24 Jul
2008
24 Jul
'08
11:16 a.m.
I have an error which is driving me crazy:
Jul 24 16:58:34 beta /sbin/openser[5446]: ERROR:core:udp_send:
sendto(sock,0x81aaed8,825,0,0xb61216f0,16): Operation not permitted(1)
Jul 24 16:58:34 beta /sbin/openser[5446]: ERROR:tm:msg_send: udp_send failed
This is firewall related because when I turn iptables off the problem goes
away. But although all ACCEPT and DENY messages are logged by the firewall,
there is no corresponding message logged.
When a call is made between two UACs and the far end attempts to answer the
call, the call is not answered successfully. The dialogue is shown below.
If I turn the firewall off, start a call and then turn the firewall on the
call continues successfully. However the next call is not successful. We use
Mediaproxy and I suspect that is trying to do some communication that is
being blocked by the firewall but that is only a suspicion. The dialogue for
this call is shown at the bottom.
When comparing these two dialogues with the firewall turned on:
- when the callee answers, OpenSER receives a 200 OK but doesn't immediately
pass that on to the caller
- after a number of 200 messages from the callee, OpenSER sends the 200 to
the caller but the Contact is the private IP address whereas when the
firewall is turned off it is the public IP address
I have also included the iptables config. Note that some lines are commented
out due to the testing I'm doing and IP addresses have been changed.
Any advice on the changes required would be appreciated.
Thanks
****************************
SIP dialogue with firewall on
U 58.28.001.001:5060 -> 147.202.001.001:5060INVITE
sip:44556644@domain.com:5060;user=phone SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK31ee9ba27B17140D..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
70..Content-Type: application/sdp..Content-Length: 251....v=0..o=-
1216790239 1216790239 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN IP4
192.168.1.102..t=0 0..m=audio 2222 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:18
G729/8000..a=rtpmap:101 telephone-event/8000..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 100 Giving a try..Via:
SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK31ee9ba27B17140D;rport=5060;received=58.28.001.0
01..From: "CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Server: OpenSER (1.3.2-notls
(i386/linux))..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065INVITE
sip:44556644@192.168.1.124:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..From: "CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
69..Content-Type: application/sdp..Content-Length: 253....v=0..o=-
1216790239 1216790239 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN IP4
147.202.001.001..t=0 0..m=audio 35982 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:18
G729/8000..a=rtpmap:101 telephone-event/8000..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 100 Trying..To:
<sip:44556644@domain.com;user=phone>..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 180 Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 180 Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5060 -> 147.202.001.001:5060ACK
sip:44556644@192.168.1.124:5065 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK4b4d0d4aF803AD55..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..CSeq: 1
ACK..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards:
70..Content-Length: 0....
U 147.202.001.001:5060 -> 192.168.1.124:5065ACK
sip:44556644@192.168.1.124:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=566CA8D1-4C8E0458>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK4b4d0d4aF803AD55..Via: SIP/2.0/UDP
192.168.1.102;received=58.28.001.001;branch=z9hG4bK4b4d0d4aF803AD55..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..CSeq: 1
ACK..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards:
69..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B1714
0D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 298748 298748 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16424 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKc0cc.a198b237.0..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
