[Astlinux-users] Help with firewall (maybe)

Tom Chadwin Wed, 21 Oct 2009 06:52:39 -0700

Hello

I have a net5501 running 0.6.7 geni586. Installed is a Berofix card
with BRI daughterboard. This card interfaces with its host via the
8139too driver. It therefore behaves like a PCI NIC, and communication
with it is via SIP. Its "internal" IP address is 10.0.0.2. I have
assigned its "external" IP address (the one facing the host net5501)
as 10.0.0.1. This is the problem I have:


To begin with everything works fine. Then after a while, incoming
calls on the BRI fail. They get as far as the Berofix, but they seem
not to get to Asterisk. The strange thing is that, if I then make an
outgoing call to the BRI, incoming calls then work for a while. After
that, they fail again, and so on.

Although I have a support ticket open with Beronet, I thought it would
be wise to ask if there might be anything which will need configuring
in Arno's firewall to make sure this can work.

What I currently have is this, which, to be honest, is a bit of an
accretion of things over the past week or so to get it to work (eth0
is LAN, eth1 is DSL WAN, eth4 is Berofix):

rothburypbx ~ # cat /mnt/kd/rc.elocal
modprobe 8139too
ifconfig eth4 10.0.0.1 netmask 255.255.255.0 up
echo 1 > /proc/sys/net/ipv4/ip_forward
ip route add to 10.8.243.0/24 via 10.4.0.1 dev eth0
ip route add to 10.0.0.0/24 via 10.0.0.1 dev eth4

Ignore the 10.8.243.0 route - that is over a VPN to head office, so
that voicemail emails can get to our mail server. The 10.0.0.0 is one
I tried adding, but I don't think it is necessary, given that IP
forwarding is enabled - is that correct?

rothburypbx ~ # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:00:24:CA:69:50
          inet addr:10.4.0.4  Bcast:10.4.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:155482 errors:0 dropped:0 overruns:0 frame:0
          TX packets:161478 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:20548336 (19.5 MiB)  TX bytes:40788444 (38.8 MiB)
          Interrupt:11 Base address:0xe100

eth1      Link encap:Ethernet  HWaddr 00:00:24:CA:69:51
          inet addr:[snip]  Bcast:[snip]  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:286 errors:0 dropped:0 overruns:0 frame:0
          TX packets:161 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:28124 (27.4 KiB)  TX bytes:16787 (16.3 KiB)
          Interrupt:5 Base address:0xe200

eth4      Link encap:Ethernet  HWaddr 00:50:C2:83:D2:21
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:159461 errors:0 dropped:0 overruns:0 frame:0
          TX packets:138654 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:48203478 (45.9 MiB)  TX bytes:27064171 (25.8 MiB)
          Interrupt:10 Base address:0x4400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:46 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:23432 (22.8 KiB)  TX bytes:23432 (22.8 KiB)

rothburypbx ~ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
[DSL subnet]   *               255.255.255.248 U     0      0        0 eth1
10.8.243.0      10.4.0.1        255.255.255.0   UG    0      0        0 eth0
10.0.0.0        *               255.255.255.0   U     0      0        0 eth4
10.4.0.0        *               255.255.255.0   U     0      0        0 eth0
224.0.0.0       *               240.0.0.0       U     0      0        0 eth0
default         [DSL router] 0.0.0.0         UG    0      0        0 eth1


To begin with, I had no firewall rules set up relating to the Berofix,
only to incoming connections on the DSL WAN. I tried using the GUI to
set the Berofix (eth4) as the DMZ, and then added allow DMZ>local
rules for TCP and UDP 0:65535. Still the same symptoms.

Can anyone see an obvious error in how I have things set up?

Thanks again

Tom

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
[email protected].

[Astlinux-users] Help with firewall (maybe)

Reply via email to