| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Nov 2009 11:55:51 -0600 (CST) From: Christoph Lameter <cl@...ux-foundation.org> To: Patrick McHardy <kaber@...sh.net> cc: Christian Hentschel <chentschel@...et.com.ar>, netdev@...r.kernel.org Subject: Re: SIP proxying: siproxd vs. Netfilter SIP nat On Mon, 30 Nov 2009, Patrick McHardy wrote: > No, this is deliberate since it diverges from the behaviour of other > helpers. Usually they only allow to create RELATED connections between > the two hosts communicating. If you set either of these module options > to zero, they will allow completely foreign addresses to establish > connections when those addresses appear in the SDP payload. You should > usually use additional filters to f.i. only allow source addresses of > your registrar: > > iptables -A FORWARD -m state --state RELATED \ > -m helper --helper "sip" \ > -s registrar-network/X -j ACCEPT Please put documentation with all these tricks somewhere where people looking for SIP NAT can find it. I see multiple threads where people have struggled with setting up SIP proxying and have failed. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists