Hi, i see this on the console and in the firewall logs while i try to make sip calls using my sip server (although this appears to happen only from a the Counterpath Bria softphone) Message from syslogd@server at Aug 20 17:24:39 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52154 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 Message from syslogd@server at Aug 20 17:24:39 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52155 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 Message from syslogd@server at Aug 20 17:24:40 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52156 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 Message from syslogd@server at Aug 20 17:24:41 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52159 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 Message from syslogd@server at Aug 20 17:24:45 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52161 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 after a few drops obviously the SIP call is dropped. i searched online for solutions, but apparently there seems to be no technical issue for my kernel/netfilter/shorewall version, most probably is related to my configuration. is there anything standing out for you? thank you Alberto ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
I get that too. I''ve never solved the problem I just stopped rsyslog from logging to my console. So if I ever come across a fix I''ll post it On Tue, Aug 20, 2013 at 9:20 AM, Alberto Di Fede <alberto.difede@gmail.com>wrote:> Hi, > > i see this on the console and in the firewall logs while i try to make sip > calls using my sip server (although this appears to happen only from a the > Counterpath Bria softphone) > > Message from syslogd@server at Aug 20 17:24:39 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> > DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 > ID=52154 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 > > Message from syslogd@server at Aug 20 17:24:39 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> > DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 > ID=52155 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 > > Message from syslogd@server at Aug 20 17:24:40 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> > DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 > ID=52156 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 > > Message from syslogd@server at Aug 20 17:24:41 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> > DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 > ID=52159 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 > > Message from syslogd@server at Aug 20 17:24:45 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> > DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 > ID=52161 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 > > after a few drops obviously the SIP call is dropped. > > i searched online for solutions, but apparently there seems to be no > technical issue for my kernel/netfilter/shorewall version, most probably is > related to my configuration. > > is there anything standing out for you? > > thank you > > > Alberto > > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
Btw.. it only happens on one or two phones also, but I can''t remember which ones. On Tue, Aug 20, 2013 at 10:33 AM, johnny bowen <jbowen7@gmail.com> wrote:> I get that too. I''ve never solved the problem I just stopped rsyslog from > logging to my console. So if I ever come across a fix I''ll post it > > > On Tue, Aug 20, 2013 at 9:20 AM, Alberto Di Fede <alberto.difede@gmail.com > > wrote: > >> Hi, >> >> i see this on the console and in the firewall logs while i try to make >> sip calls using my sip server (although this appears to happen only from a >> the Counterpath Bria softphone) >> >> Message from syslogd@server at Aug 20 17:24:39 ... >> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> >> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 >> ID=52154 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >> >> Message from syslogd@server at Aug 20 17:24:39 ... >> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> >> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 >> ID=52155 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >> >> Message from syslogd@server at Aug 20 17:24:40 ... >> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> >> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 >> ID=52156 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >> >> Message from syslogd@server at Aug 20 17:24:41 ... >> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> >> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 >> ID=52159 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >> >> Message from syslogd@server at Aug 20 17:24:45 ... >> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> >> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 >> ID=52161 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >> >> after a few drops obviously the SIP call is dropped. >> >> i searched online for solutions, but apparently there seems to be no >> technical issue for my kernel/netfilter/shorewall version, most probably is >> related to my configuration. >> >> is there anything standing out for you? >> >> thank you >> >> >> Alberto >> >> >> ------------------------------------------------------------------------------ >> Introducing Performance Central, a new site from SourceForge and >> AppDynamics. Performance Central is your source for news, insights, >> analysis and resources for efficient Application Performance Management. >> Visit us today! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
