fmagni
September 20, 2017, 8:36am
1
Hello,
I put a small Asterisk based VoIP appliance behind my test NethServer appliance today. I forwarded the sip ports and management interface ports to the VoIP appliance’s IP.
I can access the web interface for the VoIP appliance externally, I can call in and out, but all voice traffic is being blocked; there’s always silence on the line.
I don’t see anything relevant being logged in firewall.log. I’ve tried restarting shorewall in debug mode. I still see(hear
I tried the solution proposed by Nas in that post.
DONT_LOAD=nf_nat_sip,nf_conntrack_sip
but it seems to be ignored since
lsmod|grep sip
shows the module loaded and used (since it is used I’m not able to rmmod it).
My nethserver version is:
mrmarkuz
September 20, 2017, 10:40am
2
Hi @fmagni ,
I tried it and could manage starting shorewall without the modules you don’t want.
Prepare template-custom to save changes even after reboot or update:
mkdir -p /etc/e-smith/templates-custom/etc/shorewall/shorewall.conf/Create /etc/e-smith/templates-custom/etc/shorewall/shorewall.conf/91DONTLOADSIP and write 2 params:
AUTOHELPERS=No
DONT_LOAD="nf_nat_sip,nf_conntrack_sip"Then apply your custom config to shorewall.conf:
# apply config changes in 60options to shorewall.conf
expand-template /etc/shorewall/shorewall.conf
# Clear shorewall to be able to kick the unwanted modules
shorewall clear
# unload the modules
rmmod nf_nat_sip nf_conntrack_sip
# restart shorewall
systemctl restart shorewall
# Now this command should return nothing
lsmod|grep sipSource:http://shorewall.org/Helpers.html
5 Likes
fmagni
September 20, 2017, 7:42pm
3
Thank you, Markus.
Now I don’t have the modules enabled and can go on testing.
2 Likes
m.traeumner
September 21, 2017, 8:53am
4
Hi Fabrizio,
1 Like
stephdl
November 5, 2020, 4:10pm
5
we have in development a feature related to this
NethServer:master ← stephdl:disableSipAlg
opened 03:55PM - 30 Oct 20 UTC
1 Like
