[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Strange MASQ problem



tcpdump and ngrep were used on the OUTGOING interface. durring sip traffic,
I see my Internal address, along with the External address when the IAX
packets go by or when I ping something outside from the same box that is
sending the sip packets. This is perplexing.  In an attempt to further trace
this down I did a "telnet realworldaddress 5060" from the box that is not
getting masq'd... this was masq'd, right next to the other traffic that was
not! Any suggestions of what to try next would be appreciated.





----- Original Message ----- 
From: "Danny Sauer" <sauer@cloudmaster.com>
To: <luci-discuss@luci.org>
Sent: Thursday, January 26, 2006 5:04 PM
Subject: Re: Strange MASQ problem


> Jorj wrote regarding 'Strange MASQ problem' on Thu, Jan 26 at 13:37:
> > I MASQ all traffic from my internal network to the internet. ONE port on
ONE
> > box is somehow getting through without being masq'd. I refer to port
5060 on
> > my asterisk box. The IAX ports, any pings etc from this box go out
masq'd
> > fine, but sip is going out with my internal ip's so concequently they
are
> > not arriving at their destinations..
>
> How are you determining that it's not getting masq'd - are you using a
> packet sniffer on the outgoing port (eth0, right?) and looking at the
> address in the TCP headers, or are you looking at something in the
> protocol (either with a dissasembler or some client program)?  I ask
> mainly because I'm not sure about the protocol being used, and I'm not
> sure if the IP information is potentially included in the data part?
> Some protocols need mangled to be masqueraded - like active FTP which
> needs the "return address" changed around...
>
> Well, I also mention that because I didn't see anything wrong with the
> iptables rules, but I didn't look that closely, either. :)
>
> And then there's this:
> http://www.voip-info.org/wiki-Asterisk+sip+nat
> http://www.google.com/search?q=sip+nat
>
> --Danny
>
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.


-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.