SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2021-01-25 12:38 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0002709 | Endian Firewall | Firewall (iptables) | public | 2010-02-22 13:54 | 2012-05-02 13:42 | ||||||
| Reporter | matictec | ||||||||||
| Assigned To | |||||||||||
| Priority | normal | Severity | minor | Reproducibility | sometimes | ||||||
| Status | acknowledged | Resolution | open | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | 2.4 | ||||||||||
| Target Version | future | Fixed in Version | |||||||||
| Summary | 0002709: sometimes if uplink reconnects connections remain in connection tracking table with old information causing the service to stop | ||||||||||
| Description | We have an 3CX VoIP PBX that registers VoIP-Provider using standard SIP. This works correctly. When the RED-interface get a new IP from dsl-provider after reconnect, the voip-provider can not be registered by the pbx. A wireshark capture on the server shows that the packets by the pbx are correctly, but on the endian we can not see any incoming answer. We tried different setups, one xen-based environment, one virtualbox environment and also a pysical environment. This problem only occurs with the endian. Other Firewalls and Router does not have this problem. Please help and thanks for effort. | ||||||||||
| Tags | purple | ||||||||||
| Attached Files | |||||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0003871) luca-endian (developer) 2010-02-25 16:09 |
Give a try to add 5061 port like this: rmmod nf_conntrack_sip rmmod nf_nat_sip modprobe nf_conntrack_sip ports=5060,5061 modprobe nf_nat_sip |
|
(0003888) matictec (reporter) 2010-03-02 09:16 |
Thanks for reply. Our problem is not one way audio or something else. everything works fine until the reconnect of the red interface and when this get a new ip. But we try your advice, but sadly without success. |
|
(0003916) peter-endian (administrator) 2010-03-04 14:10 |
do you see the register sip package going out through the red interface? is only the answer missing? could it be that the pbx reconnects to fast and tries to reconnect when there's not yet a default gateway and snat rule installed? when that all does not help you can try to do: conntrack -F this kills all existing connections passing through the firewall by removing from connection tracking table. Just to eliminate a possible source of problems. |
|
(0004016) matictec (reporter) 2010-03-11 10:51 |
Thanks for reply. conntrack -F helps. Thank you very much. How can I do this automatically if the connection reconnects? |
|
(0004021) peter-endian (administrator) 2010-03-11 22:41 |
simply create a file in /etc/uplinksdaemon/addrchanged/ which will be triggered always when an uplink changes its ip addresses copy/paste this in your shell: -------------------------------------------------------------- cat > /etc/uplinksdaemon/addrchanged/flushconnections <<EOF #!/bin/sh /usr/sbin/conntrack -F exit 0 EOF chmod +x /etc/uplinksdaemon/addrchanged/flushconnections -------------------------------------------------------------- this should do all necessary |
|
(0004638) thomas-endian (developer) 2010-07-22 11:52 |
Same problem on a enterprise EFW with sipgate.de. Only a conntrack -F resolve the problem if the uplink change the IP... Thanks for the script Peter. |
|
(0004639) mgabriel (reporter) 2010-07-22 13:48 |
Happens here with an AskoziaPBX (Asterisk-based SIP) and sipgate.de on an EFW 2.3.1 Enterprise. |
|
(0007852) ardit-endian (developer) 2012-05-02 13:42 |
I added conntrack -F to /etc/rc.d/uplinks and worked. (tested) |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-02-22 13:54 | matictec | New Issue | |
| 2010-02-25 16:08 | luca-endian | Relationship added | related to 0001853 |
| 2010-02-25 16:09 | luca-endian | Relationship deleted | related to 0001853 |
| 2010-02-25 16:09 | luca-endian | Relationship added | related to 0001905 |
| 2010-02-25 16:09 | luca-endian | Note Added: 0003871 | |
| 2010-03-02 09:16 | matictec | Note Added: 0003888 | |
| 2010-03-04 14:10 | peter-endian | Note Added: 0003916 | |
| 2010-03-04 14:10 | peter-endian | Status | new => feedback |
| 2010-03-11 10:51 | matictec | Note Added: 0004016 | |
| 2010-03-11 22:41 | peter-endian | Note Added: 0004021 | |
| 2010-03-11 22:56 | peter-endian | Status | feedback => acknowledged |
| 2010-03-11 22:59 | peter-endian | Reproducibility | always => sometimes |
| 2010-03-11 22:59 | peter-endian | Target Version | => future |
| 2010-03-11 22:59 | peter-endian | Summary | PBX can not register VoIP-Provider after reconnect of RED-interface => sometimes if uplink reconnects connections remain in connection tracking table with old information causing the service to stop |
| 2010-07-22 11:52 | thomas-endian | Note Added: 0004638 | |
| 2010-07-22 13:48 | mgabriel | Note Added: 0004639 | |
| 2010-07-26 13:22 | luca-endian | Tag Attached: purple | |
| 2012-05-02 13:40 | ardit-endian | Product Version | 2.3 => 2.4 |
| 2012-05-02 13:42 | ardit-endian | Note Added: 0007852 | |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |