[OpenSIPS-Users] media-relay not relaying when iptables running

Saúl Ibarra Corretgé saul at ag-projects.com
Thu Oct 20 09:42:57 CEST 2011 

Hi,

On Oct 20, 2011, at 8:33 AM, JimDoesVoip wrote:

> Hi All, We're running opensips 1.6.4 and mediaproxy 2.5.2, both on a single server running centos 6. When iptables is turned off media-relay works properly, calls connect and have audio, we see media flow from a IP client, to the media-relay back to IP client. We can't see any entries using the conntrack -L command at this time (maybe because iptables is off?) When we turn iptables on, we see entries in conntrack -L for a bunch of items including the sip signaling to each of the clients, but we do not see any entries for media when in a call (should we?). Our iptables config adds a few accept lines to the filter chain to allow any traffic on a few private interfaces and to allow sip traffic on a high port on any interface. These keep opensips working while iptables is running.
> # iptables -t filter -L -v
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
>   203 23785 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
>     2   152 ACCEPT     icmp --  any    any     anywhere             anywhere            
>     1   201 ACCEPT     all  --  lo     any     anywhere             anywhere            
>     7  3629 ACCEPT     all  --  bond0  any     anywhere             anywhere            
>     0     0 ACCEPT     all  --  eth0   any     anywhere             anywhere            
>     0     0 ACCEPT     all  --  eth1   any     anywhere             anywhere            
>     0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:ssh 
>     0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:15060 
>     9  1177 ACCEPT     udp  --  any    any     anywhere             anywhere            state NEW udp dpt:15060 
>     0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 
> 
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
>     0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 
> 
> Chain OUTPUT (policy ACCEPT 137 packets, 33701 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> 
> # iptables -t raw -L -v   
> Chain PREROUTING (policy ACCEPT 11495 packets, 2699K bytes)
>  pkts bytes target     prot opt in     out     source               destination         
> 
> Chain OUTPUT (policy ACCEPT 118 packets, 32010 bytes)
>  pkts bytes target     prot opt in     out     source               destination         
> # 
> 
> It seems like something isn't getting connected properly, but unfortunately I didn't find a similar problem. When iptables is running there are no errors from media-relay, but no audio is relayed. When iptables is off we see errors complaining about iptables not being loaded, but media is relayed / works in both directions. Thanks very much, Jim O 

What do you mean by "iptables on"? Having the modules loaded and forwarding enabled in /proc is enough. I'm not sure about what CentOS may do when you start the iptables service, we don't use that with Debian :-S

You should see entries in both the raw table and conntrack -L. You also mentioned that in some case you got an error, can you paste it?


Regards,

--
Saúl Ibarra Corretgé
AG Projects

More information about the Users mailing list