fmagni
(Fabrizio Magni)
September 20, 2017, 8:36am
1
Hello,
I’m trying to expose my asterisk server ports to be able to make a call from a remote location.
I’m having this exact problem:
I put a small Asterisk based VoIP appliance behind my test NethServer appliance today. I forwarded the sip ports and management interface ports to the VoIP appliance’s IP.
I can access the web interface for the VoIP appliance externally, I can call in and out, but all voice traffic is being blocked; there’s always silence on the line.
I don’t see anything relevant being logged in firewall.log. I’ve tried restarting shorewall in debug mode. I still see(hear ) the same result. I temporaril…
I tried the solution proposed by Nas in that post.
In my /etc/shorewall/shorewall.conf I have:
DONT_LOAD=nf_nat_sip,nf_conntrack_sip
but it seems to be ignored since
lsmod|grep sip
nf_conntrack_sip 33860 2
nf_conntrack 111302 30 nf_nat_ftp,nf_nat_irc,nf_nat_amanda,xt_CT,nf_nat_snmp_basic,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,nf_conntrack_proto_udplite,nf_nat,xt_state,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_amanda,nf_nat_masquerade_ipv4,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_broadcast,xt_connmark,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_sane,nf_conntrack_snmp,nf_conntrack_tftp
shows the module loaded and used (since it is used I’m not able to rmmod it).
My nethserver version is:
NethServer release 7.3.1611 (Final)
mrmarkuz
(Markus Neuberger)
September 20, 2017, 10:40am
2
Hi @fmagni ,
I tried it and could manage starting shorewall without the modules you don’t want.
What I did:
Prepare template-custom to save changes even after reboot or update:
mkdir -p /etc/e-smith/templates-custom/etc/shorewall/shorewall.conf/
Create /etc/e-smith/templates-custom/etc/shorewall/shorewall.conf/91DONTLOADSIP and write 2 params:
AUTOHELPERS=No
DONT_LOAD="nf_nat_sip,nf_conntrack_sip"
Then apply your custom config to shorewall.conf:
# apply config changes in 60options to shorewall.conf
expand-template /etc/shorewall/shorewall.conf
# Clear shorewall to be able to kick the unwanted modules
shorewall clear
# unload the modules
rmmod nf_nat_sip nf_conntrack_sip
# restart shorewall
systemctl restart shorewall
# Now this command should return nothing
lsmod|grep sip
Source:
http://shorewall.org/Helpers.html
5 Likes
fmagni
(Fabrizio Magni)
September 20, 2017, 7:42pm
3
Thank you, Markus.
I missed
AUTOHELPERS=No
in my 60options files.
Now I don’t have the modules enabled and can go on testing.
2 Likes
m.traeumner
(Michael Träumner)
September 21, 2017, 8:53am
4
Hi Fabrizio,
is it solved? Than mark the answer as solution please.
1 Like
stephdl
(Stéphane de Labrusse)
November 5, 2020, 4:10pm
5
we have in development a feature related to this
NethServer:master
← stephdl:disableSipAlg
opened 03:55PM - 30 Oct 20 UTC
1 Like