Menu
▾
▴
ipcop-devel — Development mailinglist for the IPCop project.
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(259) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(361) |
Feb
(71) |
Mar
(270) |
Apr
(164) |
May
(55) |
Jun
(218) |
Jul
(203) |
Aug
(146) |
Sep
(105) |
Oct
(70) |
Nov
(156) |
Dec
(223) |
| 2003 |
Jan
(229) |
Feb
(126) |
Mar
(461) |
Apr
(288) |
May
(203) |
Jun
(64) |
Jul
(97) |
Aug
(228) |
Sep
(384) |
Oct
(208) |
Nov
(88) |
Dec
(291) |
| 2004 |
Jan
(425) |
Feb
(382) |
Mar
(457) |
Apr
(300) |
May
(323) |
Jun
(326) |
Jul
(487) |
Aug
(458) |
Sep
(636) |
Oct
(429) |
Nov
(174) |
Dec
(288) |
| 2005 |
Jan
(242) |
Feb
(148) |
Mar
(146) |
Apr
(148) |
May
(200) |
Jun
(134) |
Jul
(120) |
Aug
(183) |
Sep
(163) |
Oct
(253) |
Nov
(248) |
Dec
(63) |
| 2006 |
Jan
(96) |
Feb
(65) |
Mar
(88) |
Apr
(172) |
May
(122) |
Jun
(111) |
Jul
(83) |
Aug
(210) |
Sep
(102) |
Oct
(37) |
Nov
(28) |
Dec
(41) |
| 2007 |
Jan
(82) |
Feb
(84) |
Mar
(218) |
Apr
(61) |
May
(66) |
Jun
(35) |
Jul
(55) |
Aug
(64) |
Sep
(20) |
Oct
(92) |
Nov
(420) |
Dec
(399) |
| 2008 |
Jan
(149) |
Feb
(72) |
Mar
(209) |
Apr
(155) |
May
(77) |
Jun
(150) |
Jul
(142) |
Aug
(99) |
Sep
(78) |
Oct
(98) |
Nov
(82) |
Dec
(25) |
| 2009 |
Jan
(38) |
Feb
(86) |
Mar
(129) |
Apr
(64) |
May
(106) |
Jun
(121) |
Jul
(149) |
Aug
(110) |
Sep
(74) |
Oct
(98) |
Nov
(83) |
Dec
(46) |
| 2010 |
Jan
(53) |
Feb
(43) |
Mar
(86) |
Apr
(185) |
May
(44) |
Jun
(58) |
Jul
(41) |
Aug
(47) |
Sep
(52) |
Oct
(49) |
Nov
(47) |
Dec
(66) |
| 2011 |
Jan
(58) |
Feb
(33) |
Mar
(37) |
Apr
(31) |
May
(8) |
Jun
(8) |
Jul
(2) |
Aug
(28) |
Sep
(75) |
Oct
(46) |
Nov
(40) |
Dec
(7) |
| 2012 |
Jan
(61) |
Feb
(32) |
Mar
(20) |
Apr
(6) |
May
(11) |
Jun
(8) |
Jul
(1) |
Aug
(16) |
Sep
(21) |
Oct
(12) |
Nov
(12) |
Dec
(1) |
| 2013 |
Jan
(15) |
Feb
(8) |
Mar
(21) |
Apr
(25) |
May
(18) |
Jun
(20) |
Jul
(21) |
Aug
|
Sep
(1) |
Oct
(9) |
Nov
(10) |
Dec
(13) |
| 2014 |
Jan
(33) |
Feb
(41) |
Mar
(10) |
Apr
(44) |
May
(3) |
Jun
|
Jul
(6) |
Aug
(2) |
Sep
(1) |
Oct
(7) |
Nov
(10) |
Dec
(12) |
| 2015 |
Jan
(1) |
Feb
(17) |
Mar
(8) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2016 |
Jan
(5) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
|
| 2017 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
(5) |
Aug
|
Sep
(1) |
Oct
(2) |
Nov
|
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
|
|
|
1
|
2
|
3
|
4
|
5
|
|
6
|
7
|
8
|
9
|
10
|
11
|
12
|
|
13
(1) |
14
|
15
(1) |
16
(2) |
17
(2) |
18
|
19
|
|
20
|
21
|
22
|
23
|
24
|
25
|
26
|
|
27
|
28
|
29
|
30
|
31
|
|
|
|
From: David W S. <da...@da...> - 2014-07-17 15:02:07
|
Olaf Westrik wrote: > On 2014-07-14 00:51, David W Studeman wrote: > > > OK, I'll include nf_conntrack_sip. > Thanks. > Alternatively use /etc/modprobe.d/local.conf for any required options. Makes sense since it is really there for options unique to that installation. -- Dave Studeman http://www.raqcop.com |
|
From: Olaf W. <wei...@ip...> - 2014-07-17 07:00:37
|
On 2014-07-14 00:51, David W Studeman wrote: OK, I'll include nf_conntrack_sip. > To use the options, probably a file called nf_conntrack_sip.conf could > be added to /etc/modprobe.d. The entries would look like options > nf_conntrack_sip [options]. For example, options nf_conntrack_sip > ports=5060,5070,5080 sip_direct_signalling=0 sip_direct_media=0. For > default values obviously no options are needed. Alternatively use /etc/modprobe.d/local.conf for any required options. Olaf |
|
From: David W S. <da...@da...> - 2014-07-16 22:43:30
|
On 7/16/2014 7:23 AM, Administrator wrote: > On Mon, 2014-07-14 at 20:46 -0700, David W Studeman wrote: >> On 7/13/2014 4:44 PM, Jack Beglinger wrote: >> > David - >> > >> > Could adding a configuration page better? So SIP can turned on/off as >> > needed. And the ports could be changed that way also. >> > >> > jackb >> > >> It could if anyone has the time, desire and skill to do it. It isn't >> something that needs to be changed often. In any case, it would need to >> be loaded when the other nf modules are loaded namely in rc.net. >> > If you would like to make the UI addition possible, you'd need to create > a config file and a start/stop/reload script that could be used by the > UI to effect the changes. > > David > Scripts like that are for services, not to reload a single kernel module and the script that it should be in already exists as rc.net which starts all the netfilter modules. Unloading and reloading the individual module should not even occur frequently enough to warrant much fuss and likely not at all. nf_nat_sip should never be loaded as it is nothing but trouble and nf_conntrack_sip would cover the majority of people using VOIP with it's default parameters since port 5060 will almost always be used and you will almost always be doing sip signaling as well as rtp through the server of your provider. A relative of SIP's, h323, already