Christoph Lameter wrote:

On Mon, 30 Nov 2009, Patrick McHardy wrote:

quoted

quoted

Where do I find more recent documentation?

Below :)

I found http://lwn.net/Articles/271597/ which mentions that those two
values may be set too strictly. Can they default to zero?

No, this is deliberate since it diverges from the behaviour of other
helpers. Usually they only allow to create RELATED connections between
the two hosts communicating. If you set either of these module options
to zero, they will allow completely foreign addresses to establish
connections when those addresses appear in the SDP payload. You should
usually use additional filters to f.i. only allow source addresses of
your registrar:

iptables -A FORWARD -m state --state RELATED \
		    -m helper --helper "sip" \
		    -s registrar-network/X -j ACCEPT

quoted

You of course also need to accept the packets marked RELATED by
the helper. If this is missing it might result in one-way audio.

Firewall is configured to accept all udp traffic. Will that do it?

That should be fine, but you can restrict it to just accept
-m state --state RELATED packets.

The "helper" is the conntrack module?

Yes.