another
    3. My troubleshooting was with the 1.66 phone
    #52671

    JamesR
    Member

    I determined that I needed to setup my Forward Rule to deal with the NAT. Now I think I did have to set the sip port to track 5090/udp, too which is not likely to survive through a reboot unless I script the change.

    Anybody know how to set modprobe parms in ZeroShell?

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.