[Shorewall-users] SIP VoIP Config Question

Andrei Verovski (aka MacGuru) andreil1 at starlett.lv
Thu Mar 4 05:56:36 PST 2004


Hi,

I have continuos and strange problem with SIP VoIP system, which 
consist of SER (sip express router) hosted by our provider, XTen 
client, and Grandstream hardware sip IP phone. The same software and 
hardware were successfully used by another people (unfortunately, they 
do not run shorewall, so I cannot ask them what to do).

Our shorewall firewall machine is SuSE 9 Linux PC with 2 network cards 
(external static IP 62.85.100.103, static internal static IPs 
192.168.0.xx, no dhcp).

My config is based on two-interface sample.

-------------------
----   interfaces  ----
-------------------
net	eth0	detect	norfc1918,routefilter
loc	eth1		detect

-------------
---   masq   ---
-------------
eth0	eth1	62.85.100.103

------------
--- policy ----
------------
loc		net		ACCEPT
fw		net		ACCEPT
fw		loc		ACCEPT
net		all		DROP		info

# THE FOLLOWING POLICY MUST BE LAST
all		all		REJECT		info

-------------
---   rules   ---
------------
# SIP Client Ports

ACCEPT	loc	net	tcp	5060	5060
ACCEPT	loc	net	udp	5060	5060
ACCEPT	loc	net	udp	8000:8020	8000:8020

ACCEPT	net	loc	tcp	5060	5060
ACCEPT	net	loc	udp	5060	5060
ACCEPT	net	loc	udp	8000:8020	8000:8020

ACCEPT	net	fw	tcp	5060	5060
ACCEPT	net	fw	udp	5060	5060
ACCEPT	net	fw	udp	8000:8020	8000:8020

-----------------
nat - file is empty (left as is from two-interface sample).

----------------

SIP client like XTen uses 5060 tcp/udp to establish communications and 
8000 - 8020 for voice transmission. The login to SIP server is OK. I 
can even hear another people who call me or whom calling I am. However, 
they do NOT hear me. Microphone is OK, verified.

Anyone have an idea what I did wrong?

Thanks in advance for any suggestion(s).


*********************************************
*   Best Regards   ---   Andrei Verovski
*
*   Personal Home Page
*   http://snow.prohosting.com/guru4mac/
*   Mac, Linux, DTP, Development, IT WEB Site
*********************************************



More information about the Shorewall-users mailing list