Mailing List Archive: Change ip_conntrack

Change ip_conntrack_sip default port

Aug 23, 2007, 8:30 AM

Post #1 of 5 (5418 views)

Hi,

I tried to change the default port of sip_contrack and h323_conntrack in iptables. The problem is those conntrack are "hard compiled" in the kernel (not as module if not the command "modprobe ip_conntrack_sip port=xxxx" is the solution).

I would like to know if its possible to change this port (without change kernel) when the conntrack is "hard compiled" and especially where? (file or sysctl.conf etc... I didn't find)

By advance thank you for your assistance.

.VECTEN Sébastien

To: netfilter@lists.netfilter.org
netfilter-failover@lists.netfilter.org

Re: Change ip_conntrack_sip default port [ In reply to ]

banguerski+nfdev at gmail

Aug 23, 2007, 9:29 AM

Post #2 of 5 (5295 views)

Permalink

Hi Sébastien

There is a match module that may do what you want:
"-m helper" with --helper argument that in wour case sould be
"sip-xxxx" I believe

I came across this in the iptables manual but never tested. Please let
me know if it works for You.

Best regards
Michel

2007/8/23, Sebastien VECTEN <svecten@aressi.fr>:
> Hi,
>
> I tried to change the default port of sip_contrack and h323_conntrack in iptables. The problem is those conntrack are "hard compiled" in the kernel (not as module if not the command "modprobe ip_conntrack_sip port=xxxx" is the solution).
>
> I would like to know if its possible to change this port (without change kernel) when the conntrack is "hard compiled" and especially where? (file or sysctl.conf etc... I didn't find)
>
> By advance thank you for your assistance.
>
>
> .VECTEN Sébastien
>
>
> To: netfilter@lists.netfilter.org
> netfilter-failover@lists.netfilter.org
>
>
>
>
>

Re: Change ip_conntrack_sip default port [ In reply to ]

pascal.mail at plouf

Aug 23, 2007, 11:30 AM

Post #3 of 5 (5294 views)

Permalink

Hello,

Sebastien VECTEN a écrit :
>
> I tried to change the default port of sip_contrack and h323_conntrack
> in iptables. The problem is those conntrack are "hard compiled" in the
> kernel (not as module if not the command "modprobe ip_conntrack_sip
> port=xxxx" is the solution).
>
> I would like to know if its possible to change this port (without
> change kernel) when the conntrack is "hard compiled" and especially
> where?

In the bootloader (lilo, grub...) configuration file.

From linux-2.6.x/Documentation/kernel-parameters.txt :

Module parameters for loadable modules are specified only as the
parameter name with optional '=' and value as appropriate, such as:

modprobe usbcore blinkenlights=1

Module parameters for modules that are built into the kernel image
are specified on the kernel command line with the module name plus
'.' plus parameter name, with '=' and value if appropriate, such as:

usbcore.blinkenlights=1

Re: Change ip_conntrack_sip default port [ In reply to ]

svecten at aressi

Aug 26, 2007, 11:51 PM

Post #4 of 5 (5285 views)

Permalink

Hi,

Thank you for your response, the good solution is the helper module to change the defaut port.

-m helper --helper sip-5068 in a rule.

Thanks.

VECTEN Sébastien

To: netfilter@lists.netfilter.org
Cc: netfilter-failover@lists.netfilter.org

Re: Change ip_conntrack_sip default port [ In reply to ]

kadlec at blackhole

Aug 27, 2007, 12:52 AM

Post #5 of 5 (5287 views)

Permalink

On Mon, 27 Aug 2007, Sebastien VECTEN wrote:

> Thank you for your response, the good solution is the helper module to
> change the defaut port.
>
> -m helper --helper sip-5068 in a rule.

That is absolutely false: that is a *match*, which cannot do whatsoever
with the ports of the helpers.

The SIP helper supports to specify the ports to listen to:

# modprobe ip_conntrack_sip ports=5060[,up to 8 ports]

Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary