NethServer Version: 7
Our SIP provider request us to do the following in order to allow SIP traffic between us and them :
- Ask the person who manages your router/firewall to allow outgoing traffic to the IP range: 220.127.116.11/27 (/27 means that the subnet mask is 255.255.255.224)
- If the router/firewall supports QoS (Quality of Service), assign a higher priority to the trafic exchanged with our IP range
- Some routers also include a feature called SIP ALG (http://en.wikipedia.org/wiki/Application-level_gateway). Our experience shows that SIP ALG is often poorly implemented on low-cost routers and that it is better to disable SIP ALG
- Make sure that the default NAT session timeout is > 30 seconds
I created those rules :
Still, I get those messages in the logs :
Sep 6 15:33:17 serveur kernel: Shorewall:net2fw:DROP:IN=enp3s6f0 OUT= MAC=00:1b:21:ae:42:32:38:10:d5:c3:84:26:08:00 SRC=18.104.22.168 DST=192.168.178.23 LEN=200 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=19352 DPT=11780 LEN=180 MARK=0x10000
192.168.178.23 being my RED interface.
What am I doing wrong ?