On 02/03/2023 22.13, [EXT] Tim Bowyer wrote:
I’m having the same issue but believe it’s related to my network topology.
I have multiple carrier-facing NIC’s and an internal NIC on each media
proxy.
Is this configuration supported?
This should work fine as long as it's "just" normal IP routing and
doesn't involve network namespaces or cgroups or things like that.
(Source-based routing should work, but other policy routing options
might not.)
[root(a)per01-mtp01.dev.xyz blah]# cat /proc/rtpengine/0/list
local inet4 203.x.x.x:40000
stats: 350880 bytes, 2040
packets, 0 errors
RTP payload type 0: 0 bytes, 0
packets
RTP payload type 8: 350880 bytes, 2040
packets
SSRC in: 65aa31af
output #0
src inet4 10.y.y.y:40000
dst inet4 203.x.x.x:39302
This looks like the kernel module is receiving packets just fine and is
sending them out (or trying to). It should work as long as the kernel is
able to route packets from the 10.x address to the 203.x address.
I was also looking to find some config to make this working using
firewalld rules, fishing through the Sipwise repos I stumbled across
some firewalld rules as part of their automated builds but didn’t have
any luck with them
If somebody had some rules I could try would be much appreciated!
There's two things here. One is the necessary "-j RTPENGINE" iptables
rule, which is needed to pass the packets to the kernel module to
process. The bundled systemd startup scripts are in charge of adding and
removing that. However, if you have separate firewall scripts which may
override or remove this rule in some way, then this needs to be taken
into account, so you don't lose this rule. But from your /proc output
it's obvious that this rule is in place.
The other thing is that rtpengine is able to manage firewall rules for
individual ports directly, opening and closing the firewall rules as
individual ports are opened and closed. This is entirely optional, and
needs to be enabled explicitly, and is in fact not recommended usage.
Cheers