Re: [asterisk-users] Asterisk 13.13.1

Mon, 30 Jan 2017 10:59:26 -0800 

CentOS 7 uses firewalld to control TCP amd UDP access.
The iptables configuration will be overwritten and dynamically changed by Firewalld so don't count on the old practice of manipulating iptables directly.
I recently moved our Asterisk from an old CentOS to CentOS 7 running FreePBX 14.0.1.beta2. 

You can add a firewalld service yp /etc/firewalld/services like mine.
[root@firewall0 services]# cat Asterisk.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>asterisk</short>
  <description>Asterisk PBX</description>
  <port protocol="udp" port="10000-10100"/>
  <port protocol="tcp" port="8003"/>
  <port protocol="udp" port="4569"/>
  <port protocol="tcp" port="8088"/>
  <port protocol="udp" port="5060-5061"/>
</service>

You then permit this service in your interface (zones) as a service
 <service name="Asterisk"/>
I also added a rule to get some logging on the Asterisk ports while getting things up and running. 
  <rule>
    <service name="Asterisk"/>
    <log level="warning"/>
    <accept/>
  </rule>
  <rule>


I did this all on my exterior firewall which is also a CentOS 7 system.
On the Asterisk server, I do not block anything which is not a best practice but the entire internal network is very small and I consider it to be secure.
You (and I) should control the interface using Firewalld with the same service and zone specifications. 





On 30/01/2017 12:13 PM, Motty Cruz wrote:

I thought it was a firewall issues. I disabled IP Tables & Selinux, but the
problem persist! I have not made changes on our firewall since the upgrade!

-----Original Message-----
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Doug Lytle
Sent: Monday, January 30, 2017 9:05 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk 13.13.1


On Jan 30, 2017, at 11:55 AM, Motty Cruz motty.c...@gmail.com wrote:
Fresh installed CentOS 7.3 and Asterisk 13.13.1. Download Asterisk from

here:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar
.gz


I continue to see errors like this:
[2017-01-30 08:37:17] WARNING[2332]: chan_sip.c:4061 retrans_pkt:

Retransmission timeout reached on transmission
56849706-ba96a6d9-817305d0@192.168.125.173 for seqno 109 (Critical Request)
-- See >>> >>>

Firewall?

Doug




--
Ron Wheeler
President
Artifact Software Inc
email: rwhee...@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102


--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
     https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to