Hello, this proves again my theory that best options one could get for contrack and selinux is to disable them completely ...
Anyhow, great that you reported back, I am sure it will help others over the time. Cheers, Daniel On 11/03/16 14:49, Sebastian Damm wrote: > Hi, > > just to resolve this thread, we found the reason for the problem. It > occurs, when we try sending out packets to a customer, which look > identical to netfilter, at roughly the same time. Those could be for > example forked calls to two extensions registered on the same device > (a FRITZ Box for example). Then netfilter tries to insert the same > packet into its conntrack table twice, causing a collision, leading to > a rejection of one of the packets. > > We played around with different kernels, without success. The errors > kept on coming as long as the nf_conntrack module was loaded, even if > there was no iptables rule using it. > > The only solution right now seems to be a stateless firewall and > unloading the module. > > Best Regards, > Sebastian > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
