[Firehol-support] one-way only sip, responses going back through the wrong interface

Spike spike at drba.org
Mon Mar 6 05:37:30 GMT 2017


Hi,

stuck here and was hoping someone on the list might have a suggestion for
how to debug this problem.

I had a working link-balancer/firehol configuration, but I think it worked
by accident... either that or tonight I broke something I can't figure out.

I have two uplinks and connections are working as far I can tell , internet
is up, I can browse fine, however when it comes to SIP something strange is
happening: the INVITE is coming through one uplink, but the answers are
going out of the other with the src ip of the internal iface they came in
through.

Setup is as follows:
gw7:172.30.7.1/24
gw20:172.30.20.1/24
fw:
 - iface7: 172.30.7.2/24
 - iface20: 172.30.20.2/24

firehol.conf has connmark 0x7 iface7 and connmark 0x20 iface20
linkbalancer.conf has a policy section with connmark 0x7 table t7 and
connmark 0x20 table t20

those should have been all the necessary steps, but clearly I'm doing
something wrong. Any thoughts?

thanks,

Spike



More information about the Firehol-support mailing list