Hi Tom,
No sign of anything netfilters related in syslog or other log files - maybe
there is a log setting I am missing? I did run a trace and got the
following (repeated frequently):
Apr 28 20:20:06 voyage3 kernel: [264672.580371] TRACE:
raw:PREROUTING:policy:13 IN=vlan1 OUT=
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=10.1.0.252
LEN=411 TOS=0x00 PREC=0x60 TTL=64 ID=51087 PROTO=UDP SPT=5060 DPT=5060
LEN=391
Apr 28 20:20:06 voyage3 kernel: [264672.580399] TRACE:
mangle:PREROUTING:policy:1 IN=vlan1 OUT=
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=10.1.0.252
LEN=411 TOS=0x00 PREC=0x60 TTL=64 ID=51087 PROTO=UDP SPT=5060 DPT=5060
LEN=391
Apr 28 20:20:06 voyage3 kernel: [264672.580423] TRACE:
mangle:FORWARD:rule:1 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087 PROTO=UDP SPT=5060 DPT=5060
LEN=391
Apr 28 20:20:06 voyage3 kernel: [264672.580436] TRACE:
mangle:FORWARD:policy:2 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087 PROTO=UDP SPT=5060 DPT=5060
LEN=391
Apr 28 20:20:06 voyage3 kernel: [264672.580448] TRACE:
filter:FORWARD:rule:1 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087 PROTO=UDP SPT=5060 DPT=5060
LEN=391
Apr 28 20:20:06 voyage3 kernel: [264672.580463] TRACE:
filter:clean_frwd:rule:1 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087 PROTO=UDP SPT=5060 DPT=5060
LEN=391
Apr 28 20:20:06 voyage3 kernel: [264672.580477] TRACE:
filter:dynamic:return:1 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087 PROTO=UDP SPT=5060 DPT=5060
LEN=391
Apr 28 20:20:06 voyage3 kernel: [264672.580490] TRACE:
filter:clean_frwd:rule:5 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087 PROTO=UDP SPT=5060 DPT=5060
LEN=391
Apr 28 20:20:06 voyage3 kernel: [264672.580499] TRACE:
mangle:POSTROUTING:policy:1 IN= OUT=wlan1 SRC=10.1.0.3 DST=192.168.1.35
LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087 PROTO=UDP SPT=5060 DPT=5060
LEN=391
Is that any help, or are there other diagnostics I should run?
On Sat, Apr 28, 2018 at 5:56 PM, Tom Eastep <teas...@shorewall.net> wrote:
> On 04/28/2018 12:24 AM, Norman Henderson wrote:
> > Thanks again. Attached are 2 dump files. The first, last night wasn't
> > immediately after a reboot but it was at a point when the UDP NAT was
> > working correctly. By this morning UDP NAT was no longer working and I
> > took the second dump.
> > Best, Norm
> Norm,
>
> The rulesets in the two dumps are identical. I see the following
> conntrack table entry, however:
>
> udp 17 3599 src=10.1.0.3 dst=10.1.0.252 sport=5060 dport=5060
> [UNREPLIED] src=192.168.1.35 dst=10.1.0.3 sport=5060 dport=5060 mark=0
> helper=sip use=1
>
> This is an attempt to connect from 10.1.0.3 to 10.1.0.252 which get
> correctly forwarded to 192.168.1.35. The source IP, however, has not
> been changed, just as you report. The next thing to do would be to
> review the syslog between the times of the two dumps to see if there are
> any netfilter-related messages.
>
> -Tom
>
> --
> Tom Eastep \ Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \ understand
> \_______________________________________________
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
