IPTable / Conntrack VoIP Issue
Hi guys,
I know this might have been discussed a thousand times, but actually, I think, not often enough. First my situation: I have a private network, iptables NATed of cause! then I have a Xen-VoIP-Server(Asterisk) and at last a VoIP provider. What I like to do is initiate VoIP calls over my VoIP Server and send the data (RTP audio stream) directly to my provider. The would work pretty good if ther wasn't my iptables NAT. What my NAT is doing or what it is not doing is pretty easy: For some reason my phone (Android CSIPSimple) does a stun lookup on the same port (source port of the packet) it will later on use for the RTP VoIP stream. So the Linux conntrack "sees" this successful connection, and once my phone tries to use the same source port for the RTP connection to the VoIP server, the conntrack module does a port mapping ... Which is not needed as we are talking about the UDP protocol. It is O.K. to use one UDP port with many PC's. Does anyone know how to change my setup to get this working, or is it simply impossible. Is conntrack that stupid and cannot handle these kind od connections (our CISCO router at work doesn't seem to have a problem with this setup...) Here is my setup: Linux NAT Box: Code:
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.0.0/16 and this is my Conntrack -E log for this connection: Code:
smartbyte:~ # conntrack -E Please I need that fixed! Any help appreciated, even if you can point me to the responsible person for the conntrack module. Thanks for any answer, SB. |
Please guys, I need some help with this!
Isn't there anyone who can help with this issue? I know it's pretty detailed, but doesn't anyone see the problem here?
If that is not fixed, you can forget VoIP, then Linux NAT is the worst NAT you can get, which shouldn't be the case... |
All times are GMT -5. The time now is 07:21 AM. |