I have an error which is driving me crazy:
Jul 24 16:58:34 beta /sbin/openser[5446]:
ERROR:core:udp_send: sendto(sock,0x81aaed8,825,0,0xb61216f0,16): Operation not
permitted(1)
Jul 24 16:58:34 beta /sbin/openser[5446]: ERROR:tm:msg_send:
udp_send failed
This is firewall related because when I turn iptables off
the problem goes away. But although all ACCEPT and DENY messages are logged by
the firewall, there is no corresponding message logged.
When a call is made between two UACs and the far end
attempts to answer the call, the call is not answered successfully. The
dialogue is shown below.
If I turn the firewall off, start a call and then turn the
firewall on the call continues successfully. However the next call is not
successful. We use Mediaproxy and I suspect that is trying to do some
communication that is being blocked by the firewall but that is only a
suspicion. The dialogue for this call is shown at the bottom.
When comparing these two dialogues with the firewall turned
on:
- when the callee answers, OpenSER receives a 200 OK but
doesn’t immediately pass that on to the caller
- after a number of 200 messages from the callee, OpenSER
sends the 200 to the caller but the Contact is the private IP address whereas
when the firewall is turned off it is the public IP address
I have also included the iptables config. Note that some
lines are commented out due to the testing I’m doing and IP addresses
have been changed.
Any advice on the changes required would be appreciated.
Thanks
****************************
SIP dialogue with firewall on
U 58.28.001.001:5060 -> 147.202.001.001:5060INVITE
sip:44556644@domain.com:5060;user=phone SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK31ee9ba27B17140D..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
70..Content-Type: application/sdp..Content-Length: 251....v=0..o=- 1216790239
1216790239 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN IP4
192.168.1.102..t=0 0..m=audio 2222 RTP/AVP 0 8 18 101..a=sendrecv..a=rtpmap:0
PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:18 G729/8000..a=rtpmap:101
telephone-event/8000..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 100
Giving a try..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK31ee9ba27B17140D;rport=5060;received=58.28.001.001..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Server: OpenSER (1.3.2-notls
(i386/linux))..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065INVITE
sip:44556644@192.168.1.124:5065 SIP/2.0..Record-Route: <sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
69..Content-Type: application/sdp..Content-Length: 253....v=0..o=- 1216790239
1216790239 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN IP4
147.202.001.001..t=0 0..m=audio 35982 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:18
G729/8000..a=rtpmap:101 telephone-event/8000..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 100
Trying..To: <sip:44556644@domain.com;user=phone>..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 180
Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 180
Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200
OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN IP4
192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200
OK..To: <sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP 192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN IP4
192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200
OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN IP4
192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200
OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server: Linksys/SPA962-5.1.18(SC)..Content-Length:
208..Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN IP4
192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0
101..a=rtpmap:0 PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200
OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN IP4
192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200
OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server: Linksys/SPA962-5.1.18(SC)..Content-Length:
208..Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN IP4
192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0
101..a=rtpmap:0 PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5060 -> 147.202.001.001:5060ACK
sip:44556644@192.168.1.124:5065 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK4b4d0d4aF803AD55..From: "CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..CSeq: 1
ACK..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards: 70..Content-Length:
0....
