[Firehol-support] one-way only sip, responses going back through the wrong interface
Spike
spike at drba.org
Mon Mar 6 06:31:35 GMT 2017
actually, bear with me, maybe i'm mistaken but there really seems to be a
problem as I'm seeing traffic with sourceip of iface7, 172.30.7.2, going
out of interface 20. So it really seems to me I'm doing something wrong
where traffic is sent out the wrong interface/the ip of the other. Even if
the ITSP has an established connection through iface20 I'm thinking the
routing etc should enforce the traffic to go back iface7. Is that not how
it works?
thanks,
Spike
On Sun, Mar 5, 2017 at 9:52 PM Spike <spike at drba.org> wrote:
> upon second thoughts, this may just be a problem with sip trunking and
> failover on the ITSP part. My PBX had already a connection open to the ITSP
> on iface20 (selected randomly by weight when asterisk started up) when I
> observed this problem, but because of a configuration on the ITSP side the
> call was coming in iface7. At that point i'm guessing that despite the
> connection having come in through 7, was sent out over 20 because of the
> existing connection to the ITSP. Therefore the problem is not really with
> the fw, but with the connections to the ITSP. I guess I could add some
> rules to prefer one route over the other and configure both ends to use
> that route unless it fails at which point both would switch to the other.
>
> would that be a policy routing rule to add to link-balancer.conf?
>
> thanks,
>
> Spike
>
> On Sun, Mar 5, 2017 at 9:37 PM Spike <spike at drba.org> wrote:
>
> Hi,
>
> stuck here and was hoping someone on the list might have a suggestion for
> how to debug this problem.
>
> I had a working link-balancer/firehol configuration, but I think it worked
> by accident... either that or tonight I broke something I can't figure out.
>
> I have two uplinks and connections are working as far I can tell ,
> internet is up, I can browse fine, however when it comes to SIP something
> strange is happening: the INVITE is coming through one uplink, but the
> answers are going out of the other with the src ip of the internal iface
> they came in through.
>
> Setup is as follows:
> gw7:172.30.7.1/24
> gw20:172.30.20.1/24
> fw:
> - iface7: 172.30.7.2/24
> - iface20: 172.30.20.2/24
>
> firehol.conf has connmark 0x7 iface7 and connmark 0x20 iface20
> linkbalancer.conf has a policy section with connmark 0x7 table t7 and
> connmark 0x20 table t20
>
> those should have been all the necessary steps, but clearly I'm doing
> something wrong. Any thoughts?
>
> thanks,
>
> Spike
>
>
More information about the Firehol-support
mailing list