UT 5.3 and SIP

GregKeys · 08-04-2008, 12:42 PM

I am still having some really odd issues with SIP since switching over to a UT from my netgear.
Due to UT using SIP helpers (SIP ALG) I can no longer let my asterisk server handle the NAT issues directly, and UT is not handleing it very well. For the most part, I seem to only be able to have 1 sip trunk connected.

In my setup, I have 2 SIP trunks. One of them is always showing unavailable. I have tried running one on port 5060 and the other on 5062, but have never gotten a trunk to connect on any port other than 5060.
Does anyone have any info on just what is going on (technically) with UT and SIP? Is it only "helping" on port 5060? Or, is it doing deep packet inspection and helping on any packets identified as SIP regardless of the port? Or, does it do SIP translations on a range of ports (if so, what is the range?) I really must get this resolved and get SIP working reliably again. Is there any way to just turn off the SIP helpers in UT so I can handle the SIP conversions at the server level?

Greg Keys

tbelote · 08-04-2008, 03:34 PM

We have an open bug about this http://bugzilla.untangle.com/show_bug.cgi?id=4491 If you want to disable the sip nat helps manually run:

rmmod nf_nat_sip
rmmod nf_conntrack_sip
sed -i -e "s/nf_nat_sip//" /etc/untangle-net-alpaca/scripts/modules
sed -i -e "s/nf_conntrack_sip//" /etc/untangle-net-alpaca/scripts/modules

tbelote · 08-04-2008, 03:35 PM

Let me know if this helps.

GregKeys · 08-04-2008, 04:35 PM

hmmmmm....... I get massive errors when putting in the commands you detailed:

login as: root
Using keyboard-interactive authentication.
Password:
~ # rmmod nf_nat_sip [root @ untangle2]
ERROR: Module nf_nat is in use by nf_nat_tftp,nf_nat_pptp,nf_nat_h323,nf_nat_amanda, nf_nat_proto_gre,nf_nat_irc,nf_nat_ftp,nf_conntrac k_netlink,ipt_MASQUERADE,iptable_nat
ERROR: Module nf_conntrack is in use by xt_NOTRACK,xt_connmark,nf_nat_tftp,nf_nat_pptp,nf_ nat_h323,nf_nat_amanda,nf_nat_snmp_basic,nf_nat_ir c,nf_nat_ftp,nf_conntrack_pptp,nf_conntrack_irc,nf _conntrack_ftp,nf_conntrack_proto_sctp,nf_conntrac k_netlink,nf_conntrack_amanda,nf_conntrack_tftp,nf _conntrack_proto_gre,nf_conntrack_netbios_ns,nf_co nntrack_h323,ipt_MASQUERADE,xt_conntrack,xt_CONNMA RK,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
~ # rmmod nf_conntrack_sip [root @ untangle2]
no module names given
Usage: rmmod [-fhswvV] modulename ...
-f (or --force) forces a module unload, and may crash your
machine. This requires the Forced Module Removal option
when the kernel was compiled.
-h (or --help) prints this help text
-s (or --syslog) says use syslog, not stderr
-v (or --verbose) enables more messages
-V (or --version) prints the version code
-w (or --wait) begins a module removal even if it is used
and will stop new users from accessing the module (so it
should eventually fall to zero).
~ #

minorroadskill · 08-04-2008, 08:20 PM

I'm having a slightly different SIP problem. I can register more than one trunk without any configuration of UT, but I can't register any remote phones!

I have tried forwarding SIP/RTP in alpaca, and disabling SIP bypass, but neither (individually or collectively) has worked.

Again, this worked with several SOHO routers in the past, by simply port forwarding TFTP/SIP/RTP. UT does port forward TFTP properly.

Does anyone have any clues?

sky-knight · 08-04-2008, 11:22 PM

As indicated here UT has SIP helpers enabled by default to do NAT correction. If your PBX is attempting to do this for you it will fail.