U 147.202.001.001:5060 -> 192.168.1.124:5065ACK
sip:44556644@192.168.1.124:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=566CA8D1-4C8E0458>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK4b4d0d4aF803AD55..Via: SIP/2.0/UDP
192.168.1.102;received=58.28.001.001;branch=z9hG4bK4b4d0d4aF803AD55..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..CSeq: 1
ACK..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact: <sip:44556648@192.168.1.102>..Allow:
INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK,
UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards: 69..Content-Length:
0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200
OK..To: <sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server: Linksys/SPA962-5.1.18(SC)..Content-Length:
208..Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN IP4
192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0
101..a=rtpmap:0 PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200
OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN IP4
192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200
OK..To: <sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP 192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN IP4
192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200
OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN IP4
192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Record-Route: <sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKc0cc.a198b237.0..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
69..User-Agent: Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5060 -> 147.202.001.001:5060SIP/2.0 200
OK..Via: SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKc0cc.a198b237.0..Via:
SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..CSeq:
101 BYE..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200
OK..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..CSeq:
101 BYE..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200
OK..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..CSeq:
101 BYE..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
**************************************
SIP dialogue with Firewall off
U 58.28.001.001:5060 -> 147.202.001.001:5060INVITE
sip:44556644@domain.com:5060;user=phone SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bKca52e47AD4AD366..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
70..Content-Type: application/sdp..Content-Length: 251....v=0..o=- 1216790431
1216790431 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN IP4
192.168.1.102..t=0 0..m=audio 2224 RTP/AVP 0 8 18 101..a=sendrecv..a=rtpmap:0
PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:18 G729/8000..a=rtpmap:101
telephone-event/8000..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 100
Giving a try..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bKca52e47AD4AD366;rport=5060;received=58.28.001.001..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Server:
OpenSER (1.3.2-notls (i386/linux))..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065INVITE
sip:44556644@192.168.1.124:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
69..Content-Type: application/sdp..Content-Length: 253....v=0..o=- 1216790431
1216790431 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN IP4
147.202.001.001..t=0 0..m=audio 35984 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:18
G729/8000..a=rtpmap:101 telephone-event/8000..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 100
Trying..To: <sip:44556644@domain.com;user=phone>..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 180
Ringing..To: <sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP 192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 180
Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP 192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200
OK..To: <sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server: Linksys/SPA962-5.1.18(SC)..Content-Length:
208..Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 317989 317989 IN IP4
192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16426 RTP/AVP 0
101..a=rtpmap:0 PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200
OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@58.28.001.001:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 209..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 317989 317989 IN IP4 192.168.1.124..s=-..c=IN IP4
