[Ekiga-list] Port restricted NAT drops inbound SIP packets
Jason Grant
expires07 at logular.com
Sun May 20 07:45:18 UTC 2007
My brother and I are both running recent linux kernels with Fedora Core
6, and are experiencing the same sort of problem when trying to
establish a conversation via Ekiga.
In short, sound/video appears to be hitting our public interfaces, but
the packets are being dropped there and so are not routed to the
internal hosts.
>From what I can tell, only the inbound SIP packets are dropped;
everything else seems to reach the internal host OK (e.g. the STUN tests
run OK). On configuring STUN, ekiga informs us both that we have port
restricted NAT. This sounds correct - for example in my case, the
public gateway/firewall is another fedora 6 box effectively running the
iptables script from the ekiga wiki.
The puzzling thing about our plight is that ekiga works fine for each of
us when we connect to the echo server at sip:500 at ekiga.net. To be sure
it's not a timing issue, I've set up the conntrack kernel variables as
described on the wiki (although under fedora, the filesystem location is
slightly different -
e.g. /proc/sys/net/netfilter/nf_conntract_udp_timeout_stream), without
success.
I am able to trace packets on my router, reconfigure the firewall, etc.,
but am not sure what to try next. Suggestions on how to troubleshoot
this would be appreciated. I know I could probably fix this by
forwarding ports, but I'd rather persist with the STUN approach if
possible.
Thanks,
Jason.
More information about the ekiga-list
mailing list