GregKeys · 08-12-2008, 12:17 PM

I am happy to report that using sed to remove the modules and rebooting did the trick. No further SIP issues as long as my asterisk sip_nat.conf is set up correctly.

Greg Keys

csturgill · 08-27-2008, 06:54 AM

I applied these commands at the terminal window

rmmod nf_nat_sip
rmmod nf_conntrack_sip
sed -i -e "s/nf_nat_sip//" /etc/untangle-net-alpaca/scripts/modules
sed -i -e "s/nf_conntrack_sip//" /etc/untangle-net-alpaca/scripts/modules

The result was all outbound traffic stopped.
I can not ping anything other than the internal interface on the Untangle server. It was like it stopped routing traffic.

I got the exact same messages at the command line as Greg

Any Ideas? I really need SIP to work and I have had the same issues with Endian firewall as Untangle. I can place a call but I get no audio. I can get video but no audio. Not too sure what the problem is with audio.

I do have the Trixbox server setup correctly to handle NAT in the sip_nat.conf and I do not want the firewall to handle the SIP natting issues since Trixbox does this really well.

I had all this working with IPCop but I was having other issues with IPCop. I may be trying that again if I can not get Endian or Untangle to work.

trans_lux · 09-02-2008, 02:45 PM

Hello this worked for me as well, was driving me crazy as I could not pinpoint the issue to save my life. I also received these errors but rebooted and all was fine.

tbelote · 09-02-2008, 02:52 PM

Those errors are expected, to confirm if it worked try "lsmod | grep nf_nat_sip"

08-04-2008, 12:42 PM	#1 (permalink)
GregKeys Untanglit Join Date: Mar 2008 Posts: 18	UT 5.3 and SIP I am still having some really odd issues with SIP since switching over to a UT from my netgear. Due to UT using SIP helpers (SIP ALG) I can no longer let my asterisk server handle the NAT issues directly, and UT is not handleing it very well. For the most part, I seem to only be able to have 1 sip trunk connected. In my setup, I have 2 SIP trunks. One of them is always showing unavailable. I have tried running one on port 5060 and the other on 5062, but have never gotten a trunk to connect on any port other than 5060. Does anyone have any info on just what is going on (technically) with UT and SIP? Is it only "helping" on port 5060? Or, is it doing deep packet inspection and helping on any packets identified as SIP regardless of the port? Or, does it do SIP translations on a range of ports (if so, what is the range?) I really must get this resolved and get SIP working reliably again. Is there any way to just turn off the SIP helpers in UT so I can handle the SIP conversions at the server level? Greg Keys

08-04-2008, 03:34 PM	#2 (permalink)
tbelote Master Untangler Join Date: Oct 2007 Posts: 328	We have an open bug about this http://bugzilla.untangle.com/show_bug.cgi?id=4491 If you want to disable the sip nat helps manually run: rmmod nf_nat_sip rmmod nf_conntrack_sip sed -i -e "s/nf_nat_sip//" /etc/untangle-net-alpaca/scripts/modules sed -i -e "s/nf_conntrack_sip//" /etc/untangle-net-alpaca/scripts/modules __________________ Thomas Belote Untangle

08-04-2008, 03:35 PM	#3 (permalink)
tbelote Master Untangler Join Date: Oct 2007 Posts: 328	Let me know if this helps. __________________ Thomas Belote Untangle

08-04-2008, 11:22 PM	#6 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 7 Posts: 9,450	As indicated here UT has SIP helpers enabled by default to do NAT correction. If your PBX is attempting to do this for you it will fail. __________________ Intouch Technology Rob Sandling, BS:SWE, MCP Office: 480-272-9889 rob@intouchtechllc.com

