From f731e04388b4f620475e8e83fd693f0392b14df3 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 19 Jan 2010 10:32:34 -0800
Subject: [PATCH] Mention sip_direct_media=0 in FAQ 77.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/FAQ.xml | 62 ++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 51 insertions(+), 11 deletions(-)

diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 2528f222c..11de6e16e 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -2333,17 +2333,57 @@ etc...</programlisting>
       but I can hear them. If I plug the Asterisk server directly into the
       router, bypassing the firewall, the problem goes away.</para>
 
-      <para><emphasis role="bold">Answer (requires Shorewall 4.0.6 or
-      later):</emphasis> If your kernel version is 2.6.20 or
-      earlier:<programlisting>rmmod ip_nat_sip
-rmmod ip_conntrack_sip</programlisting>Then change the DONT_LOAD specification
-      in your shorewall.conf to:<programlisting>DONT_LOAD=ip_nat_sip,ip_conntrack_sip</programlisting>If
-      your kernel version is 2.6.21 or later:<programlisting>rmmod nf_nat_sip
-rmmod nf_conntrack_sip</programlisting>Then change the DONT_LOAD specification
-      in your shorewall.conf to:<programlisting>DONT_LOAD=nf_nat_sip,nf_conntrack_sip</programlisting>If
-      you are running a version of Shorewall earlier than 4.0.6, you can avoid
-      loading the sip helper modules by following the suggestions in <link
-      linkend="faq59">FAQ 59</link>.</para>
+      <para><emphasis role="bold">Answer:</emphasis> There are two things to
+      try here. Both begin with executing two <command>rmmod</command>
+      commands.</para>
+
+      <para>If your kernel version is 2.6.20 or earlier:<programlisting>rmmod ip_nat_sip
+rmmod ip_conntrack_sip</programlisting>If your kernel version is 2.6.21 or
+      later:<programlisting>rmmod nf_nat_sip
+rmmod nf_conntrack_sip</programlisting></para>
+
+      <para>The first alternative seems to work for those running recent
+      kernels (2.6.21 or later):</para>
+
+      <orderedlist>
+        <listitem>
+          <para>Copy <filename>/usr/share/shorewall/module</filename>s to
+          <filename class="directory">/etc/shorewall</filename>.</para>
+        </listitem>
+
+        <listitem>
+          <para>Edit the copy and change this line:</para>
+
+          <blockquote>
+            <para>loadmodule nf_conntrack_sip</para>
+          </blockquote>
+
+          <para>to</para>
+
+          <blockquote>
+            <para>loadmodule nf_conntrack_sip sip_direct_media=0</para>
+          </blockquote>
+        </listitem>
+
+        <listitem>
+          <para><command>shorewall restart</command></para>
+        </listitem>
+      </orderedlist>
+
+      <para>The second alternative is to not load the sip helpers:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>If you are running kernel 2.6.20 or earlier, then change the
+          DONT_LOAD specification in your shorewall.conf to:<programlisting>DONT_LOAD=ip_nat_sip,ip_conntrack_sip</programlisting></para>
+        </listitem>
+
+        <listitem>
+          <para>If you are running kernel 2.6.21 or later, then change Then
+          change the DONT_LOAD specification in your shorewall.conf
+          to:<programlisting>DONT_LOAD=nf_nat_sip,nf_conntrack_sip</programlisting></para>
+        </listitem>
+      </itemizedlist>
     </section>
   </section>