[Ekiga-list] Problem receiving calls... and a solution.

Damien Sandras dsandras at seconix.com
Tue Feb 20 21:54:49 UTC 2007 

Le jeudi 01 février 2007 à 09:13 -0200, Gustavo Maciel Dias Vieira a
écrit :
> Hi all,
> 
> First of all, thank you for the nice work bringing Ekiga to the world.
> It's one of the best softphones out there, and it's free!
> 

Thanks and sorry for the delay, your email was held in the queue.

> I've run into a problem trying to set up Ekiga and luckily was able to
> fix it. As I didn't find a (specific) mention of it in the FAQ and it
> seems to me to be fairly common, I'm sending it to you in hope of
> helping someone else. Maybe it should go to the FAQ?
> 
> Here is the problem: I've got a simple setup, Linux (Fedora 6), no NAT,
> a direct connection to the net, but I've got a strict firewall
> (iptables, stateful). Concerning UDP, only ESTABLISHED,RELATED packets
> are allowed in, all packets are allowed out. Pretty simple, pretty
> common, I suppose. The problem is, with this setup Ekiga (as configured
> by the wizard, with STUN) only receives calls just after connecting to
> ekiga.net (or any other SIP provider). I can make calls, but if I let
> Ekiga running after some time I can't receive any calls.
> 
> Here is the cause: Ekiga (probably following SIP) registers with a
> service using UDP and the service (probably following SIP) expects to
> find Ekiga at the port it sent the registration (I guess :)). Well, in
> Linux with IP iptables, this port is only accessible for 180 seconds
> after the registration. After this time, the firewall will block the
> packets coming from the SIP service, as it considers the "session" to be
> over.
> 
> Here is the solution: There are two ways of coping with that. If you can
> control your host (root), you can set the UDP iptables timeout to one
> hour:
>  # echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
> The FAQ hints at this buried in the script of section 6.2, but it points
> to the wrong variable ip_conntrack_udp_timeout instead of
> ip_conntrack_udp_timeout_stream. See
> http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN730 for
> more details. You can use the sysctl utility to set kernel variables
> more easily. If you don't have control of your host, you can configure
> each account to refresh the registration every 180 seconds.
> 
> That's it. Hope I've got it right and that it is useful. :)

What is the difference between udp_timeout and udp_timeout_stream ?
Also, do you know that Ekiga is supposed to send a packet every 30
seconds to the SIP host in order to refresh the binding ?

Is it possible for you to sniff the trafic and see why it does not
happen ?

Thanks !
-- 
 _      Damien Sandras
(o-      
//\    Ekiga Softphone : http://www.ekiga.org/
v_/_  NOVACOM                 : http://www.novacom.be/
          FOSDEM                   : http://www.fosdem.org/
          SIP Phone             : sip:dsandras at ekiga.net

More information about the ekiga-list mailing list