Those messages are not from the firewall itself, they are from nf_conntrack_sip. Have you tried unloading nf_conntrack_sip and nf_nat_sip ? Pablo. El 20/08/13 14:34, johnny bowen escribió:> Btw.. it only happens on one or two phones also, but I can''t remember > which ones. > > > > On Tue, Aug 20, 2013 at 10:33 AM, johnny bowen <jbowen7@gmail.com > <mailto:jbowen7@gmail.com>> wrote: > > I get that too. I''ve never solved the problem I just stopped > rsyslog from logging to my console. So if I ever come across a fix > I''ll post it > > > On Tue, Aug 20, 2013 at 9:20 AM, Alberto Di Fede > <alberto.difede@gmail.com <mailto:alberto.difede@gmail.com>> wrote: > > Hi, > > i see this on the console and in the firewall logs while i try > to make sip calls using my sip server (although this appears > to happen only from a the Counterpath Bria softphone) > > Message from syslogd@server at Aug 20 17:24:39 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public > ip address> DST=<SIP provider public ip address> LEN=860 > TOS=0x00 PREC=0x00 TTL=64 ID=52154 PROTO=UDP SPT=5060 DPT=5060 > LEN=840 UID=493 GID=490 > > Message from syslogd@server at Aug 20 17:24:39 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public > ip address> DST=<SIP provider public ip address> LEN=860 > TOS=0x00 PREC=0x00 TTL=64 ID=52155 PROTO=UDP SPT=5060 DPT=5060 > LEN=840 UID=493 GID=490 > > Message from syslogd@server at Aug 20 17:24:40 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public > ip address> DST=<SIP provider public ip address> LEN=860 > TOS=0x00 PREC=0x00 TTL=64 ID=52156 PROTO=UDP SPT=5060 DPT=5060 > LEN=840 UID=493 GID=490 > > Message from syslogd@server at Aug 20 17:24:41 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public > ip address> DST=<SIP provider public ip address> LEN=860 > TOS=0x00 PREC=0x00 TTL=64 ID=52159 PROTO=UDP SPT=5060 DPT=5060 > LEN=840 UID=493 GID=490 > > Message from syslogd@server at Aug 20 17:24:45 ... > kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public > ip address> DST=<SIP provider public ip address> LEN=860 > TOS=0x00 PREC=0x00 TTL=64 ID=52161 PROTO=UDP SPT=5060 DPT=5060 > LEN=840 UID=493 GID=490 > > after a few drops obviously the SIP call is dropped. > > i searched online for solutions, but apparently there seems to > be no technical issue for my kernel/netfilter/shorewall > version, most probably is related to my configuration. > > is there anything standing out for you? > > thank you > > > Alberto > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, > insights, > analysis and resources for efficient Application Performance > Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
sure they are from sip conntrack module. i would like to understand why it happens and if it is a configuration issue. i think that removing the modules will hurt the traffic shaping. any idea on how to debug? On Tue, Aug 20, 2013 at 11:08 PM, Pablo Sebastian Greco < shorewall@fliagreco.com.ar> wrote:> Those messages are not from the firewall itself, they are from > nf_conntrack_sip. Have you tried unloading nf_conntrack_sip and nf_nat_sip ? > > Pablo. > > El 20/08/13 14:34, johnny bowen escribió: > > Btw.. it only happens on one or two phones also, but I can''t remember > which ones. > > > > On Tue, Aug 20, 2013 at 10:33 AM, johnny bowen <jbowen7@gmail.com> wrote: > >> I get that too. I''ve never solved the problem I just stopped rsyslog from >> logging to my console. So if I ever come across a fix I''ll post it >> >> >> On Tue, Aug 20, 2013 at 9:20 AM, Alberto Di Fede < >> alberto.difede@gmail.com> wrote: >> >>> Hi, >>> >>> i see this on the console and in the firewall logs while i try to make >>> sip calls using my sip server (although this appears to happen only from a >>> the Counterpath Bria softphone) >>> >>> Message from syslogd@server at Aug 20 17:24:39 ... >>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>> TTL=64 ID=52154 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>> >>> Message from syslogd@server at Aug 20 17:24:39 ... >>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>> TTL=64 ID=52155 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>> >>> Message from syslogd@server at Aug 20 17:24:40 ... >>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>> TTL=64 ID=52156 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>> >>> Message from syslogd@server at Aug 20 17:24:41 ... >>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>> TTL=64 ID=52159 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>> >>> Message from syslogd@server