147.202.001.001..t=0 0..m=audio 35984 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5060 -> 147.202.001.001:5060ACK
sip:44556644@58.28.001.001:5065 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK9bb7064fBA56088E..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..CSeq: 1
ACK..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards: 70..Content-Length:
0....
U 147.202.001.001:5060 -> 58.28.001.001:5065ACK
sip:44556644@58.28.001.001:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=3D7BF99A-F3B3ACE5>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.2..Via: SIP/2.0/UDP
192.168.1.102;received=58.28.001.001;branch=z9hG4bK9bb7064fBA56088E..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..CSeq: 1
ACK..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards: 69..Content-Length:
0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200
OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 317989 317989 IN IP4 192.168.1.124..s=-..c=IN IP4
192.168.1.124..t=0 0..m=audio 16426 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200
OK..To: <sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@58.28.001.001:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 209..Allow: ACK, BYE, CANCEL, INFO,
INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 317989 317989 IN IP4 192.168.1.124..s=-..c=IN IP4
147.202.001.001..t=0 0..m=audio 35984 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKac76.c88550f.0..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 101 BYE..Max-Forwards: 69..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5060 -> 147.202.001.001:5060SIP/2.0 200
OK..Via: SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKac76.c88550f.0..Via:
SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From: <sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..CSeq:
101 BYE..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Record-Route: <sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200
OK..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..CSeq:
101 BYE..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route: <sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 101 BYE..Max-Forwards: 70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200 OK..Via:
SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..CSeq:
101 BYE..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
**************************
iptables config
$IPTABLES -A INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j
ACCEPT
#
# Rule 0 (tun0,tun1,tun2)
#
echo "Rule 0 (tun0,tun1,tun2)"
#
#
#
$IPTABLES -N In_RULE_0
$IPTABLES -A INPUT -i tun0 -m state --state
NEW -j In_RULE_0
$IPTABLES -A INPUT -i tun1 -m state --state
NEW -j In_RULE_0
$IPTABLES -A INPUT -i tun2 -m state --state
NEW -j In_RULE_0
$IPTABLES -A FORWARD -i tun0 -m state --state
NEW -j In_RULE_0
$IPTABLES -A FORWARD -i tun1 -m state --state
NEW -j In_RULE_0
$IPTABLES -A FORWARD -i tun2 -m state --state
NEW -j In_RULE_0
$IPTABLES -A In_RULE_0 -j LOG --log-level
warning --log-prefix "RULE 0 -- ACCEPT "
$IPTABLES -A In_RULE_0 -j ACCEPT
$IPTABLES -N Out_RULE_0
$IPTABLES -A OUTPUT -o tun0 -m state --state
NEW -j Out_RULE_0
$IPTABLES -A OUTPUT -o tun1 -m state --state
NEW -j Out_RULE_0
$IPTABLES -A OUTPUT -o tun2 -m state --state
NEW -j Out_RULE_0
$IPTABLES -A FORWARD -o tun0 -m state --state
NEW -j Out_RULE_0
$IPTABLES -A FORWARD -o tun1 -m state --state
NEW -j Out_RULE_0
$IPTABLES -A FORWARD -o tun2 -m state --state
NEW -j Out_RULE_0
$IPTABLES -A Out_RULE_0 -j LOG --log-level
warning --log-prefix "RULE 0 -- ACCEPT "
$IPTABLES -A Out_RULE_0 -j ACCEPT
$IPTABLES -A Out_RULE_0 -j ACCEPT
#
# Rule 1 (lo)
#
echo "Rule 1 (lo)"
#
#
#
$IPTABLES -N In_RULE_1
$IPTABLES -A INPUT -i lo -p icmp -m icmp
--icmp-type any -m state --state NEW -j In_RULE_1
$IPTABLES -A INPUT -i lo -p tcp -m tcp -m multiport
--dports 25060,8008,25,443,80,22,3306,5060 -m state --state NEW -j
In_RULE_1
#$IPTABLES -A INPUT -i lo -p udp -m udp -m
multiport --dports 5060,1813 -m state --state NEW -j
In_RULE_1
$IPTABLES -A INPUT -i lo -p udp -m udp -m
multiport --dports 1:55000 -m state --state NEW -j In_RULE_1
$IPTABLES -A In_RULE_1 -j LOG --log-level
warning --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -A In_RULE_1 -j ACCEPT
$IPTABLES -N Out_RULE_1
