Mention sip_direct_media=0 in FAQ 77.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-19 10:32:34 -08:00 · 2010-01-19 10:32:34 -08:00 · f731e04388
commit f731e04388
parent 6b9afd6a82
1 changed files with 51 additions and 11 deletions
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -2333,17 +2333,57 @@ etc...</programlisting>
      but I can hear them. If I plug the Asterisk server directly into the
      router, bypassing the firewall, the problem goes away.</para>

-      <para><emphasis role="bold">Answer (requires Shorewall 4.0.6 or
-      later):</emphasis> If your kernel version is 2.6.20 or
-      earlier:<programlisting>rmmod ip_nat_sip
-rmmod ip_conntrack_sip</programlisting>Then change the DONT_LOAD specification
-      in your shorewall.conf to:<programlisting>DONT_LOAD=ip_nat_sip,ip_conntrack_sip</programlisting>If
-      your kernel version is 2.6.21 or later:<programlisting>rmmod nf_nat_sip
-rmmod nf_conntrack_sip</programlisting>Then change the DONT_LOAD specification
-      in your shorewall.conf to:<programlisting>DONT_LOAD=nf_nat_sip,nf_conntrack_sip</programlisting>If
-      you are running a version of Shorewall earlier than 4.0.6, you can avoid
-      loading the sip helper modules by following the suggestions in <link
-      linkend="faq59">FAQ 59</link>.</para>
+      <para><emphasis role="bold">Answer:</emphasis> There are two things to
+      try here. Both begin with executing two <command>rmmod</command>
+      commands.</para>
+
+      <para>If your kernel version is 2.6.20 or earlier:<programlisting>rmmod ip_nat_sip
+rmmod ip_conntrack_sip</programlisting>If your kernel version is 2.6.21 or
+      later:<programlisting>rmmod nf_nat_sip
+rmmod nf_conntrack_sip</programlisting></para>
+
+      <para>The first alternative seems to work for those running recent
+      kernels (2.6.21 or later):</para>
+
+      <orderedlist>
+        <listitem>
+          <para>Copy <filename>/usr/share/shorewall/module</filename>s to
+          <filename class="directory">/etc/shorewall</filename>.</para>
+        </listitem>
+
+        <listitem>
+          <para>Edit the copy and change this line:</para>
+
+          <blockquote>
+            <para>loadmodule nf_conntrack_sip</para>
+          </blockquote>
+
+          <para>to</para>
+
+          <blockquote>
+            <para>loadmodule nf_conntrack_sip sip_direct_media=0</para>
+          </blockquote>
+        </listitem>
+
+        <listitem>
+          <para><command>shorewall restart</command></para>
+        </listitem>
+      </orderedlist>
+
+      <para>The second alternative is to not load the sip helpers:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>If you are running kernel 2.6.20 or earlier, then change the
+          DONT_LOAD specification in your shorewall.conf to:<programlisting>DONT_LOAD=ip_nat_sip,ip_conntrack_sip</programlisting></para>
+        </listitem>
+
+        <listitem>
+          <para>If you are running kernel 2.6.21 or later, then change Then
+          change the DONT_LOAD specification in your shorewall.conf
+          to:<programlisting>DONT_LOAD=nf_nat_sip,nf_conntrack_sip</programlisting></para>
+        </listitem>
+      </itemizedlist>
    </section>
  </section>