Dear All: I have several boxes that up and running just great, then we changed internet equipment due to a lightning strike, now all my inbound IAX connections (iax2 show peers) have unknown status. If I log into the remote boxes, it says "Request sent." The authentications haven't changed at all, and all the iax.conf settings are correct. It looks like a firewall issue, but we've got 4569 TCP & UDP forwarded to our Asterisk box. When I use Shields up from GRC.com to test the port, it is showing up as "closed" rather than open, which normally means the port is open, but the service is not running, yet Asterisk is up and running just fine, and my outbound connections to Voicepulse work fine. I see voicepulse, voicepulse sees me. There is something I am not seeing here. Any thoughts? -Michael
what if your internet provider is blocking inbound 4569 ? -- On 7/26/07, Michael Munger wrote:> Dear All: > > I have several boxes that up and running just great, then we changed > internet equipment due to a lightning strike, now all my inbound IAX > connections (iax2 show peers) have unknown status. If I log into the > remote boxes, it says "Request sent." > > The authentications haven't changed at all, and all the iax.conf > settings are correct. It looks like a firewall issue, but we've got 4569 > TCP & UDP forwarded to our Asterisk box. When I use Shields up from > GRC.com to test the port, it is showing up as "closed" rather than open, > which normally means the port is open, but the service is not running, > yet Asterisk is up and running just fine, and my outbound connections to > Voicepulse work fine. I see voicepulse, voicepulse sees me. > > There is something I am not seeing here. Any thoughts? > > -Michael > > _______________________________________________
Not likely.
#1, I have a public IP on that firewall.
#2. If I block 4569 at our firewall, then it goes from closed to
stealth. If I forward the port, it goes from stealth to closed.
The iaxping tool (http://www.bpvn.com/asterisk/iaxping.zip) has no
problems pinging the box from the lan, and our test machine can make an
IAX connection to the box. From outside the network, however, it times
out.
It has to be a NAT problem, but forwarding doesn't appear to be working.
Yours,
Michael Munger, dCAP
404-438-2128
michael at highpoweredhelp.com
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Baji
Panchumarti
Sent: Thursday, July 26, 2007 10:06 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] IAX connections broken
what if your internet provider is blocking inbound 4569 ?
--
On 7/26/07, Michael Munger wrote:
> Dear All:
>
> I have several boxes that up and running just great, then we changed
> internet equipment due to a lightning strike, now all my inbound IAX
> connections (iax2 show peers) have unknown status. If I log into the
> remote boxes, it says "Request sent."
>
> The authentications haven't changed at all, and all the iax.conf
> settings are correct. It looks like a firewall issue, but we've got
4569> TCP & UDP forwarded to our Asterisk box. When I use Shields up from
> GRC.com to test the port, it is showing up as "closed" rather
than
open,> which normally means the port is open, but the service is not running,
> yet Asterisk is up and running just fine, and my outbound connections
to> Voicepulse work fine. I see voicepulse, voicepulse sees me.
>
> There is something I am not seeing here. Any thoughts?
>
> -Michael
>
> _______________________________________________
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Are sites listed by IP or DN. If IP, dumb question but did it change? If DN,
can you resolve it from the respective boxea?
Dave Bour
Desktop Solution Center
905.381.0077
dcbour at desktopsolutioncenter.ca
For those who just want it to work...
Giving you complete IT peace of mind.
(Sent via Blackberry - hence message may be shorter than my usual verbose
responses)
PIN 4cc364db (as of March 24, 2007)
----- Original Message -----
From: asterisk-users-bounces at lists.digium.com <asterisk-users-bounces at
lists.digium.com>
To: Baji.Panchumarti at gmail.com <Baji.Panchumarti at gmail.com>;
Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users at
lists.digium.com>
Sent: Thu Jul 26 10:17:23 2007
Subject: Re: [asterisk-users] IAX connections broken
Not likely.
#1, I have a public IP on that firewall.
#2. If I block 4569 at our firewall, then it goes from closed to
stealth. If I forward the port, it goes from stealth to closed.
The iaxping tool (http://www.bpvn.com/asterisk/iaxping.zip) has no
problems pinging the box from the lan, and our test machine can make an
IAX connection to the box. From outside the network, however, it times
out.
It has to be a NAT problem, but forwarding doesn't appear to be working.
Yours,
Michael Munger, dCAP
404-438-2128
michael at highpoweredhelp.com
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Baji
Panchumarti
Sent: Thursday, July 26, 2007 10:06 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] IAX connections broken
what if your internet provider is blocking inbound 4569 ?
--
On 7/26/07, Michael Munger wrote:
> Dear All:
>
> I have several boxes that up and running just great, then we changed
> internet equipment due to a lightning strike, now all my inbound IAX
> connections (iax2 show peers) have unknown status. If I log into the
> remote boxes, it says "Request sent."
>
> The authentications haven't changed at all, and all the iax.conf
> settings are correct. It looks like a firewall issue, but we've got
4569> TCP & UDP forwarded to our Asterisk box. When I use Shields up from
> GRC.com to test the port, it is showing up as "closed" rather
than
open,> which normally means the port is open, but the service is not running,
> yet Asterisk is up and running just fine, and my outbound connections
to> Voicepulse work fine. I see voicepulse, voicepulse sees me.
>
> There is something I am not seeing here. Any thoughts?
>
> -Michael
>
> _______________________________________________
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20070726/3918098f/attachment.htm
It did change, which is what caused this problem in the first place, but
all the updates have been applied, propagated, and are working....well,
with the exception of this one.
Does anyone know what the iptables command would be to forward these IAX
packets to a specific LAN ip?