has it's modules loaded by rc.net even though nf_conntrack_h323 also has parameters that can be set in a modules.conf file just like nf_conntrack_sip does but most people would need nothing but have it loaded invibly as nf_conntrack_h323 already is. I've never heard anyone complain about needing to tweak nf_conntrack_h323 module loading options so that their net meeting will work correctly. If it were to make it into the gui, it would only need a tiny space of an existing page such as Firewall Settings and in advanced mode only at that. The cgi itself could easily handle unloading and reloading a module when changes are saved. The config file in any case would go in /etc/modprobe.d. The original question is whether it (nf_conntrack_sip) should be loaded by default. I think it should be but it's not my call. If not, I can easily have it loaded in my own individual installation in either /etc/modules (would it load too soon?) or rc.event.local. It would need to be loaded after rc.net if outside of that since rc.net loads the base nf_conntrack module which is needed by nf_conntrack_sip. -- Dave Studeman http://www.raqcop.com |
|
From: Administrator <ad...@di...> - 2014-07-16 14:23:30
|
On Mon, 2014-07-14 at 20:46 -0700, David W Studeman wrote: > On 7/13/2014 4:44 PM, Jack Beglinger wrote: > > David - > > > > Could adding a configuration page better? So SIP can turned on/off as > > needed. And the ports could be changed that way also. > > > > jackb > > > It could if anyone has the time, desire and skill to do it. It isn't > something that needs to be changed often. In any case, it would need to > be loaded when the other nf modules are loaded namely in rc.net. > If you would like to make the UI addition possible, you'd need to create a config file and a start/stop/reload script that could be used by the UI to effect the changes. David |
|
From: David W S. <da...@da...> - 2014-07-15 04:05:51
|
On 7/13/2014 4:44 PM, Jack Beglinger wrote: > David - > > Could adding a configuration page better? So SIP can turned on/off as > needed. And the ports could be changed that way also. > > jackb > It could if anyone has the time, desire and skill to do it. It isn't something that needs to be changed often. In any case, it would need to be loaded when the other nf modules are loaded namely in rc.net. -- Dave Studeman http://www.raqcop.com |
|
From: David W S. <da...@da...> - 2014-07-13 22:51:51
|
IPCop contains two kernel modules related to sip of which neither are loaded automatically. The modules are nf_nat_sip (SIP ALG) and nf_conntrack_sip. The module nf_nat_sip needs nf_conntrack_sip but not the other way around. The module nf_nat_sip should not be loaded automatically, might not hurt to blacklist it as it is considered evil, broken etc. In VOIP forums, many problems are alleviated by turning off SIP ALG in commercial firewalls which unloads this module. I think it is only suited to firewalls which have the ATA built in if even then. I noticed rc.net loads the h.323 modules which are used for non sip audiovisual communications which is related to VOIP but used for virtual meetings and such. Without nf_conntrack_sip and it's default settings, IPCop keeps port 5060 (default port in nf_conntrack_sip) connections initiated from the sip client open for only three minutes or so. With many providers this is not a problem. I have one that expects at least 500 seconds plus. The default time for the nf_conntrack_sip module is 3600 seconds. Loading only this module works nicely. My IP Phone does not have any real way to work around this. This link provides more information than most about what this module does. https://wiki.freeswitch.org/wiki/Firewall To use the options, probably a file called nf_conntrack_sip.conf could be added to /etc/modprobe.d. The entries would look like options nf_conntrack_sip [options]. For example, options nf_conntrack_sip ports=5060,5070,5080 sip_direct_signalling=0 sip_direct_media=0. For default values obviously no options are needed. The options that can be used are: sip_direct_signalling= Expect incoming calls from registrar only 1 is the default, 0 will disable it. sip_direct_media= Expect Media streams between signalling endpoints only, default is 1, 0 will disable it, this is for RTP, direct media would need 0. sip_timeout= Timeout for the master SIP session, default is 3600, any integer will override the default value of 3600 seconds. ports= Port numbers of SIP servers, default is 5060, List of up to 8 port numbers (comma-separated) eg. 5060,5070,5080. It should be noted that if you use tls encrypted sip signaling which is usually port 5061, this module will do nothing. Also, invalid sip packets will be silently dropped by iptables such as lack of CSeq headers. I do not know if Asterisk ever has this problem. -- Dave Studeman http://www.raqcop.com |