Firewall/NAT

Hi,

I wonder if you can help me.  I am new to Monowall and have it set up in a test environment where I want to use it traffic shaping ability.  I have it all up and running but I can't seem to make it pass my phone voice traffic (UDP traffic) from LAN side through to WAN side.  This traffic is dropped even though I have an "any --> any" rule allowing all traffic out.  I have tried various configs to get over this but it won't permit the traffic.  This issue manifests itself as one way voice traffic where I can hear the voice in one direction but not in the direction where its being dropped by the FW.  

Anyone have any suggestions?

Thanks a Lot

RK


Just to add, I have set the log to show more info and what I see on the log for the dropped packets is b for Blocked and BAD as if its a bad packet!

15:05:45.121583 35x bge0 @100:4 b 10.50.98.102,23096 -> 10.80.121.150,19212 PR udp len 20 200 K-S K-F IN bad
 
For a Rule that I set up to test the logging and get a packet to drop I get a Blcok flag but nto a bad packet:-

15:07:07.999641 bge0 @100:2 b 10.50.98.50 -> 10.80.105.50 PR icmp len 20 60 icmp echo/0 IN
    
Hope this triggers someones memory.  Not sure why the Voice packets get flagged bad and I can get a standard non voice UDP to pass through ok.

Any ideas?

Ok I ended up giving up with Monowall and found WanBridge which served my packet shaping needs and didn't block my packets.

I'm encountering basically the same issue with m0n0 logging "bad NAT" for RTP traffic over UDP 10000 - 10051.  I've tried allowing fragmented packets, different physical NICs and I'm using a very vanilla configuration (static WAN, just one LAN interface).

Sep 13 22:18:01 m0n0wall ipmon[122]: 22:18:00.793775 bge0 @200:1 b 209.XXX.XXX.60,17375 -> 192.168.0.12,10025 PR udp len 20 116 IN bad NAT
Sep 13 22:18:01 m0n0wall ipmon[122]: 22:18:00.811888 22x bge0 @200:1 b 209.XXX.XXX.60,17374 -> 192.168.0.12,10024 PR udp len 20 200 IN bad NAT

I'm really confused how other people aren't experiencing this issue.