at Aug 20 17:24:45 ... >>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>> TTL=64 ID=52161 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>> >>> after a few drops obviously the SIP call is dropped. >>> >>> i searched online for solutions, but apparently there seems to be no >>> technical issue for my kernel/netfilter/shorewall version, most probably is >>> related to my configuration. >>> >>> is there anything standing out for you? >>> >>> thank you >>> >>> >>> Alberto >>> >>> >>> ------------------------------------------------------------------------------ >>> Introducing Performance Central, a new site from SourceForge and >>> AppDynamics. Performance Central is your source for news, insights, >>> analysis and resources for efficient Application Performance Management. >>> Visit us today! >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> > > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today!http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > > > > _______________________________________________ > Shorewall-users mailing listShorewall-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
On my CentOS 6.4 box (2.6.32-358.14.1.el6.x86_64) I found that nf_conntrack_sip and nf_nat_sip caused problems with sip traffic (silently dropping traffic) and I run without them. I was getting random non connection issues (failed registration) before I removed those modules. My regular custom traffic shaping was not effected. CentOS tends to ship with older, sometimes incomplete modules so YMMV. On Wed, Aug 21, 2013 at 11:15 AM, Alberto Di Fede <alberto.difede@gmail.com>wrote:> sure they are from sip conntrack module. > i would like to understand why it happens and if it is a configuration > issue. > i think that removing the modules will hurt the traffic shaping. > > any idea on how to debug? > > > > On Tue, Aug 20, 2013 at 11:08 PM, Pablo Sebastian Greco < > shorewall@fliagreco.com.ar> wrote: > >> Those messages are not from the firewall itself, they are from >> nf_conntrack_sip. Have you tried unloading nf_conntrack_sip and nf_nat_sip ? >> >> Pablo. >> >> El 20/08/13 14:34, johnny bowen escribió: >> >> Btw.. it only happens on one or two phones also, but I can''t remember >> which ones. >> >> >> >> On Tue, Aug 20, 2013 at 10:33 AM, johnny bowen <jbowen7@gmail.com> wrote: >> >>> I get that too. I''ve never solved the problem I just stopped rsyslog >>> from logging to my console. So if I ever come across a fix I''ll post it >>> >>> >>> On Tue, Aug 20, 2013 at 9:20 AM, Alberto Di Fede < >>> alberto.difede@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> i see this on the console and in the firewall logs while i try to >>>> make sip calls using my sip server (although this appears to happen only >>>> from a the Counterpath Bria softphone) >>>> >>>> Message from syslogd@server at Aug 20 17:24:39 ... >>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>>> TTL=64 ID=52154 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>>> >>>> Message from syslogd@server at Aug 20 17:24:39 ... >>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>>> TTL=64 ID=52155 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>>> >>>> Message from syslogd@server at Aug 20 17:24:40 ... >>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>>> TTL=64 ID=52156 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>>> >>>> Message from syslogd@server at Aug 20 17:24:41 ... >>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>>> TTL=64 ID=52159 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>>> >>>> Message from syslogd@server at Aug 20 17:24:45 ... >>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip >>>> address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 >>>> TTL=64 ID=52161 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 >>>> >>>> after a few drops obviously the SIP call is dropped. >>>> >>>> i searched online for solutions, but apparently there seems to be no >>>> technical issue for my kernel/netfilter/shorewall version, most probably is >>>> related to my configuration. >>>> >>>> is there anything standing out for you? >>>> >>>> thank you >>>> >>>> >>>> Alberto >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Introducing Performance Central, a new site from SourceForge and >>>> AppDynamics. Performance Central is your source for news, insights, >>>> analysis and resources for efficient Application Performance Management. >>>> Visit us today! >>>> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >>>> _______________________________________________ >>>> Shorewall-users mailing list >>>> Shorewall-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>>> >>>> >>> >> >> >> ------------------------------------------------------------------------------ >> Introducing Performance Central, a new site from SourceForge and >> AppDynamics. Performance Central is your source for news, insights, >> analysis and resources for efficient Application Performance Management. >> Visit us today!http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >> >> >> >> _______________________________________________ >> Shorewall-users mailing listShorewall-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >> >> >> ------------------------------------------------------------------------------ >> Introducing Performance Central, a new site from SourceForge and >> AppDynamics. Performance Central is your source for news, insights, >> analysis and resources for efficient Application Performance Management. >> Visit us today! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
