Iptables breaks a working VoIP phone?

Kenneth Burgener kenneth at mail1.ttak.org
Sun Oct 28 22:57:14 MDT 2007

Gabriel Gunderson wrote:
> In general, I agree with this.  But whatever you use, make sure iptables
> has a debugging mode where everything is logged before dropped.  It's
> likely you will be able to look at your logs, see what is being dropped,
> and make changes to fix it.
> Good luck.
> Gabe

I have dropped packets being logged, and I can see the
source/destination IP and port of an occasional packet being lost.  I am
not sure the packets I am seeing a from the direct phone call or some
sort of "ping" VoIP traffic.  When I put in the rules where it would
forward ALL TCP/UDP traffic to the Sipra box, these logs would no longer
appear, but the phone calls were still broken.

The weekend is over and my wife wishes to have a working phone, so I
switched back to the Linksys router, and the phone began to work like
magic again.

I am still determined to get the Linux firewall working, as I can do so
much more with the Linux firewall.

The only two thoughts I have as to what could be the problem are:

1. The Linksys does some sort of "special" NAT.  The shorewall
configuration has both options for "NAT" and "masquerading", and I am
using the "masquerading" option.  I assume this is just a 1 to many NAT,
where the "NAT" option is a 1 to 1 translation of NAT.  I assume since I
only have one IP address, that the Linksys would be doing the
"masquerading" NAT that I have shorewall configured for.

2. Connection tracking.  I know with FTP you had to have a special
connection tracking module, which is why I brought up that I had the
sip-tracking module loaded.  I am wondering if it is not working right,
but I am not sure there are any configuration options, or even if I have
iptables/shorewall setup correctly to indicate this is SIP traffic.



More information about the PLUG mailing list