69..User-Agent: Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5060 -> 147.202.001.001:5060SIP/2.0 200 OK..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKc0cc.a198b237.0..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..CSeq: 101 BYE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200 OK..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..CSeq: 101 BYE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200 OK..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..CSeq: 101 BYE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
**************************************
SIP dialogue with Firewall off
U 58.28.001.001:5060 -> 147.202.001.001:5060INVITE
sip:44556644@domain.com:5060;user=phone SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bKca52e47AD4AD366..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
70..Content-Type: application/sdp..Content-Length: 251....v=0..o=-
1216790431 1216790431 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN IP4
192.168.1.102..t=0 0..m=audio 2224 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:18
G729/8000..a=rtpmap:101 telephone-event/8000..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 100 Giving a try..Via:
SIP/2.0/UDP
192.168.1.102;branch=z9hG4bKca52e47AD4AD366;rport=5060;received=58.28.001.00
1..From: "CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Server: OpenSER (1.3.2-notls
(i386/linux))..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065INVITE
sip:44556644@192.168.1.124:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD36
6..From: "CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
69..Content-Type: application/sdp..Content-Length: 253....v=0..o=-
1216790431 1216790431 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN IP4
147.202.001.001..t=0 0..m=audio 35984 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:18
G729/8000..a=rtpmap:101 telephone-event/8000..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 100 Trying..To:
<sip:44556644@domain.com;user=phone>..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD36
6..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 180 Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD36
6..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 180 Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD36
6..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD36
6..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 317989 317989 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16426 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD36
6..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@58.28.001.001:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 209..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 317989 317989 IN IP4 192.168.1.124..s=-..c=IN
IP4 147.202.001.001..t=0 0..m=audio 35984 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5060 -> 147.202.001.001:5060ACK
sip:44556644@58.28.001.001:5065 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK9bb7064fBA56088E..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..CSeq: 1
ACK..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards:
70..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065ACK
sip:44556644@58.28.001.001:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=3D7BF99A-F3B3ACE5>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.2..Via: SIP/2.0/UDP
192.168.1.102;received=58.28.001.001;branch=z9hG4bK9bb7064fBA56088E..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..CSeq: 1
ACK..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL, OPTIONS,
INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards:
69..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD36
6..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 317989 317989 IN IP4 192.168.1.124..s=-..c=IN
IP4 192.168.1.124..t=0 0..m=audio 16426 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via: SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD36
6..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@58.28.001.001:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 209..Allow: ACK, BYE, CANCEL,
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: replaces..Content-Type:
application/sdp....v=0..o=- 317989 317989 IN IP4 192.168.1.124..s=-..c=IN
IP4 147.202.001.001..t=0 0..m=audio 35984 RTP/AVP 0 101..a=rtpmap:0
PCMU/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101
0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKac76.c88550f.0..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
