[SR-Users] UDP send: Operation not permitted
Daniel-Constantin Mierla
miconda at gmail.com
Fri Mar 11 18:07:13 CET 2016
Hello,
this proves again my theory that best options one could get for contrack
and selinux is to disable them completely ...
Anyhow, great that you reported back, I am sure it will help others over
the time.
Cheers,
Daniel
On 11/03/16 14:49, Sebastian Damm wrote:
> Hi,
>
> just to resolve this thread, we found the reason for the problem. It
> occurs, when we try sending out packets to a customer, which look
> identical to netfilter, at roughly the same time. Those could be for
> example forked calls to two extensions registered on the same device
> (a FRITZ Box for example). Then netfilter tries to insert the same
> packet into its conntrack table twice, causing a collision, leading to
> a rejection of one of the packets.
>
> We played around with different kernels, without success. The errors
> kept on coming as long as the nf_conntrack module was loaded, even if
> there was no iptables rule using it.
>
> The only solution right now seems to be a stateless firewall and
> unloading the module.
>
> Best Regards,
> Sebastian
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com
More information about the sr-users
mailing list