Hello, Earlier this year I contacted Patrick McHardy for fixing a SIP conntrack problem and he produced a patch. Unfortunately, I do not have the exchanged emails although I''d presume the patch made to the netfilter modules upstream. The work Patrick did was per contract. He''s the maintainer of several components. I could have a bit more details next week if needed.\ Cheers. ________________________________ De : Lee Brown <leeb@ratnaling.org> À : Shorewall Users <shorewall-users@lists.sourceforge.net> Envoyé le : mercredi 21 août 2013 14h39 Objet : Re: [Shorewall-users] sip conntrack dropping packets? On my CentOS 6.4 box (2.6.32-358.14.1.el6.x86_64) I found that nf_conntrack_sip and nf_nat_sip caused problems with sip traffic (silently dropping traffic) and I run without them. I was getting random non connection issues (failed registration) before I removed those modules. My regular custom traffic shaping was not effected. CentOS tends to ship with older, sometimes incomplete modules so YMMV. On Wed, Aug 21, 2013 at 11:15 AM, Alberto Di Fede <alberto.difede@gmail.com> wrote: sure they are from sip conntrack module.>i would like to understand why it happens and if it is a configuration issue. >i think that removing the modules will hurt the traffic shaping. > >any idea on how to debug? > > > > > >On Tue, Aug 20, 2013 at 11:08 PM, Pablo Sebastian Greco <shorewall@fliagreco.com.ar> wrote: > >Those messages are not from the firewall itself, they are from nf_conntrack_sip. Have you tried unloading nf_conntrack_sip and nf_nat_sip ? >> >>Pablo. >> >>El 20/08/13 14:34, johnny bowen escribió: >> >>Btw.. it only happens on one or two phones also, but I can''t remember which ones. >>> >>> >>> >>> >>> >>>On Tue, Aug 20, 2013 at 10:33 AM, johnny bowen <jbowen7@gmail.com> wrote: >>> >>>I get that too. I''ve never solved the problem I just stopped rsyslog from logging to my console. So if I ever come across a fix I''ll post it >>>> >>>> >>>> >>>> >>>>On Tue, Aug 20, 2013 at 9:20 AM, Alberto Di Fede <alberto.difede@gmail.com> wrote: >>>> >>>>Hi, >>>>> >>>>> >>>>>i see this on the console and in the firewall logs while i try to make sip calls using my sip server (although this appears to happen only from a the Counterpath Bria softphone) >>>>> >>>>>Message from syslogd@server at Aug 20 17:24:39...>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52154 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490>>>>> >>>>>Message from syslogd@server at Aug 20 17:24:39...>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52155 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490>>>>> >>>>>Message from syslogd@server at Aug 20 17:24:40...>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52156 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490>>>>> >>>>>Message from syslogd@server at Aug 20 17:24:41...>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52159 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490>>>>> >>>>>Message from syslogd@server at Aug 20 17:24:45...>>>>> kernel:nf_ct_sip: dropping packetIN= OUT=ppp0SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52161 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490>>>>> >>>>> >>>>>after a few drops obviously the SIP call is dropped. >>>>> >>>>>i searched online for solutions, but apparently there seems to be no technical issue for my kernel/netfilter/shorewall version, most probably is related to my configuration.>>>>> >>>>> >>>>> >>>>>is there anything standing out for you? >>>>> >>>>> >>>>>thank you >>>>> >>>>> >>>>> >>>>>Alberto >>>>> >>>>>------------------------------------------------------------------------------>>>>>Introducing Performance Central, a new site fromSourceForge and>>>>>AppDynamics. Performance Central is your source fornews, insights,>>>>>analysis and resources for efficient ApplicationPerformance Management.>>>>>Visit us today! >>>>>http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >>>>>_______________________________________________ >>>>>Shorewall-users mailing list >>>>>Shorewall-users@lists.sourceforge.net >>>>>https://lists.sourceforge.net/lists/listinfo/shorewall-users >>>>> >>>>> >>>> >>> >>> >>> >>>------------------------------------------------------------------------------Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk>>> >>> >>>_______________________________________________Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users>> >>------------------------------------------------------------------------------ >>Introducing Performance Central, a new site from SourceForge and >>AppDynamics. Performance Central is your source for news, insights, >>analysis and resources for efficient Application Performance Management. >>Visit us today! >>http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >>_______________________________________________ >>Shorewall-users mailing list >>Shorewall-users@lists.sourceforge.net >>https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > >------------------------------------------------------------------------------ >Introducing Performance Central, a new site from SourceForge and >AppDynamics. Performance Central is your source for news, insights, >analysis and resources for efficient Application Performance Management. >Visit us today! >http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