69..User-Agent: Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5060 -> 147.202.001.001:5060SIP/2.0 200 OK..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKac76.c88550f.0..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..CSeq: 101 BYE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200 OK..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..CSeq: 101 BYE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200 OK..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..CSeq: 101 BYE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
**************************
iptables config
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Rule 0 (tun0,tun1,tun2)
#
echo "Rule 0 (tun0,tun1,tun2)"
#
#
#
$IPTABLES -N In_RULE_0
$IPTABLES -A INPUT -i tun0 -m state --state NEW -j In_RULE_0
$IPTABLES -A INPUT -i tun1 -m state --state NEW -j In_RULE_0
$IPTABLES -A INPUT -i tun2 -m state --state NEW -j In_RULE_0
$IPTABLES -A FORWARD -i tun0 -m state --state NEW -j In_RULE_0
$IPTABLES -A FORWARD -i tun1 -m state --state NEW -j In_RULE_0
$IPTABLES -A FORWARD -i tun2 -m state --state NEW -j In_RULE_0
$IPTABLES -A In_RULE_0 -j LOG --log-level warning --log-prefix "RULE 0 --
ACCEPT "
$IPTABLES -A In_RULE_0 -j ACCEPT
$IPTABLES -N Out_RULE_0
$IPTABLES -A OUTPUT -o tun0 -m state --state NEW -j Out_RULE_0
$IPTABLES -A OUTPUT -o tun1 -m state --state NEW -j Out_RULE_0
$IPTABLES -A OUTPUT -o tun2 -m state --state NEW -j Out_RULE_0
$IPTABLES -A FORWARD -o tun0 -m state --state NEW -j Out_RULE_0
$IPTABLES -A FORWARD -o tun1 -m state --state NEW -j Out_RULE_0
$IPTABLES -A FORWARD -o tun2 -m state --state NEW -j Out_RULE_0
$IPTABLES -A Out_RULE_0 -j LOG --log-level warning --log-prefix "RULE 0 --
ACCEPT "
$IPTABLES -A Out_RULE_0 -j ACCEPT
$IPTABLES -A Out_RULE_0 -j ACCEPT
#
# Rule 1 (lo)
#
echo "Rule 1 (lo)"
#
#
#
$IPTABLES -N In_RULE_1
$IPTABLES -A INPUT -i lo -p icmp -m icmp --icmp-type any -m state
--state NEW -j In_RULE_1
$IPTABLES -A INPUT -i lo -p tcp -m tcp -m multiport --dports
25060,8008,25,443,80,22,3306,5060 -m state --state NEW -j In_RULE_1
#$IPTABLES -A INPUT -i lo -p udp -m udp -m multiport --dports 5060,1813
-m state --state NEW -j In_RULE_1
$IPTABLES -A INPUT -i lo -p udp -m udp -m multiport --dports 1:55000 -m
state --state NEW -j In_RULE_1
$IPTABLES -A In_RULE_1 -j LOG --log-level warning --log-prefix "RULE 1 --
ACCEPT "
$IPTABLES -A In_RULE_1 -j ACCEPT
$IPTABLES -N Out_RULE_1
$IPTABLES -A OUTPUT -o lo -p icmp -m icmp --icmp-type any -m state
--state NEW -j Out_RULE_1
$IPTABLES -A OUTPUT -o lo -p tcp -m tcp -m multiport --dports
25060,8008,25,443,80,22,3306,5060 -m state --state NEW -j Out_RULE_1
#$IPTABLES -A OUTPUT -o lo -p udp -m udp -m multiport --dports 5060,1813
-m state --state NEW -j Out_RULE_1
$IPTABLES -A OUTPUT -o lo -p udp -m udp -m multiport --dports 1:55000 -m
state --state NEW -j Out_RULE_1
$IPTABLES -A Out_RULE_1 -j LOG --log-level warning --log-prefix "RULE 1 --
ACCEPT "
$IPTABLES -A Out_RULE_1 -j ACCEPT
#
# Rule 2 (eth0)
#
echo "Rule 2 (eth0)"
#
#
#
$IPTABLES -N Out_RULE_2
$IPTABLES -A OUTPUT -o eth0 -d 10.8.1.1 -m state --state NEW -j
Out_RULE_2
$IPTABLES -A FORWARD -o eth0 -d 10.8.1.1 -m state --state NEW -j
Out_RULE_2
$IPTABLES -A Out_RULE_2 -j LOG --log-level warning --log-prefix "RULE 2 --
ACCEPT "
$IPTABLES -A Out_RULE_2 -j ACCEPT
#
# Rule 3 (eth0)
#
echo "Rule 3 (eth0)"
#
# ping test for nagios
#
$IPTABLES -N Cid485B0E561900.0
$IPTABLES -A INPUT -i eth0 -d 147.202.001.001 -m state --state NEW -j
Cid485B0E561900.0
$IPTABLES -N Cid485B0E561900.1
$IPTABLES -A Cid485B0E561900.0 -p icmp -m icmp --icmp-type any -j
Cid485B0E561900.1
$IPTABLES -A Cid485B0E561900.0 -p tcp -m tcp -m multiport --dports 25,3306
-j Cid485B0E561900.1
$IPTABLES -N In_RULE_3
$IPTABLES -A Cid485B0E561900.1 -s 203.89.001.001 -j In_RULE_3
$IPTABLES -A Cid485B0E561900.1 -s 58.28.001.001 -j In_RULE_3
$IPTABLES -A Cid485B0E561900.1 -s 64.38.001.001 -j In_RULE_3
$IPTABLES -A In_RULE_3 -j LOG --log-level warning --log-prefix "RULE 3 --
ACCEPT "
$IPTABLES -A In_RULE_3 -j ACCEPT
#
echo "Rule 4 (eth0)"
#
# ping test for nagios
#
$IPTABLES -N Cid485B0E6A1900.0
$IPTABLES -A OUTPUT -o eth0 -s 147.202.001.001 -m state --state NEW -j
Cid485B0E6A1900.0
$IPTABLES -N Cid485B0E6A1900.1
$IPTABLES -A Cid485B0E6A1900.0 -p icmp -m icmp --icmp-type any -j
Cid485B0E6A1900.1
