Package: shorewall
Version: 3.2.9-1
Severity: normal
The latest debian unstable shorewall release, shorewall 3.2.9-1,
incorrectly
modifies some SIP packets during network address translation, thereby
causing
all subsequent voice packets to be lost.
Actually this may be a linux kernel issue instead since the problem is
related
to the following kernel module that was not loaded in previous release:
ip_nat_sip
Commenting out the loadmodule line in /usr/share/shorewall/modules that
loads
ip_nat_sip fixes the problem.
It's not clear to me what ip_nat_sip is needed for; perhaps something to do
with connection tracking (e.g. connected to ip_conntrack_sip module, also
recently added, which i don't seem to need either).
The problem specifically is that in a SIP "200 OK" packet from the
registar,
the SDP connection information ('c') line is (incorrectly) modified.
It should be left alone; instead the ip address on that line is rewritten
to
be the ip address of the sender of the packet.
-Ted Merrill
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18.1-kanotix-1
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages shorewall depends on:
ii debconf [debconf-2.0] 1.5.13 Debian configuration management sy
ii iproute 20061002-4 Professional tools to control the
ii iptables 1.3.6.0debian1-5 administration tools for packet fi
Versions of packages shorewall recommends:
ii wget 1.10.2-2 retrieves files from the web
-- debconf information:
shorewall/upgrade_20_22:
shorewall/upgrade_14_20:
shorewall/upgrade_to_14:
shorewall/warnrfc1918:
shorewall/warn_about_klogd_floods:
shorewall/dont_restart:
shorewall/major_release:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