$IPTABLES -A OUTPUT -o lo -p icmp -m icmp
--icmp-type any -m state --state NEW -j Out_RULE_1
$IPTABLES -A OUTPUT -o lo -p tcp -m tcp -m
multiport --dports 25060,8008,25,443,80,22,3306,5060 -m state
--state NEW -j Out_RULE_1
#$IPTABLES -A OUTPUT -o lo -p udp -m udp -m
multiport --dports 5060,1813 -m state --state NEW -j
Out_RULE_1
$IPTABLES -A OUTPUT -o lo -p udp -m udp -m
multiport --dports 1:55000 -m state --state NEW -j Out_RULE_1
$IPTABLES -A Out_RULE_1 -j LOG --log-level
warning --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -A Out_RULE_1 -j ACCEPT
#
# Rule 2 (eth0)
#
echo "Rule 2 (eth0)"
#
#
#
$IPTABLES -N Out_RULE_2
$IPTABLES -A OUTPUT -o eth0 -d 10.8.1.1 -m
state --state NEW -j Out_RULE_2
$IPTABLES -A FORWARD -o eth0 -d 10.8.1.1
-m state --state NEW -j Out_RULE_2
$IPTABLES -A Out_RULE_2 -j LOG --log-level
warning --log-prefix "RULE 2 -- ACCEPT "
$IPTABLES -A Out_RULE_2 -j ACCEPT
#
# Rule 3 (eth0)
#
echo "Rule 3 (eth0)"
#
# ping test for nagios
#
$IPTABLES -N Cid485B0E561900.0
$IPTABLES -A INPUT -i eth0 -d
147.202.001.001 -m state --state NEW -j Cid485B0E561900.0
$IPTABLES -N Cid485B0E561900.1
$IPTABLES -A Cid485B0E561900.0 -p icmp -m icmp
--icmp-type any -j Cid485B0E561900.1
$IPTABLES -A Cid485B0E561900.0 -p tcp -m tcp -m
multiport --dports 25,3306 -j Cid485B0E561900.1
$IPTABLES -N In_RULE_3
$IPTABLES -A Cid485B0E561900.1 -s 203.89.001.001
-j In_RULE_3
$IPTABLES -A Cid485B0E561900.1 -s 58.28.001.001
-j In_RULE_3
$IPTABLES -A Cid485B0E561900.1 -s 64.38.001.001
-j In_RULE_3
$IPTABLES -A In_RULE_3 -j LOG --log-level warning
--log-prefix "RULE 3 -- ACCEPT "
$IPTABLES -A In_RULE_3 -j ACCEPT
#
echo "Rule 4 (eth0)"
#
# ping test for nagios
#
$IPTABLES -N Cid485B0E6A1900.0
$IPTABLES -A OUTPUT -o eth0 -s
147.202.001.001 -m state --state NEW -j Cid485B0E6A1900.0
$IPTABLES -N Cid485B0E6A1900.1
$IPTABLES -A Cid485B0E6A1900.0 -p icmp -m icmp
--icmp-type any -j Cid485B0E6A1900.1
$IPTABLES -A Cid485B0E6A1900.0 -p tcp -m tcp -m
multiport --dports 25,3306 -j Cid485B0E6A1900.1
$IPTABLES -N Out_RULE_4
$IPTABLES -A Cid485B0E6A1900.1 -d 203.89.001.001
-j Out_RULE_4
$IPTABLES -A Cid485B0E6A1900.1 -d 58.28.001.001
-j Out_RULE_4
$IPTABLES -A Cid485B0E6A1900.1 -d 64.38.001.001
-j Out_RULE_4
$IPTABLES -A Out_RULE_4 -j LOG --log-level
warning --log-prefix "RULE 4 -- ACCEPT "
$IPTABLES -A Out_RULE_4 -j ACCEPT
#
# Rule 5 (eth0)
#
echo "Rule 5 (eth0)"
#
#
#
$IPTABLES -N In_RULE_5
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -m
multiport -d 147.202.001.001 --dports
5060,22,443,80,53,25060,8008 -m state --state NEW -j In_RULE_5
#$IPTABLES -A INPUT -i eth0 -p udp -m udp -d
147.202.001.001 --dport 10000:20000 -m state --state NEW -j
In_RULE_5
#$IPTABLES -A INPUT -i eth0 -p udp -m udp -d
147.202.001.001 --dport 35000:36000 -m state --state NEW -j
In_RULE_5
#$IPTABLES -A INPUT -i eth0 -p udp -m udp -m
multiport -d 147.202.001.001 --dports
1194,5065,5060,53,10000:20000,35000:36000 -m state --state NEW -j
In_RULE_5
$IPTABLES -A INPUT -i eth0 -p udp -m udp -m
multiport --dports 1:55000 -m state --state NEW -j In_RULE_5
$IPTABLES -A In_RULE_5 -j LOG --log-level
warning --log-prefix "RULE 5 -- ACCEPT "
$IPTABLES -A In_RULE_5 -j ACCEPT
#
# Rule 6 (eth0)
#
echo "Rule 6 (eth0)"
#
#
#
$IPTABLES -N Out_RULE_6
$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -m
multiport -s 147.202.001.001 --dports
22,53,80,443,5060,8008,25060,25 -m state --state NEW -j Out_RULE_6
#$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -s
147.202.001.001 --dport 10000:20000 -m state --state NEW -j
Out_RULE_6
#$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -s
147.202.001.001 --dport 35000:36000 -m state --state NEW -j
Out_RULE_6
#$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m
multiport -s 147.202.001.001 --dports
53,1194,5060,5065,1813,123,10000:20000,35000:36000 -m state --state
NEW -j Out_RULE_6
$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m
multiport --dports 1:55000 -m state --state NEW -j Out_RULE_6
$IPTABLES -A Out_RULE_6 -j LOG --log-level
warning --log-prefix "RULE 6 -- ACCEPT "
$IPTABLES -A Out_RULE_6 -j ACCEPT
#
# Rule 7 (global)
#
echo "Rule 7 (global)"
#
#
#
$IPTABLES -N RULE_7
$IPTABLES -A OUTPUT -j RULE_7
$IPTABLES -A INPUT -j RULE_7
$IPTABLES -A FORWARD -j RULE_7
$IPTABLES -A RULE_7 -j LOG --log-level warning
--log-prefix "RULE 7 -- DENY "
$IPTABLES -A RULE_7 -j DROP
#
#