$IPTABLES -A Cid485B0E6A1900.0 -p tcp -m tcp -m multiport --dports 25,3306
-j Cid485B0E6A1900.1
$IPTABLES -N Out_RULE_4
$IPTABLES -A Cid485B0E6A1900.1 -d 203.89.001.001 -j Out_RULE_4
$IPTABLES -A Cid485B0E6A1900.1 -d 58.28.001.001 -j Out_RULE_4
$IPTABLES -A Cid485B0E6A1900.1 -d 64.38.001.001 -j Out_RULE_4
$IPTABLES -A Out_RULE_4 -j LOG --log-level warning --log-prefix "RULE 4 --
ACCEPT "
$IPTABLES -A Out_RULE_4 -j ACCEPT
#
# Rule 5 (eth0)
#
echo "Rule 5 (eth0)"
#
#
#
$IPTABLES -N In_RULE_5
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -m multiport -d 147.202.001.001
--dports 5060,22,443,80,53,25060,8008 -m state --state NEW -j In_RULE_5
#$IPTABLES -A INPUT -i eth0 -p udp -m udp -d 147.202.001.001 --dport
10000:20000 -m state --state NEW -j In_RULE_5
#$IPTABLES -A INPUT -i eth0 -p udp -m udp -d 147.202.001.001 --dport
35000:36000 -m state --state NEW -j In_RULE_5
#$IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport -d 147.202.001.001
--dports 1194,5065,5060,53,10000:20000,35000:36000 -m state --state NEW -j
In_RULE_5
$IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport --dports 1:55000 -m
state --state NEW -j In_RULE_5
$IPTABLES -A In_RULE_5 -j LOG --log-level warning --log-prefix "RULE 5 --
ACCEPT "
$IPTABLES -A In_RULE_5 -j ACCEPT
#
# Rule 6 (eth0)
#
echo "Rule 6 (eth0)"
#
#
#
$IPTABLES -N Out_RULE_6
$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -m multiport -s 147.202.001.001
--dports 22,53,80,443,5060,8008,25060,25 -m state --state NEW -j
Out_RULE_6
#$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -s 147.202.001.001 --dport
10000:20000 -m state --state NEW -j Out_RULE_6
#$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -s 147.202.001.001 --dport
35000:36000 -m state --state NEW -j Out_RULE_6
#$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport -s
147.202.001.001 --dports 53,1194,5060,5065,1813,123,10000:20000,35000:36000
-m state --state NEW -j Out_RULE_6
$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport --dports 1:55000
-m state --state NEW -j Out_RULE_6
$IPTABLES -A Out_RULE_6 -j LOG --log-level warning --log-prefix "RULE 6 --
ACCEPT "
$IPTABLES -A Out_RULE_6 -j ACCEPT
#
# Rule 7 (global)
#
echo "Rule 7 (global)"
#
#
#
$IPTABLES -N RULE_7
$IPTABLES -A OUTPUT -j RULE_7
$IPTABLES -A INPUT -j RULE_7
$IPTABLES -A FORWARD -j RULE_7
$IPTABLES -A RULE_7 -j LOG --log-level warning --log-prefix "RULE 7 --
DENY "
$IPTABLES -A RULE_7 -j DROP
#
#
31 Jul
31 Jul
9:11 a.m.
New subject: [Kamailio-Users] [OpenSER-Users] Firewall
I am not expert in firewalls and don't use media proxy, but such case
should be easy to troubleshoot with some network sniffer and stat. Run
tools like netstat to see the ports applications listen to, the sniffer
to see attempts for connections and relax firewall rules to permit that
communication.
Cheers,
Daniel
On 07/24/08 11:16, CSB wrote:
I have an error which is driving me crazy:
Jul 24 16:58:34 beta /sbin/openser[5446]: ERROR:core:udp_send:
sendto(sock,0x81aaed8,825,0,0xb61216f0,16): Operation not permitted(1)
Jul 24 16:58:34 beta /sbin/openser[5446]: ERROR:tm:msg_send: udp_send
failed
This is firewall related because when I turn iptables off the problem
goes away. But although all ACCEPT and DENY messages are logged by the
firewall, there is no corresponding message logged.
When a call is made between two UACs and the far end attempts to
answer the call, the call is not answered successfully. The dialogue
is shown below.
If I turn the firewall off, start a call and then turn the firewall on
the call continues successfully. However the next call is not
successful. We use Mediaproxy and I suspect that is trying to do some
communication that is being blocked by the firewall but that is only a
suspicion. The dialogue for this call is shown at the bottom.
When comparing these two dialogues with the firewall turned on:
- when the callee answers, OpenSER receives a 200 OK but doesn’t
immediately pass that on to the caller
- after a number of 200 messages from the callee, OpenSER sends the
200 to the caller but the Contact is the private IP address whereas
when the firewall is turned off it is the public IP address
I have also included the iptables config. Note that some lines are
commented out due to the testing I’m doing and IP addresses have been
changed.
Any advice on the changes required would be appreciated.
