[Ekiga-list] Port restricted NAT drops inbound SIP packets

[Jason Grant]

Thanks Damien,

On Sun, 2007-05-20 at 14:39 +0200, Damien Sandras wrote:

> > run OK).  On configuring STUN, ekiga informs us both that we have port
> > restricted NAT.  This sounds correct - for example in my case, the
> > public gateway/firewall is another fedora 6 box effectively running the
> > iptables script from the ekiga wiki.
> > 
> 
> Well, actually, it is not correct : Linux is in fact a Symmetric NAT
> with port overloading. In short, it will work for one Ekiga instance,
> but not for two.
> 

After performing its STUN tests, ekiga does not report my configuration
as symmetric.  So are you saying that ekiga's failure to identify a
symmetric NAT is another clue to help me troubleshoot my issue, or is
this a known bug with ekiga?

> > 
> > I am able to trace packets on my router, reconfigure the firewall, etc.,
> > but am not sure what to try next.  Suggestions on how to troubleshoot
> > this would be appreciated.  I know I could probably fix this by
> > forwarding ports, but I'd rather persist with the STUN approach if
> > possible.
> 
> Is there a way to know why it drops the packets ? (through some logging
> or something similar).

Even when I temporarily set all tables to ACCEPT, the packets arrive at
the external interface, but are not forwarded to the relevant internal
host.  From what I know of iptables, I don't think it is possible to
inject logging rules to tell me why these packets are not forwarded.  

My guess is that this relates to connection tracking, but am uncertain
how to progress with troubleshooting.  Suggestions appreciated.

Thanks,

Jason.