<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Jim,<div><br></div><div>One difference between my iptables setup and yours on my relay is I allow the FORWARD to go, default policy ACCEPT. Perhaps this is relevant.</div><div><br></div><div><br></div><div>- Jeff</div><div><br><div><div>On Oct 20, 2011, at 2:33 AM, JimDoesVoip wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Hi All,
We're running opensips 1.6.4 and mediaproxy 2.5.2, both on a single server running centos 6. When iptables is turned off media-relay works properly, calls connect and have audio, we see media flow from a IP client, to the media-relay back to IP client. We can't see any entries using the conntrack -L command at this time (maybe because iptables is off?)
When we turn iptables on, we see entries in conntrack -L for a bunch of items including the sip signaling to each of the clients, but we do not see any entries for media when in a call (should we?).
Our iptables config adds a few accept lines to the filter chain to allow any traffic on a few private interfaces and to allow sip traffic on a high port on any interface. These keep opensips working while iptables is running.
<pre># iptables -t filter -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
203 23785 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
2 152 ACCEPT icmp -- any any anywhere anywhere
1 201 ACCEPT all -- lo any anywhere anywhere
7 3629 ACCEPT all -- bond0 any anywhere anywhere
0 0 ACCEPT all -- eth0 any anywhere anywhere
0 0 ACCEPT all -- eth1 any anywhere anywhere
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:15060
9 1177 ACCEPT udp -- any any anywhere anywhere state NEW udp dpt:15060
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 137 packets, 33701 bytes)
pkts bytes target prot opt in out source destination
# iptables -t raw -L -v
Chain PREROUTING (policy ACCEPT 11495 packets, 2699K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 118 packets, 32010 bytes)
pkts bytes target prot opt in out source destination
#
</pre>
It seems like something isn't getting connected properly, but unfortunately I didn't find a similar problem.
When iptables is running there are no errors from media-relay, but no audio is relayed. When iptables is off we see errors complaining about iptables not being loaded, but media is relayed / works in both directions.
Thanks very much,
Jim O
<br><hr align="left" width="300">
View this message in context: <a href="http://opensips-open-sip-server.1449251.n2.nabble.com/media-relay-not-relaying-when-iptables-running-tp6911797p6911797.html">media-relay not relaying when iptables running</a><br>
Sent from the <a href="http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html">OpenSIPS - Users mailing list archive</a> at <a href="http://Nabble.com">Nabble.com</a>.<br><span><ATT00001..txt></span></blockquote></div><br></div></body></html>