Thanks
****************************
SIP dialogue with firewall on
U 58.28.001.001:5060 -> 147.202.001.001:5060INVITE
sip:44556644@domain.com:5060;user=phone SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK31ee9ba27B17140D..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE,
REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
70..Content-Type: application/sdp..Content-Length: 251....v=0..o=-
1216790239 1216790239 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN
IP4 192.168.1.102..t=0 0..m=audio 2222 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8
PCMA/8000..a=rtpmap:18 G729/8000..a=rtpmap:101 telephone-event/8000..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 100 Giving a
try..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK31ee9ba27B17140D;rport=5060;received=58.28.001.001..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Server: OpenSER (1.3.2-notls
(i386/linux))..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065INVITE
sip:44556644@192.168.1.124:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE,
REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
69..Content-Type: application/sdp..Content-Length: 253....v=0..o=-
1216790239 1216790239 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN
IP4 147.202.001.001..t=0 0..m=audio 35982 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8
PCMA/8000..a=rtpmap:18 G729/8000..a=rtpmap:101 telephone-event/8000..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 100 Trying..To:
<sip:44556644@domain.com;user=phone>..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 180 Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 180 Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5060 -> 147.202.001.001:5060ACK
sip:44556644@192.168.1.124:5065 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK4b4d0d4aF803AD55..From: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..CSeq:
1 ACK..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE,
REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards:
70..Content-Length: 0....
U 147.202.001.001:5060 -> 192.168.1.124:5065ACK
sip:44556644@192.168.1.124:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=566CA8D1-4C8E0458>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bK4b4d0d4aF803AD55..Via: SIP/2.0/UDP
192.168.1.102;received=58.28.001.001;branch=z9hG4bK4b4d0d4aF803AD55..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..CSeq: 1
ACK..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE,
REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards:
69..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bK07da.73971d95.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..From:
"CSB" <sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bK31ee9ba27B17140D..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 298748 298748 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16424
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKc0cc.a198b237.0..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
69..User-Agent: Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5060 -> 147.202.001.001:5060SIP/2.0 200 OK..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKc0cc.a198b237.0..Via:
SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..CSeq: 101
BYE..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200 OK..Via:
SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..CSeq: 101
BYE..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..Call-ID:
7f806604-ea80e337-e14b8216@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=566CA8D1-4C8E0458;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200 OK..Via:
SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-947b0ac7..From:
<sip:44556644@domain.com;user=phone>;tag=e07209dc8d8de14fi5..To: "CSB"
<sip:44556648@domain.com>;tag=566CA8D1-4C8E0458..CSeq: 101
BYE..Call-ID: 7f806604-ea80e337-e14b8216@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=e07209dc8d8de14fi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
**************************************
SIP dialogue with Firewall off
U 58.28.001.001:5060 -> 147.202.001.001:5060INVITE
sip:44556644@domain.com:5060;user=phone SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bKca52e47AD4AD366..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE,
REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
70..Content-Type: application/sdp..Content-Length: 251....v=0..o=-
1216790431 1216790431 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN
IP4 192.168.1.102..t=0 0..m=audio 2224 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8
PCMA/8000..a=rtpmap:18 G729/8000..a=rtpmap:101 telephone-event/8000..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 100 Giving a
try..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bKca52e47AD4AD366;rport=5060;received=58.28.001.001..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Server: OpenSER (1.3.2-notls
(i386/linux))..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065INVITE
sip:44556644@192.168.1.124:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>..CSeq: 1 INVITE..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE,
REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Supported:
100rel,replaces..Allow-Events: talk,hold,conference..Max-Forwards:
69..Content-Type: application/sdp..Content-Length: 253....v=0..o=-
1216790431 1216790431 IN IP4 192.168.1.102..s=Polycom IP Phone..c=IN
IP4 147.202.001.001..t=0 0..m=audio 35984 RTP/AVP 0 8 18
101..a=sendrecv..a=rtpmap:0 PCMU/8000..a=rtpmap:8
PCMA/8000..a=rtpmap:18 G729/8000..a=rtpmap:101 telephone-event/8000..
