It does and it’s enabled… which is why the shorewall sip helpers were a problem. They come into play when a PBX does not have NAT features. In my experience, it’s a much more reliable solution to let the PBX handle those tasks so there’s no other device sitting in the middle modifying packets and changing ports.
1 Like
So we could simply disable the kernel module by default, no configuration switch to implement.
What a about a prop?
Something like:
config setprop NotLoadedModulesList module1,module2
Maybe as default, the prop can list the incriminated modules.
1 Like
That would be an easy fix since most PBXs have the NAT options these days.
I’m not quite sure I understand how this would work. I’m assuming something easier than the current workaround but still requiring some CLI work…?
It should require CLI work only if you want to RE-enable the modules which will be disabled by default 
1 Like
Just to stir the pot a bit… here’s a screenshot from a SonicWall:
The SIP Transformations checkbox is pretty much identical in function to what the shorewall sip helpers do and exactly what I’m suggesting. You know… with user experience in mind and all. 
Edit: It is disabled in SonicWall by default, so that would be a good first step.
1 Like
I just went through the process of manually disabling the sip helpers on another nethserver instance and thought it’d be a good idea to check in on this. Is there anything in the works to set the helpers as disabled by default and/or add an option in the gui?
I’d like to solve this, but I’m still not sure how.
Did you use
loadmodule nf_conntrack_sip sip_direct_media=0
or
DONT_LOAD=nf_nat_sip,nf_conntrack_sip
?
1 Like
I ran these two commands:
rmmod nf_nat_sip
rmmod nf_conntrack_sip
Then edited this line:
DONT_LOAD=
In these two files:
/etc/e-smith/templates/etc/shorewall/shorewall.conf/60options
/etc/shorewall/shorewall.conf
to:
DONT_LOAD=nf_nat_sip,nf_conntrack_sipwe have in development a feature related to this
2 Likes