Ted Merrill wrote:
> Package: shorewall
> Version: 3.2.9-1
> Severity: normal
>
>
> The latest debian unstable shorewall release, shorewall 3.2.9-1,
> incorrectly
> modifies some SIP packets during network address translation, thereby
> causing
> all subsequent voice packets to be lost.
> Actually this may be a linux kernel issue instead since the problem is
> related
> to the following kernel module that was not loaded in previous release:
> ip_nat_sip
> Commenting out the loadmodule line in /usr/share/shorewall/modules that
> loads
> ip_nat_sip fixes the problem.
> It's not clear to me what ip_nat_sip is needed for; perhaps something to do
> with connection tracking (e.g. connected to ip_conntrack_sip module, also
> recently added, which i don't seem to need either).
>
> The problem specifically is that in a SIP "200 OK" packet from the
> registar,
> the SDP connection information ('c') line is (incorrectly) modified.
> It should be left alone; instead the ip address on that line is rewritten
> to
> be the ip address of the sender of the packet.
I'm temporarily disabling the sip module.
-- lorenzo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
