Re: [asterisk-users] IAX connections broken
On Sun, 2007-07-29 at 14:51 +0100, Thomas Kenyon wrote: iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 4569 -j DNAT --to ip-of-asterisk-box:4569 should work, assuming you have the relevant parts compiled in. Just for your information, IAX traffic is UDP, not TCP. I just thought I'd bring that up so that someone didn't mistakenly open up their firewall for TCP traffic instead of UDP traffic and wonder why IAX traffic wasn't making it through. -- Jared Smith Community Relations Manager Digium, Inc. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX connections broken
On 7/30/07, Jared Smith wrote: Just for your information, IAX traffic is UDP, not TCP. I just thought I'd bring that up so that someone didn't mistakenly open up their firewall for TCP traffic instead of UDP traffic and wonder why IAX traffic wasn't making it through. Amen ! I had changed my router, the calls via my DID were working fine, but I just COULD NOT get either of my soft phones to connect. I looked at the contexts, nothing. The * console was not dead as ever. I check the port forwarding and Bingo ! only TCP was being forwarded. Aaaah ! -- ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX connections broken
Just so people on the list can search later: I found the solution: The smoothwall we have as our firewall / router needed to be reset. It went haywire and wasn't forwarding anything after about the 5th entry. I deleted everything out of the web interface for port forwarding, confirmed it went bye bye by ssh'ing into the box and actually looking at the files, restarted it, re-added the ports, and VIOIA! IAX works once again. What a pain in the asset. Yours, Michael Munger, dCAP 404-438-2128 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Baji Panchumarti Sent: Monday, July 30, 2007 11:48 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] IAX connections broken On 7/30/07, Jared Smith wrote: Just for your information, IAX traffic is UDP, not TCP. I just thought I'd bring that up so that someone didn't mistakenly open up their firewall for TCP traffic instead of UDP traffic and wonder why IAX traffic wasn't making it through. Amen ! I had changed my router, the calls via my DID were working fine, but I just COULD NOT get either of my soft phones to connect. I looked at the contexts, nothing. The * console was not dead as ever. I check the port forwarding and Bingo ! only TCP was being forwarded. Aaaah ! -- ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX connections broken
Michael Munger wrote: I agree it is the NAT in the router. Does anyone know what the ip tables command would be to pass IAX to an Asterisk box on the LAN? It depends a lot on what your current setup is, but something akin to: iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 4569 -j DNAT --to ip-of-asterisk-box:4569 should work, assuming you have the relevant parts compiled in. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX connections broken
michael, this is what I use for centOS 4, but I think its too loose... let me know if you don't know where to put it... daveC # for asterisk -A RH-Firewall-1-INPUT -p udp -m udp --dport 5060 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 4569 -j ACCEPT IAX -A RH-Firewall-1-INPUT -p udp -m udp --dport 5036 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 1:2 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 5004 -j ACCEPT Michael Munger wrote: It did change, which is what caused this problem in the first place, but all the updates have been applied, propagated, and are working….well, with the exception of this one. Does anyone know what the iptables command would be to forward these IAX packets to a specific LAN ip? Michael Munger High Powered Help, Inc [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 404-438-2128 x 101 *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Dave Bour *Sent:* Thursday, July 26, 2007 12:29 PM *To:* asterisk-users@lists.digium.com *Subject:* Re: [asterisk-users] IAX connections broken Are sites listed by IP or DN. If IP, dumb question but did it change? If DN, can you resolve it from the respective boxea? Dave Bour Desktop Solution Center 905.381.0077 [EMAIL PROTECTED] For those who just want it to work... Giving you complete IT peace of mind. (Sent via Blackberry - hence message may be shorter than my usual verbose responses) PIN 4cc364db (as of March 24, 2007) - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com Sent: Thu Jul 26 10:17:23 2007 Subject: Re: [asterisk-users] IAX connections broken Not likely. #1, I have a public IP on that firewall. #2. If I block 4569 at our firewall, then it goes from closed to stealth. If I