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 100 Trying..To:
<sip:44556644@domain.com;user=phone>..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 180 Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 180 Ringing..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 317989 317989 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16426
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@58.28.001.001:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 209..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 317989 317989 IN
IP4 192.168.1.124..s=-..c=IN IP4 147.202.001.001..t=0 0..m=audio 35984
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5060 -> 147.202.001.001:5060ACK
sip:44556644@58.28.001.001:5065 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.102;branch=z9hG4bK9bb7064fBA56088E..From: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..CSeq:
1 ACK..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE,
REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards:
70..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065ACK
sip:44556644@58.28.001.001:5065 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=3D7BF99A-F3B3ACE5>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKf294.1cda4646.2..Via: SIP/2.0/UDP
192.168.1.102;received=58.28.001.001;branch=z9hG4bK9bb7064fBA56088E..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..CSeq: 1
ACK..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE,
REFER..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Max-Forwards:
69..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKf294.1cda4646.0..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@192.168.1.124:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 208..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 317989 317989 IN
IP4 192.168.1.124..s=-..c=IN IP4 192.168.1.124..t=0 0..m=audio 16426
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 147.202.001.001:5060 -> 58.28.001.001:5060SIP/2.0 200 OK..To:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..From:
"CSB" <sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 1 INVITE..Via:
SIP/2.0/UDP
192.168.1.102;rport=5060;received=58.28.001.001;branch=z9hG4bKca52e47AD4AD366..Record-Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..Contact:
<sip:44556644@58.28.001.001:5065>..Server:
Linksys/SPA962-5.1.18(SC)..Content-Length: 209..Allow: ACK, BYE,
CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported:
replaces..Content-Type: application/sdp....v=0..o=- 317989 317989 IN
IP4 192.168.1.124..s=-..c=IN IP4 147.202.001.001..t=0 0..m=audio 35984
RTP/AVP 0 101..a=rtpmap:0 PCMU/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-15..a=ptime:30..a=sendrecv..
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..Via: SIP/2.0/UDP
147.202.001.001;branch=z9hG4bKac76.c88550f.0..Via: SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
69..User-Agent: Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 58.28.001.001:5060 -> 147.202.001.001:5060SIP/2.0 200 OK..Via:
SIP/2.0/UDP 147.202.001.001;branch=z9hG4bKac76.c88550f.0..Via:
SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..CSeq: 101
BYE..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@192.168.1.102>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200 OK..Via:
SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..CSeq: 101
BYE..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
U 58.28.001.001:5065 -> 147.202.001.001:5060BYE
sip:44556648@58.28.001.001:5060 SIP/2.0..Via: SIP/2.0/UDP
192.168.1.124:5065;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..Call-ID:
26e8c161-7e674928-90cba56b@192.168.1.102..CSeq: 101 BYE..Max-Forwards:
70..Route:
<sip:147.202.001.001:5060;nat=yes;ftag=3D7BF99A-F3B3ACE5;lr=on>..User-Agent:
Linksys/SPA962-5.1.18(SC)..Content-Length: 0....
U 147.202.001.001:5060 -> 58.28.001.001:5065SIP/2.0 200 OK..Via:
SIP/2.0/UDP
192.168.1.124:5065;received=58.28.001.001;branch=z9hG4bK-6829d146..From:
<sip:44556644@domain.com;user=phone>;tag=9f9da889431cd5afi5..To: "CSB"
<sip:44556648@domain.com>;tag=3D7BF99A-F3B3ACE5..CSeq: 101
BYE..Call-ID: 26e8c161-7e674928-90cba56b@192.168.1.102..Contact:
<sip:44556648@58.28.001.001:5060>..Record-Route:
<sip:147.202.001.001;lr=on;ftag=9f9da889431cd5afi5>..User-Agent:
PolycomSoundPointIP-SPIP_320-UA/2.1.1.0037..Content-Length: 0....
