[OpenSIPS-Users] media-relay not relaying when iptables running
Saúl Ibarra Corretgé
saul at ag-projects.com
Thu Oct 20 17:29:34 CEST 2011
Hi,
On Oct 20, 2011, at 4:54 PM, JimDoesVoip wrote:
> Hi Saúl,
>
> I have this little voice in the back of my head telling me to switch to
> debian. I'm too stubborn to give up sometimes, but feeling like we are
> close a switch now; if we want fail2ban watching opensips and to coexisting
> with media-relay... but back on topic.
>
Listen to it, you know she is right ;-)
> We do have the modules loaded, and we do have the forwarding enabled in
> /proc, so it makes sense that things are working; Unfortnately as the thread
> says if we want to startup iptables (run /etc/init.d/iptables) to be able to
> run something like fail2ban against it, it seems it is interfering
> media-relay. What is strange is that conntrack -L shows entries (for SIP
> signaling) when iptables service is running, but doesn't show anything when
> it is off.
>
Probably we'd find the answer by looking at what that init file does...
> Interestingly, if we setup a call with iptables running, we have no audio,
> but then if we stop iptables audio comes through for the call. Could this
> mean media-relay is setting things up, but they are blocked by iptables?
>
Jeff just pointed out that your default policy for FORWARD is reject, can you change it to accept?
>
> When we have a no audio call with iptables running; the media-relay
> /var/log/messages output just notes the ports that are being setup and
> closed.
>
>
> Oct 20 10:49:42 bstnma-ospis1-b2 media-relay[19908]:
> mediaproxy.mediacontrol.StreamListenerProtocol starting on 40072
> Oct 20 10:49:42 bstnma-ospis1-b2 media-relay[19908]:
> mediaproxy.mediacontrol.StreamListenerProtocol starting on 40073
> Oct 20 10:49:42 bstnma-ospis1-b2 media-relay[19908]:
> mediaproxy.mediacontrol.StreamListenerProtocol starting on 40074
> Oct 20 10:49:42 bstnma-ospis1-b2 media-relay[19908]:
> mediaproxy.mediacontrol.StreamListenerProtocol starting on 40075
>
> Oct 20 10:50:31 bstnma-ospis1-b2 media-relay[19908]: (Port 40072 Closed)
> Oct 20 10:50:31 bstnma-ospis1-b2 media-relay[19908]: (Port 40073 Closed)
> Oct 20 10:50:31 bstnma-ospis1-b2 media-relay[19908]: (Port 40074 Closed)
> Oct 20 10:50:31 bstnma-ospis1-b2 media-relay[19908]: (Port 40075 Closed)
>
>
>
> Here is the error-ish looking output from mediarelay of /var/log/messages
> for a call that has audio with the iptables process off
> (/etc/init.d/iptables stop):
>
>
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]: Traceback (most recent
> call last):
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]: File
> "/usr/lib/python2.6/site-packages/twisted/internet/udp.py", line 126, in
> doRead
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]:
> self.protocol.datagramReceived(data, addr)
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]: File
> "/root/ISO/mediaproxy1/mediaproxy/mediacontrol.py", line 130, in
> datagramReceived
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]: self.cb_func(host,
> port, data)
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]: File
> "/root/ISO/mediaproxy1/mediaproxy/mediacontrol.py", line 246, in got_data
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]:
> self.substream.check_create_conntrack()
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]: File
> "/root/ISO/mediaproxy1/mediaproxy/mediacontrol.py", line 297, in
> check_create_conntrack
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]:
> self.forwarding_rule = _conntrack.ForwardingRule(self.caller.remote,
> self.caller.local, self.callee.remote, self.callee.local,
> self.stream.session.mark)
> Oct 20 10:03:52 bstnma-ospis1-b2 media-relay[19908]: Error: iptables who?
> (do you need to insmod?)
>
>
This is probably caused because the nat table is missing because stopping iptables unloaded it. MediaProxy checks for this, but only at start time.
Regards,
--
Saúl Ibarra Corretgé
AG Projects
More information about the Users
mailing list