Michael Munger
High Powered Help, Inc
michael at highpoweredhelp.com
404-438-2128 x 101
________________________________
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Dave Bour
Sent: Thursday, July 26, 2007 12:29 PM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] IAX connections broken
Are sites listed by IP or DN. If IP, dumb question but did it change?
If DN, can you resolve it from the respective boxea?
Dave Bour
Desktop Solution Center
905.381.0077
dcbour at desktopsolutioncenter.ca
For those who just want it to work...
Giving you complete IT peace of mind.
(Sent via Blackberry - hence message may be shorter than my usual
verbose responses)
PIN 4cc364db (as of March 24, 2007)
----- Original Message -----
From: asterisk-users-bounces at lists.digium.com
<asterisk-users-bounces at lists.digium.com>
To: Baji.Panchumarti at gmail.com <Baji.Panchumarti at gmail.com>;
Asterisk
Users Mailing List - Non-Commercial Discussion
<asterisk-users at lists.digium.com>
Sent: Thu Jul 26 10:17:23 2007
Subject: Re: [asterisk-users] IAX connections broken
Not likely.
#1, I have a public IP on that firewall.
#2. If I block 4569 at our firewall, then it goes from closed to
stealth. If I forward the port, it goes from stealth to closed.
The iaxping tool (http://www.bpvn.com/asterisk/iaxping.zip) has no
problems pinging the box from the lan, and our test machine can make an
IAX connection to the box. From outside the network, however, it times
out.
It has to be a NAT problem, but forwarding doesn't appear to be working.
Yours,
Michael Munger, dCAP
404-438-2128
michael at highpoweredhelp.com
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Baji
Panchumarti
Sent: Thursday, July 26, 2007 10:06 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] IAX connections broken
what if your internet provider is blocking inbound 4569 ?
--
On 7/26/07, Michael Munger wrote:
> Dear All:
>
> I have several boxes that up and running just great, then we changed
> internet equipment due to a lightning strike, now all my inbound IAX
> connections (iax2 show peers) have unknown status. If I log into the
> remote boxes, it says "Request sent."
>
> The authentications haven't changed at all, and all the iax.conf
> settings are correct. It looks like a firewall issue, but we've got
4569> TCP & UDP forwarded to our Asterisk box. When I use Shields up from
> GRC.com to test the port, it is showing up as "closed" rather
than
open,> which normally means the port is open, but the service is not running,
> yet Asterisk is up and running just fine, and my outbound connections
to> Voicepulse work fine. I see voicepulse, voicepulse sees me.
>
> There is something I am not seeing here. Any thoughts?
>
> -Michael
>
> _______________________________________________
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20070727/ebdbb8ed/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Michael Munger.vcf
Type: text/x-vcard
Size: 314 bytes
Desc: Michael Munger.vcf
Url :
http://lists.digium.com/pipermail/asterisk-users/attachments/20070727/ebdbb8ed/attachment.vcf
On 7/27/07, Michael Munger <michael at highpoweredhelp.com> wrote:> > It did change, which is what caused this problem in the first place, but > all the updates have been applied, propagated, and are working?.well, with > the exception of this one. > > > > Does anyone know what the iptables command would be to forward these IAX > packets to a specific LAN ip? >Your connection to voicepulse works because it does not need inbound access. Are you sure your firewall is passing UDP? Check your IP addresses. If you can access it from inside iyour LAN it certainly is your router. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070728/0395314a/attachment.htm
I agree it is the NAT in the router. Does anyone know what the ip tables command would be to pass IAX to an Asterisk box on the LAN? Michael Munger High Powered Help, Inc michael at highpoweredhelp.com 404-438-2128 x 101 ________________________________ From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Andrew Joakimsen Sent: Saturday, July 28, 2007 12:27 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] IAX connections broken On 7/27/07, Michael Munger <michael at highpoweredhelp.com> wrote: It did change, which is what caused this problem in the first place, but all the updates have been applied, propagated, and are working....well, with the exception of this one. Does anyone know what the iptables command would be to forward these IAX packets to a specific LAN ip? Your connection to voicepulse works because it does not need inbound access. Are you sure your firewall is passing UDP? Check your IP addresses. If you can access it from inside iyour LAN it certainly is your router. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070728/f31f9cbc/attachment.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Michael Munger.vcf Type: text/x-vcard Size: 314 bytes Desc: Michael Munger.vcf Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20070728/f31f9cbc/attachment.vcf
Michael Munger wrote:> I agree it is the NAT in the router. > > > > Does anyone know what the ip tables command would be to pass IAX to an > Asterisk box on the LAN? >It depends a lot on what your current setup is, but something akin to: iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 4569 -j DNAT --to <ip-of-asterisk-box>:4569 should work, assuming you have the relevant parts compiled in.
Just so people on the list can search later: I found the solution: The smoothwall we have as our firewall / router needed to be reset. It went haywire and wasn't forwarding anything after about the 5th entry. I deleted everything out of the web interface for port forwarding, confirmed it went bye bye by ssh'ing into the box and actually looking at the files, restarted it, re-added the ports, and VIOIA! IAX works once again. What a pain in the asset. Yours, Michael Munger, dCAP 404-438-2128 michael at highpoweredhelp.com -----Original Message----- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Baji Panchumarti Sent: Monday, July 30, 2007 11:48 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] IAX connections broken On 7/30/07, Jared Smith wrote:> Just for your information, IAX traffic is UDP, not TCP. I justthought> I'd bring that up so that someone didn't mistakenly open up their > firewall for TCP traffic instead of UDP traffic and wonder why IAX > traffic wasn't making it through.Amen ! I had changed my router, the calls via my DID were working fine, but I just COULD NOT get either of my soft phones to connect. I looked at the contexts, nothing. The * console was not dead as ever. I check the port forwarding and Bingo ! only TCP was being forwarded. Aaaahhhhh ! -- _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users