On 10 Feb 2015, at 12:22, Jose Flores Galicia wrote:> 2015-02-09 14:36 GMT-06:00 jg <webaccounts173 at jgoettgens.de>: >> Hi! >> >> Sometimes IAX peers are not reachable and with "iax2 set debug on" I >> get >> something like this >> >> Tx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX Subclass: >> PONG >> Timestamp: 00014ms SCall: 00001 DCall: 01200 79.233.155.174:49153 >> Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX >> Subclass: ACK >> Timestamp: 00014ms SCall: 01200 DCall: 00001 79.233.155.174:49153 >> >> I am not sure what causes port 4569 to be replaced an an arbitrary >> port, >> which could be the reason for my problem. Does someone know whether >> this is >> a router related problem? >> >> jgI get an occasional similar problem, we have Mikrotik firewalls and from tcpdump monitoring on the asterisk boxes I can see that the firewall (unbidden) has changed the IAX port. Usually a firewall reset and sometimes PBX reset combination fixes it. Its odd as its only one direction, occurs rarely and with no obvious driver. So IAX is happy in one direction but not the other. And I can see packets in the unhappy point arriving on the wrong port. I couldn't fix it without kicking the router/firewall so I would say its a router problem in the Destination NAT process. Cheers Duncan>> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > Hi. > > Port is changed when NAT is applied from LAN to WAN. > While UDP session is maintained as ESTABLISHED, that port should not > change. > > If your peer changes constantly of session port could be UDP session > is too short in NAT table on routers. > You can try setting qualify=1000 (which is in ms. Default is 2000), > and see if peer keeps same port. > > Regards. > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
> > > I get an occasional similar problem, we have Mikrotik firewalls and from tcpdump monitoring on > the asterisk boxes I can see that the firewall (unbidden) has changed the IAX port. Usually a > firewall reset and sometimes PBX reset combination fixes it. > > Its odd as its only one direction, occurs rarely and with no obvious driver. So IAX is happy > in one direction but not the other. And I can see packets in the unhappy point arriving on the > wrong port. > > I couldn't fix it without kicking the router/firewall so I would say its a router problem in > the Destination NAT process. > > Cheers Duncan > >> >> Port is changed when NAT is applied from LAN to WAN. >> While UDP session is maintained as ESTABLISHED, that port should not change. >> >> If your peer changes constantly of session port could be UDP session >> is too short in NAT table on routers. >> You can try setting qualify=1000 (which is in ms. Default is 2000), >> and see if peer keeps same port. >> >> Regards. >>voip-info.org also has an entry about general NAT related issues, which could be relevant here I do not seem to have problems with Netgear firewalls, but other firewalls show this effect. So far it happened only on a single side, such that calls work from the other side. I already checked the open ports with nc/ncat/netcat as UDP sender and receiver on the other end. The ports are open, even when the arbitrary ports are used by Asterisk. I'll need to read a bit more and evaluate my pcap traces and possibly ask the router vendors. Thank you for your efforts. jg
On 10 February 2015 at 09:02, jg <webaccounts173 at jgoettgens.de> wrote:> > >> >> I get an occasional similar problem, we have Mikrotik firewalls and from >> tcpdump monitoring on the asterisk boxes I can see that the firewall >> (unbidden) has changed the IAX port. Usually a firewall reset and sometimes >> PBX reset combination fixes it. >> >> Its odd as its only one direction, occurs rarely and with no obvious >> driver. So IAX is happy in one direction but not the other. And I can see >> packets in the unhappy point arriving on the wrong port. >> >> I couldn't fix it without kicking the router/firewall so I would say its >> a router problem in the Destination NAT process. >> >> Cheers Duncan >> >> >>> Port is changed when NAT is applied from LAN to WAN. >>> While UDP session is maintained as ESTABLISHED, that port should not >>> change. >>> >>> If your peer changes constantly of session port could be UDP session >>> is too short in NAT table on routers. >>> You can try setting qualify=1000 (which is in ms. Default is 2000), >>> and see if peer keeps same port. >>> >>> Regards. >>> >>> voip-info.org also has an entry about general NAT related issues, > which could be relevant here > > I do not seem to have problems with Netgear firewalls, but other firewalls > show this effect. So far it happened only on a single side, such that calls > work from the other side. I already checked the open ports with > nc/ncat/netcat as UDP sender and receiver on the other end. The ports are > open, even when the arbitrary ports are used by Asterisk. > > I'll need to read a bit more and evaluate my pcap traces and possibly ask > the router vendors. > > Thank you for your efforts. > > jg > > > > >Some firewalls have a 'consistent NAT' option that needs to be enabled, otherwise you get the symptoms described. -- Ishfaq Malik Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994 f: +44 (0)161 660 9825 e: ish at pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, Duplex 2, Ducie House 37 Ducie Street Manchester, M1 2JW COMPANY REG NO. 04920552 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150210/24e4d1de/attachment.html>