**************************
iptables config
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Rule 0 (tun0,tun1,tun2)
#
echo "Rule 0 (tun0,tun1,tun2)"
#
#
#
$IPTABLES -N In_RULE_0
$IPTABLES -A INPUT -i tun0 -m state --state NEW -j In_RULE_0
$IPTABLES -A INPUT -i tun1 -m state --state NEW -j In_RULE_0
$IPTABLES -A INPUT -i tun2 -m state --state NEW -j In_RULE_0
$IPTABLES -A FORWARD -i tun0 -m state --state NEW -j In_RULE_0
$IPTABLES -A FORWARD -i tun1 -m state --state NEW -j In_RULE_0
$IPTABLES -A FORWARD -i tun2 -m state --state NEW -j In_RULE_0
$IPTABLES -A In_RULE_0 -j LOG --log-level warning --log-prefix "RULE 0
-- ACCEPT "
$IPTABLES -A In_RULE_0 -j ACCEPT
$IPTABLES -N Out_RULE_0
$IPTABLES -A OUTPUT -o tun0 -m state --state NEW -j Out_RULE_0
$IPTABLES -A OUTPUT -o tun1 -m state --state NEW -j Out_RULE_0
$IPTABLES -A OUTPUT -o tun2 -m state --state NEW -j Out_RULE_0
$IPTABLES -A FORWARD -o tun0 -m state --state NEW -j Out_RULE_0
$IPTABLES -A FORWARD -o tun1 -m state --state NEW -j Out_RULE_0
$IPTABLES -A FORWARD -o tun2 -m state --state NEW -j Out_RULE_0
$IPTABLES -A Out_RULE_0 -j LOG --log-level warning --log-prefix "RULE
0 -- ACCEPT "
$IPTABLES -A Out_RULE_0 -j ACCEPT
$IPTABLES -A Out_RULE_0 -j ACCEPT
#
# Rule 1 (lo)
#
echo "Rule 1 (lo)"
#
#
#
$IPTABLES -N In_RULE_1
$IPTABLES -A INPUT -i lo -p icmp -m icmp --icmp-type any -m state
--state NEW -j In_RULE_1
$IPTABLES -A INPUT -i lo -p tcp -m tcp -m multiport --dports
25060,8008,25,443,80,22,3306,5060 -m state --state NEW -j In_RULE_1
#$IPTABLES -A INPUT -i lo -p udp -m udp -m multiport --dports
5060,1813 -m state --state NEW -j In_RULE_1
$IPTABLES -A INPUT -i lo -p udp -m udp -m multiport --dports 1:55000
-m state --state NEW -j In_RULE_1
$IPTABLES -A In_RULE_1 -j LOG --log-level warning --log-prefix "RULE 1
-- ACCEPT "
$IPTABLES -A In_RULE_1 -j ACCEPT
$IPTABLES -N Out_RULE_1
$IPTABLES -A OUTPUT -o lo -p icmp -m icmp --icmp-type any -m state
--state NEW -j Out_RULE_1
$IPTABLES -A OUTPUT -o lo -p tcp -m tcp -m multiport --dports
25060,8008,25,443,80,22,3306,5060 -m state --state NEW -j Out_RULE_1
#$IPTABLES -A OUTPUT -o lo -p udp -m udp -m multiport --dports
5060,1813 -m state --state NEW -j Out_RULE_1
$IPTABLES -A OUTPUT -o lo -p udp -m udp -m multiport --dports 1:55000
-m state --state NEW -j Out_RULE_1
$IPTABLES -A Out_RULE_1 -j LOG --log-level warning --log-prefix "RULE
1 -- ACCEPT "
$IPTABLES -A Out_RULE_1 -j ACCEPT
#
# Rule 2 (eth0)
#
echo "Rule 2 (eth0)"
#
#
#
$IPTABLES -N Out_RULE_2
$IPTABLES -A OUTPUT -o eth0 -d 10.8.1.1 -m state --state NEW -j Out_RULE_2
$IPTABLES -A FORWARD -o eth0 -d 10.8.1.1 -m state --state NEW -j
Out_RULE_2
$IPTABLES -A Out_RULE_2 -j LOG --log-level warning --log-prefix "RULE
2 -- ACCEPT "
$IPTABLES -A Out_RULE_2 -j ACCEPT
#
# Rule 3 (eth0)
#
echo "Rule 3 (eth0)"
#
# ping test for nagios
#
$IPTABLES -N Cid485B0E561900.0
$IPTABLES -A INPUT -i eth0 -d 147.202.001.001 -m state --state NEW -j
Cid485B0E561900.0
$IPTABLES -N Cid485B0E561900.1
$IPTABLES -A Cid485B0E561900.0 -p icmp -m icmp --icmp-type any -j
Cid485B0E561900.1
$IPTABLES -A Cid485B0E561900.0 -p tcp -m tcp -m multiport --dports
25,3306 -j Cid485B0E561900.1
$IPTABLES -N In_RULE_3
