[asterisk-users] conntrack_sip, iptables, and asterisk
Alex Balashov
abalashov at evaristesys.com
Wed Oct 8 21:57:41 CDT 2008
The problem is that the Linux SIP ALG is not RTP-aware and doesn't NAT
the RTP. If that's changed, it would have to be in the last one or two
kernel releases.
Your solution is OpenSER (Kamailio/OpenSIPS) + nathelper + mediaproxy or
rtpproxy.
OCG Technical Support wrote:
> I have a new Fedora 9 firewall I am setting up in front of an Asterisk
> 1.4 box. I ported over all of my iptables rules..but now have a strange
> problem: SOMETIMES, the audio is only 1-way (i.e. and RTP path problem).
>
>
>
> Can someone offer a tip here? Since I have conntrack_sip loaded on the
> firewall, do I need to:
>
>
>
> 1. Use SIP and RTP port forwarding & prerouting to my asterisk
> box? (SIP clients are outside the LAN) – this is the way I do it now
>
> 2. Remove all SIP and RTP port forwarding & prerouting and assume
> conntrack_sip will do everything?
>
> 3. Allow SIP and RTP **INTO** the firewall, to allow conntrack_sip
> to work?
>
>
>
> Clearly something has changed with conntrack_sip or iptables in the
> latest kernel...so I need to figure this out. Help!
>
>
>
> Thanks!
>
>
>
> Michelle
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599
More information about the asterisk-users
mailing list