bugzilla-daemon@bugzilla.netfilter.org
2006-Oct-06 18:46 UTC
[Bug 522] New: SIP helper(?) mangles packets even when inactive
bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=522 Summary: SIP helper(?) mangles packets even when inactive Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: All Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo: laforge@netfilter.org ReportedBy: kas@fi.muni.cz I use a netfilter-based firewall (currently Fedora Core 5/x86_64 with three gigabit NICs). The firewall does not use NAT, does not use conntrack-based rules (-m state), and does not use the mangle rules. However, I have the conntrack support compiled in, as I plan to move the firewall setup to the conntrack-based configuration in the future. I have various helpers compiled in, including a SIP helper. Recently I had problems via SIP (ekiga client) to and from the outside world. Using tcpdump I have discovered that when calling sip:user@ekiga.net, my workstation sent all RTP traffic to the ekiga.net host, instead of the host where the remote user has been logged in. I ran cpdump on both my local workstation and on the external interface of my firewall, while calling from the outside host to the internal network. It seems that the firewall mangles the SIP Invite packet: when received from the outside interface the request line reads "INVITE: sip:yenya@<ip.address.of.my.workstation>:5064;transport=udp", while when received by my workstation, it reads "INVITE: sip:yenya@213.186.62.145:5060;transport=udp" (the IP address here is the address of the SIP server, ekiga.net). After running "iptables -t raw -A PREROUTING -j NOTRACK" SIP calls work as expected. But I think any helper (be it NAT or conntrack) shouldn't mangle packets, unless the NAT is actually set up. Details, including tcpdumps, available when requested. The kernel in question is 2.6.18. -- Configure bugmail: bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.