$IPTABLES -A Cid485B0E561900.1 -s 203.89.001.001 -j In_RULE_3
$IPTABLES -A Cid485B0E561900.1 -s 58.28.001.001 -j In_RULE_3
$IPTABLES -A Cid485B0E561900.1 -s 64.38.001.001 -j In_RULE_3
$IPTABLES -A In_RULE_3 -j LOG --log-level warning --log-prefix "RULE 3
-- ACCEPT "
$IPTABLES -A In_RULE_3 -j ACCEPT
#
echo "Rule 4 (eth0)"
#
# ping test for nagios
#
$IPTABLES -N Cid485B0E6A1900.0
$IPTABLES -A OUTPUT -o eth0 -s 147.202.001.001 -m state --state NEW -j
Cid485B0E6A1900.0
$IPTABLES -N Cid485B0E6A1900.1
$IPTABLES -A Cid485B0E6A1900.0 -p icmp -m icmp --icmp-type any -j
Cid485B0E6A1900.1
$IPTABLES -A Cid485B0E6A1900.0 -p tcp -m tcp -m multiport --dports
25,3306 -j Cid485B0E6A1900.1
$IPTABLES -N Out_RULE_4
$IPTABLES -A Cid485B0E6A1900.1 -d 203.89.001.001 -j Out_RULE_4
$IPTABLES -A Cid485B0E6A1900.1 -d 58.28.001.001 -j Out_RULE_4
$IPTABLES -A Cid485B0E6A1900.1 -d 64.38.001.001 -j Out_RULE_4
$IPTABLES -A Out_RULE_4 -j LOG --log-level warning --log-prefix "RULE
4 -- ACCEPT "
$IPTABLES -A Out_RULE_4 -j ACCEPT
#
# Rule 5 (eth0)
#
echo "Rule 5 (eth0)"
#
#
#
$IPTABLES -N In_RULE_5
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -m multiport -d
147.202.001.001 --dports 5060,22,443,80,53,25060,8008 -m state --state
NEW -j In_RULE_5
#$IPTABLES -A INPUT -i eth0 -p udp -m udp -d 147.202.001.001 --dport
10000:20000 -m state --state NEW -j In_RULE_5
#$IPTABLES -A INPUT -i eth0 -p udp -m udp -d 147.202.001.001 --dport
35000:36000 -m state --state NEW -j In_RULE_5
#$IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport -d
147.202.001.001 --dports 1194,5065,5060,53,10000:20000,35000:36000 -m
state --state NEW -j In_RULE_5
$IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport --dports 1:55000
-m state --state NEW -j In_RULE_5
$IPTABLES -A In_RULE_5 -j LOG --log-level warning --log-prefix "RULE 5
-- ACCEPT "
$IPTABLES -A In_RULE_5 -j ACCEPT
#
# Rule 6 (eth0)
#
echo "Rule 6 (eth0)"
#
#
#
$IPTABLES -N Out_RULE_6
$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -m multiport -s
147.202.001.001 --dports 22,53,80,443,5060,8008,25060,25 -m state
--state NEW -j Out_RULE_6
#$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -s 147.202.001.001 --dport
10000:20000 -m state --state NEW -j Out_RULE_6
#$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -s 147.202.001.001 --dport
35000:36000 -m state --state NEW -j Out_RULE_6
#$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport -s
147.202.001.001 --dports
53,1194,5060,5065,1813,123,10000:20000,35000:36000 -m state --state
NEW -j Out_RULE_6
$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport --dports
1:55000 -m state --state NEW -j Out_RULE_6
$IPTABLES -A Out_RULE_6 -j LOG --log-level warning --log-prefix "RULE
6 -- ACCEPT "
$IPTABLES -A Out_RULE_6 -j ACCEPT
#
# Rule 7 (global)
#
echo "Rule 7 (global)"
#
#
#
$IPTABLES -N RULE_7
$IPTABLES -A OUTPUT -j RULE_7
$IPTABLES -A INPUT -j RULE_7
$IPTABLES -A FORWARD -j RULE_7
$IPTABLES -A RULE_7 -j LOG --log-level warning --log-prefix "RULE 7 --
DENY "
$IPTABLES -A RULE_7 -j DROP
#
#
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
--
Daniel-Constantin Mierla
http://www.asipto.com
5964
days inactive
5971
days old
1 comments
2 participants
participants (2)
-
CSB -
Daniel-Constantin Mierla