[OpenSIPS-Users] media-relay not relaying when iptables running
Saúl Ibarra Corretgé
saul at ag-projects.com
Fri Oct 21 11:42:01 CEST 2011
Hi,
On Oct 20, 2011, at 5:44 PM, JimDoesVoip wrote:
> Hi Jeff,
> Thanks. I looked at this earlier as well. I swapped the REJECT line out
> for a blanked ACCEPT with forwards and it didn't seem to have an effect. I
> keep wondering if there is something in raw that needs to be put in place
> based upon the messages from iptables as it exists. I took another look
> based on your note and I think I found something meaningful.
>
> iptables (at least on centos) appears to load different tables
> independently when you use the --list option. So I started a call with only
> the raw table loaded. no audio. I then stopped iptables and had audio. I
> then loaded filter and nat tables and each time still had audio. Then as
> the call was going I loaded the raw table, and the call still had audio. I
> stopped the call and started a new one: no audio. Unloaded the raw table;
> audio.
>
> # iptables -t raw --list
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> # /etc/init.d/iptables stop
> iptables: Flushing firewall rules: [ OK ]
> iptables: Setting chains to policy ACCEPT: raw [ OK ]
> iptables: Unloading modules: [ OK ]
> #
>
>
> So it feels likely that the raw part of my iptables config is blocking
> things. Perhaps, even though it says it is defaulting to ACCEPT, it is
> blocking packets from getting to conntrack rules setup by media-relay?
>
MediaProxy will use the raw table briefly to intercept the traffic in PREROUTING. Once the conntrack rule is up those rules in the raw table will go away.
Not sure what's going on there, it never happened to me before, alas I can't be of much help :-S
Regards,
--
Saúl Ibarra Corretgé
AG Projects
More information about the Users
mailing list