thr3ads.net - Shorewall users - 2 ADSL + SIP [Sep 2012]

If this information is useful, please help other people find it:
Share via:

Nico Pagliaro

2012-Sep-17 12:21 UTC

2 ADSL + SIP

Hi everybody, I am having this issue.
I have 2 ADSL in my box, one for SIP connections only (VoIP) and the other
one for Internet general traffic. The problem is that suddenly my Sip
software or phone disconnects from my sip server. I do a if down ppp0 or
ppp1 ( Sometimes work with one or the other, I can figure it why) and then
my sip software get connected.
I dont know why. Maybe is something with the default route or when my adsl
change the dynamic ip. I dont know.
Here is my complete conf. I something is missing, let me know.

My box has shorewall installed with 2 ADSL and pptpd

ppp0 - ADSL connection (I use this only for VoIP). this is in eth1
ppp1 - ADSL connection. Internet Traffic. This is in eth2
eth0 - LAN - 192.168.10.0/24

IFCONFIG
----------------
eth0      Link encap:Ethernet  HWaddr 00:14:85:AB:93:84
          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0

eth1      Link encap:Ethernet  HWaddr 90:F6:52:03:A0:B6
          inet6 addr: fe80::92f6:52ff:fe03:a0b6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth2      Link encap:Ethernet  HWaddr 00:01:02:E8:6D:6F
          inet6 addr: fe80::201:2ff:fee8:6d6f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

ppp0      Link encap:Point-to-Point Protocol
          inet addr:186.48.234.250  P-t-P:200.40.21.7  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

ppp1      Link encap:Point-to-Point Protocol
          inet addr:186.48.226.199  P-t-P:200.40.21.7  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

ppp2      Link encap:Point-to-Point Protocol
          inet addr:192.168.10.80  P-t-P:192.168.10.90  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1



SHOREWALL CONF
---------------------------------

INTERFACES
=========FORMAT 2
###############################################################################
#ZONE           INTERFACE               OPTIONS
loc             eth0
net             ppp0
net             ppp1
vpn             ppp2                     routeback


ZONES
=====#ZONE   TYPE            OPTIONS         IN                      OUT
#                                       OPTIONS                 OPTIONS
fw      firewall
net     ipv4
loc     ipv4
vpn     ipv4


MASQ
====#INTERFACE:DEST         SOURCE          ADDRESS         PROTO   PORT(S)
IPSEC   MARK    USER/   SWITCH


eth0                    192.168.10.0/24
ppp1                    192.168.10.0/24
ppp0                    192.168.10.0/24
ppp2                    192.168.10.0/24

RULES (this is for now while I am testing)
====ACCEPT    loc             net      all


PROVIDERS
========#NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY
OPTIONS         COPY
voip         1       1       -            ppp0             -
track
internet    2       2       -            ppp1             -
track

RTRULES (that IP address in the DEST is my VoIP box)
======#SOURCE                 DEST                    PROVIDER        PRIORITY
     MASK
eth0                    208.43.135.17                       voip
 1000


TCRULE (5060 my sip port)
=====
1:P     192.168.10.0/24 0.0.0.0/0       tcp     5060,5061,5062
1:P     192.168.10.0/24 0.0.0.0/0       udp     5060,5061,5062

ROUTE -N
=====Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
200.40.21.7     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
200.40.21.7     0.0.0.0         255.255.255.255 UH    0      0        0 ppp1
192.168.10.0    0.0.0.0         255.255.255.0   U       0      0        0
eth0
169.254.0.0     0.0.0.0         255.255.0.0       U       0      0        0
eth0

Shorewall.conf
==========
ACCOUNTING_TABLE=filter

ADD_IP_ALIASES=No

ADD_SNAT_ALIASES=No

ADMINISABSENTMINDED=Yes

AUTO_COMMENT=Yes

AUTOMAKE=No

BLACKLISTNEWONLY=Yes

CLAMPMSS=No

CLEAR_TC=Yes

COMPLETE=No

DELETE_THEN_ADD=Yes

DETECT_DNAT_IPADDRS=No

DISABLE_IPV6=No

DONT_LOAD
DYNAMIC_BLACKLIST=Yes

EXPAND_POLICIES=Yes

EXPORTMODULES=Yes

FASTACCEPT=No

FORWARD_CLEAR_MARK
IMPLICIT_CONTINUE=No

IPSET_WARNINGS=Yes

IP_FORWARDING=On

KEEP_RT_TABLES=No

LEGACY_FASTSTART=Yes

LOAD_HELPERS_ONLY=No

MACLIST_TABLE=filter

MACLIST_TTL
MANGLE_ENABLED=Yes

MAPOLDACTIONS=No

MARK_IN_FORWARD_CHAIN=No

MODULE_SUFFIX=ko

MULTICAST=No

MUTEX_TIMEOUT=60

NULL_ROUTE_RFC1918=No

OPTIMIZE=0

OPTIMIZE_ACCOUNTING=No

REQUIRE_INTERFACE=No

RESTORE_DEFAULT_ROUTE=Yes

RETAIN_ALIASES=No

ROUTE_FILTER=No

SAVE_IPSETS=No

TC_ENABLED=Internal

TC_EXPERT=No

TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"

TRACK_PROVIDERS=No

USE_DEFAULT_RT=Yes

USE_PHYSICAL_NAMES=No

ZONE2ZONE=2

###############################################################################
#                       P A C K E T   D I S P O S I T I O N
###############################################################################

BLACKLIST_DISPOSITION=DROP

MACLIST_DISPOSITION=REJECT

RELATED_DISPOSITION=ACCEPT

SMURF_DISPOSITION=DROP

SFILTER_DISPOSITION=DROP

TCP_FLAGS_DISPOSITION=DROP

################################################################################
#                       P A C K E T  M A R K  L A Y O U T
################################################################################

TC_BITS
PROVIDER_BITS
PROVIDER_OFFSET
MASK_BITS
ZONE_BITS=0

################################################################################
#                            L E G A C Y  O P T I O N
#                      D O  N O T  D E L E T E  O R  A L T E R
################################################################################

IPSECFILE=zones


Thanks


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Tom Eastep

2012-Sep-17 15:23 UTC

head link

Re: 2 ADSL + SIP

On 09/17/2012 05:21 AM, Nico Pagliaro wrote:> Hi everybody, I am having this issue.
> I have 2 ADSL in my box, one for SIP connections only (VoIP) and the
> other one for Internet general traffic. The problem is that suddenly my
> Sip software or phone disconnects from my sip server. I do a if down
> ppp0 or ppp1 ( Sometimes work with one or the other, I can figure it
> why) and then my sip software get connected.
> I dont know why. Maybe is something with the default route or when my
> adsl change the dynamic ip. I dont know.
> Here is my complete conf. I something is missing, let me know.
>
More useful than the configuration would be the output of ''shorewall 
dump'' when VOIP is working and the same output when it is not working.
Please compress the output before attaching it.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Shorewall users - Sep 2012 - 2 ADSL + SIP

2 ADSL + SIP

Re: 2 ADSL + SIP