[Ekiga-list] Port restricted NAT drops inbound SIP packets

Damien Sandras dsandras at seconix.com
Sun May 20 12:39:37 UTC 2007 

Le dimanche 20 mai 2007 à 17:45 +1000, Jason Grant a écrit :
> My brother and I are both running recent linux kernels with Fedora Core
> 6, and are experiencing the same sort of problem when trying to
> establish a conversation via Ekiga.
> 
> In short, sound/video appears to be hitting our public interfaces, but
> the packets are being dropped there and so are not routed to the
> internal hosts.
> 
> >From what I can tell, only the inbound SIP packets are dropped;
> everything else seems to reach the internal host OK (e.g. the STUN tests
> run OK).  On configuring STUN, ekiga informs us both that we have port
> restricted NAT.  This sounds correct - for example in my case, the
> public gateway/firewall is another fedora 6 box effectively running the
> iptables script from the ekiga wiki.
> 

Well, actually, it is not correct : Linux is in fact a Symmetric NAT
with port overloading. In short, it will work for one Ekiga instance,
but not for two.

> The puzzling thing about our plight is that ekiga works fine for each of
> us when we connect to the echo server at sip:500 at ekiga.net.  To be sure
> it's not a timing issue, I've set up the conntrack kernel variables as
> described on the wiki (although under fedora, the filesystem location is
> slightly different -
> e.g. /proc/sys/net/netfilter/nf_conntract_udp_timeout_stream), without
> success.
> 
> I am able to trace packets on my router, reconfigure the firewall, etc.,
> but am not sure what to try next.  Suggestions on how to troubleshoot
> this would be appreciated.  I know I could probably fix this by
> forwarding ports, but I'd rather persist with the STUN approach if
> possible.

Is there a way to know why it drops the packets ? (through some logging
or something similar).
-- 
 _     Damien Sandras
(o-      
//\    Ekiga Softphone : http://www.ekiga.org/
v_/_   NOVACOM         : http://www.novacom.be/
       FOSDEM          : http://www.fosdem.org/
       SIP Phone       : sip:dsandras at ekiga.net

More information about the ekiga-list mailing list