Hi, In the end i implemented an rmmod in the if-up.local of the ppp connection, in order to remove the sip_nat and sip_conntrack modules everytime a new DSL connection is established. This fixed the issue and so far no problems, the mileage is good. Anyhow i agree that CentOS/RedHat should deliver a patch for this bug, but so far i found none. I agree that this is an issue with the 2.6.32 kernel CentOs is using and may well be patched in kernel v.3 . Thanks a lot guys for the insight and help Cheers Alberto ----- Messaggio originale ----- Da: "Fred Maillou" <frederriffic@yahoo.ca> A: "Shorewall Users" <shorewall-users@lists.sourceforge.net> Inviato: Giovedì, 29 agosto 2013 23:42:49 Oggetto: Re: [Shorewall-users] sip conntrack dropping packets? Hello, Earlier this year I contacted Patrick McHardy for fixing a SIP conntrack problem and he produced a patch. Unfortunately, I do not have the exchanged emails although I''d presume the patch made to the netfilter modules upstream. The work Patrick did was per contract. He''s the maintainer of several components. I could have a bit more details next week if needed.\ Cheers. De : Lee Brown <leeb@ratnaling.org> À : Shorewall Users <shorewall-users@lists.sourceforge.net> Envoyé le : mercredi 21 août 2013 14h39 Objet : Re: [Shorewall-users] sip conntrack dropping packets? On my CentOS 6.4 box (2.6.32-358.14.1.el6.x86_64) I found that nf_conntrack_sip and nf_nat_sip caused problems with sip traffic (silently dropping traffic) and I run without them. I was getting random non connection issues (failed registration) before I removed those modules. My regular custom traffic shaping was not effected. CentOS tends to ship with older, sometimes incomplete modules so YMMV. On Wed, Aug 21, 2013 at 11:15 AM, Alberto Di Fede < alberto.difede@gmail.com > wrote: sure they are from sip conntrack module. i would like to understand why it happens and if it is a configuration issue. i think that removing the modules will hurt the traffic shaping. any idea on how to debug? On Tue, Aug 20, 2013 at 11:08 PM, Pablo Sebastian Greco < shorewall@fliagreco.com.ar > wrote: <blockquote> Those messages are not from the firewall itself, they are from nf_conntrack_sip. Have you tried unloading nf_conntrack_sip and nf_nat_sip ? Pablo. El 20/08/13 14:34, johnny bowen escribió: <blockquote> Btw.. it only happens on one or two phones also, but I can''t remember which ones. On Tue, Aug 20, 2013 at 10:33 AM, johnny bowen < jbowen7@gmail.com > wrote: <blockquote> I get that too. I''ve never solved the problem I just stopped rsyslog from logging to my console. So if I ever come across a fix I''ll post it On Tue, Aug 20, 2013 at 9:20 AM, Alberto Di Fede < alberto.difede@gmail.com > wrote: <blockquote> Hi, i see this on the console and in the firewall logs while i try to make sip calls using my sip server (although this appears to happen only from a the Counterpath Bria softphone) Message from syslogd@server at Aug 20 17:24:39 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52154 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 Message from syslogd@server at Aug 20 17:24:39 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52155 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 Message from syslogd@server at Aug 20 17:24:40 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52156 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 Message from syslogd@server at Aug 20 17:24:41 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52159 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 Message from syslogd@server at Aug 20 17:24:45 ... kernel:nf_ct_sip: dropping packetIN= OUT=ppp0 SRC=<my public ip address> DST=<SIP provider public ip address> LEN=860 TOS=0x00 PREC=0x00 TTL=64 ID=52161 PROTO=UDP SPT=5060 DPT=5060 LEN=840 UID=493 GID=490 after a few drops obviously the SIP call is dropped. i searched online for solutions, but apparently there seems to be no technical issue for my kernel/netfilter/shorewall version, most probably is related to my configuration. is there anything standing out for you? thank you Alberto ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users </blockquote> ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users </blockquote> ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users </blockquote> ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users </blockquote> ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk