Ted Merrill wrote: > Package: shorewall > Version: 3.2.9-1 > Severity: normal > > > The latest debian unstable shorewall release, shorewall 3.2.9-1, > incorrectly > modifies some SIP packets during network address translation, thereby > causing > all subsequent voice packets to be lost. > Actually this may be a linux kernel issue instead since the problem is > related > to the following kernel module that was not loaded in previous release: > ip_nat_sip > Commenting out the loadmodule line in /usr/share/shorewall/modules that > loads > ip_nat_sip fixes the problem. > It's not clear to me what ip_nat_sip is needed for; perhaps something to do > with connection tracking (e.g. connected to ip_conntrack_sip module, also > recently added, which i don't seem to need either). > > The problem specifically is that in a SIP "200 OK" packet from the > registar, > the SDP connection information ('c') line is (incorrectly) modified. > It should be left alone; instead the ip address on that line is rewritten > to > be the ip address of the sender of the packet.
I'm temporarily disabling the sip module. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]