[Ekiga-list] Port restricted NAT drops inbound SIP packets

Damien Sandras dsandras at seconix.com
Mon May 21 15:06:35 UTC 2007 

Le lundi 21 mai 2007 à 10:43 +1000, Jason Grant a écrit :
> Thanks Damien,
> 
> On Sun, 2007-05-20 at 14:39 +0200, Damien Sandras wrote:
> 
> > > run OK).  On configuring STUN, ekiga informs us both that we have port
> > > restricted NAT.  This sounds correct - for example in my case, the
> > > public gateway/firewall is another fedora 6 box effectively running the
> > > iptables script from the ekiga wiki.
> > > 
> > 
> > Well, actually, it is not correct : Linux is in fact a Symmetric NAT
> > with port overloading. In short, it will work for one Ekiga instance,
> > but not for two.
> > 
> 
> After performing its STUN tests, ekiga does not report my configuration
> as symmetric.  So are you saying that ekiga's failure to identify a
> symmetric NAT is another clue to help me troubleshoot my issue, or is
> this a known bug with ekiga?
> 

In the case above, it is impossible to determine it is symmetric. 
But in any case, it should work, at least with one client.

> > > 
> > > I am able to trace packets on my router, reconfigure the firewall, etc.,
> > > but am not sure what to try next.  Suggestions on how to troubleshoot
> > > this would be appreciated.  I know I could probably fix this by
> > > forwarding ports, but I'd rather persist with the STUN approach if
> > > possible.
> > 
> > Is there a way to know why it drops the packets ? (through some logging
> > or something similar).
> 
> Even when I temporarily set all tables to ACCEPT, the packets arrive at
> the external interface, but are not forwarded to the relevant internal
> host.  From what I know of iptables, I don't think it is possible to
> inject logging rules to tell me why these packets are not forwarded.  
> 
> My guess is that this relates to connection tracking, but am uncertain
> how to progress with troubleshooting.  Suggestions appreciated.
> 

I don't know either, perhaps you could ask on the netfilter mailing
list...
-- 
 _     Damien Sandras
(o-      
//\    Ekiga Softphone : http://www.ekiga.org/
v_/_   NOVACOM         : http://www.novacom.be/
       FOSDEM          : http://www.fosdem.org/
       SIP Phone       : sip:dsandras at ekiga.net

More information about the ekiga-list mailing list