Re: netfilter & SIP
- From: Pascal Hambourg <boite-a-spam@xxxxxxxxxxxxxxx>
- Date: Fri, 28 Sep 2007 16:50:22 +0200
Hello,
Miss Terre a écrit :
is there a patch for netfilter regarding the SIP protocol (for telephony in VOIP).
Support for connection tracking and NAT of the SIP protocol in Netfilter is included in the mainline kernel since version 2.6.18. Of course it has to be enabled at configure/build time. Snapshots of the patch-o-matic-ng until patch-o-matic-ng-20061211 contain experimental patches for older kernels versions >= 2.6.11.
As usual, load the ip_conntrack_sip and ip_nat_sip modules (or nf_conntrack_sip and nf_nat_sip in recent kernels), then create iptables rules which accept NEW outgoing SIP packets (to UDP port 5060) and ESTABLISHED,RELATED packets from/to any port in both directions.
However, as others said, some SIP clients such as X-Lite can use NAT traversal techniques such as STUN which do not require specific support for the SIP protocol in the firewall/NAT.
.
- References:
- netfilter & SIP
- From: Miss Terre
- netfilter & SIP
- Prev by Date: Re: Advice needed for network planning (Firewall, Proxy, DNS, DHCP, SMB, FTP, HTTP, SSH, VPN)
- Next by Date: Re: netfilter & SIP
- Previous by thread: Re: netfilter & SIP
- Next by thread: TCP non-blocking multitreads priority pre-emption?
- Index(es):