08-27-2008, 06:54 AM	#8 (permalink)
csturgill Newbie Join Date: Aug 2008 Posts: 1	This Broke My Untangle Install I applied these commands at the terminal window rmmod nf_nat_sip rmmod nf_conntrack_sip sed -i -e "s/nf_nat_sip//" /etc/untangle-net-alpaca/scripts/modules sed -i -e "s/nf_conntrack_sip//" /etc/untangle-net-alpaca/scripts/modules The result was all outbound traffic stopped. I can not ping anything other than the internal interface on the Untangle server. It was like it stopped routing traffic. I got the exact same messages at the command line as Greg Any Ideas? I really need SIP to work and I have had the same issues with Endian firewall as Untangle. I can place a call but I get no audio. I can get video but no audio. Not too sure what the problem is with audio. I do have the Trixbox server setup correctly to handle NAT in the sip_nat.conf and I do not want the firewall to handle the SIP natting issues since Trixbox does this really well. I had all this working with IPCop but I was having other issues with IPCop. I may be trying that again if I can not get Endian or Untangle to work.

08-04-2008, 04:35 PM	#4 (permalink)
GregKeys Untanglit Join Date: Mar 2008 Posts: 18	hmmmmm....... I get massive errors when putting in the commands you detailed: login as: root Using keyboard-interactive authentication. Password: ~ # rmmod nf_nat_sip [root @ untangle2] ERROR: Module nf_nat is in use by nf_nat_tftp,nf_nat_pptp,nf_nat_h323,nf_nat_amanda, nf_nat_proto_gre,nf_nat_irc,nf_nat_ftp,nf_conntrac k_netlink,ipt_MASQUERADE,iptable_nat ERROR: Module nf_conntrack is in use by xt_NOTRACK,xt_connmark,nf_nat_tftp,nf_nat_pptp,nf_ nat_h323,nf_nat_amanda,nf_nat_snmp_basic,nf_nat_ir c,nf_nat_ftp,nf_conntrack_pptp,nf_conntrack_irc,nf _conntrack_ftp,nf_conntrack_proto_sctp,nf_conntrac k_netlink,nf_conntrack_amanda,nf_conntrack_tftp,nf _conntrack_proto_gre,nf_conntrack_netbios_ns,nf_co nntrack_h323,ipt_MASQUERADE,xt_conntrack,xt_CONNMA RK,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4 ~ # rmmod nf_conntrack_sip [root @ untangle2] no module names given Usage: rmmod [-fhswvV] modulename ... -f (or --force) forces a module unload, and may crash your machine. This requires the Forced Module Removal option when the kernel was compiled. -h (or --help) prints this help text -s (or --syslog) says use syslog, not stderr -v (or --verbose) enables more messages -V (or --version) prints the version code -w (or --wait) begins a module removal even if it is used and will stop new users from accessing the module (so it should eventually fall to zero). ~ #

08-04-2008, 08:20 PM	#5 (permalink)
minorroadskill Untanglit Join Date: Jun 2008 Posts: 12	I'm having a slightly different SIP problem. I can register more than one trunk without any configuration of UT, but I can't register any remote phones! I have tried forwarding SIP/RTP in alpaca, and disabling SIP bypass, but neither (individually or collectively) has worked. Again, this worked with several SOHO routers in the past, by simply port forwarding TFTP/SIP/RTP. UT does port forward TFTP properly. Does anyone have any clues?

08-12-2008, 12:17 PM	#7 (permalink)
GregKeys Untanglit Join Date: Mar 2008 Posts: 18	I am happy to report that using sed to remove the modules and rebooting did the trick. No further SIP issues as long as my asterisk sip_nat.conf is set up correctly. Greg Keys

09-02-2008, 02:45 PM	#9 (permalink)
trans_lux Untangler Join Date: May 2008 Posts: 75	Hello this worked for me as well, was driving me crazy as I could not pinpoint the issue to save my life. I also received these errors but rebooted and all was fine.

09-02-2008, 02:52 PM	#10 (permalink)
tbelote Master Untangler Join Date: Oct 2007 Posts: 328	Those errors are expected, to confirm if it worked try "lsmod \| grep nf_nat_sip" __________________ Thomas Belote Untangle