forward the port, it goes from stealth to closed. The iaxping tool (http://www.bpvn.com/asterisk/iaxping.zip) has no problems pinging the box from the lan, and our test machine can make an IAX connection to the box. From outside the network, however, it times out. It has to be a NAT problem, but forwarding doesn't appear to be working. Yours, Michael Munger, dCAP 404-438-2128 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Baji Panchumarti Sent: Thursday, July 26, 2007 10:06 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] IAX connections broken what if your internet provider is blocking inbound 4569 ? -- On 7/26/07, Michael Munger wrote: Dear All: I have several boxes that up and running just great, then we changed internet equipment due to a lightning strike, now all my inbound IAX connections (iax2 show peers) have unknown status. If I log into the remote boxes, it says Request sent. The authentications haven't changed at all, and all the iax.conf settings are correct. It looks like a firewall issue, but we've got 4569 TCP UDP forwarded to our Asterisk box. When I use Shields up from GRC.com to test the port, it is showing up as closed rather than open, which normally means the port is open, but the service is not running, yet Asterisk is up and running just fine, and my outbound connections to Voicepulse work fine. I see voicepulse, voicepulse sees me. There is something I am not seeing here. Any thoughts? -Michael ___ ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.10.22/921 - Release Date: 07/26/2007 11:16 PM -- My wife's sister is in California. I should buy her a Videophone2008! Truly, The Next Best Thing to Being There! -- WorldWideVideoPhones.com 856.380.0894 ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update
Re: [asterisk-users] IAX connections broken
It did change, which is what caused this problem in the first place, but all the updates have been applied, propagated, and are workingwell, with the exception of this one. Does anyone know what the iptables command would be to forward these IAX packets to a specific LAN ip? Michael Munger High Powered Help, Inc [EMAIL PROTECTED] 404-438-2128 x 101 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Bour Sent: Thursday, July 26, 2007 12:29 PM To: asterisk-users@lists.digium.com Subject: Re: [asterisk-users] IAX connections broken Are sites listed by IP or DN. If IP, dumb question but did it change? If DN, can you resolve it from the respective boxea? Dave Bour Desktop Solution Center 905.381.0077 [EMAIL PROTECTED] For those who just want it to work... Giving you complete IT peace of mind. (Sent via Blackberry - hence message may be shorter than my usual verbose responses) PIN 4cc364db (as of March 24, 2007) - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com Sent: Thu Jul 26 10:17:23 2007 Subject: Re: [asterisk-users] IAX connections broken Not likely. #1, I have a public IP on that firewall. #2. If I block 4569 at our firewall, then it goes from closed to stealth. If I forward the port, it goes from stealth to closed. The iaxping tool (http://www.bpvn.com/asterisk/iaxping.zip) has no problems pinging the box from the lan, and our test machine can make an IAX connection to the box. From outside the network, however, it times out. It has to be a NAT problem, but forwarding doesn't appear to be working. Yours, Michael Munger, dCAP 404-438-2128 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Baji Panchumarti Sent: Thursday, July 26, 2007 10:06 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] IAX connections broken what if your internet provider is blocking inbound 4569 ? -- On 7/26/07, Michael Munger wrote: Dear All: I have several boxes that up and running just great, then we changed internet equipment due to a lightning strike, now all my inbound IAX connections (iax2 show peers) have unknown status. If I log into the remote boxes, it says Request sent. The authentications haven't changed at all, and all the iax.conf settings are correct. It looks like a firewall issue, but we've got 4569 TCP UDP forwarded to our Asterisk box. When I use Shields up from GRC.com to test the port, it is showing up as closed rather than open, which normally means the port is open, but the service is not running, yet Asterisk is up and running just fine, and my outbound connections to Voicepulse work fine. I see voicepulse, voicepulse sees me. There is something I am not seeing here. Any thoughts? -Michael ___ ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users BEGIN:VCARD VERSION:2.1 N:Munger;Michael FN:Michael Munger ADR;WORK:;;194 Powers Ferry Road;Marietta;GA;30067;United States LABEL;WORK;ENCODING=QUOTED-PRINTABLE:194 Powers Ferry Road=0D=0AMarietta, GA 30067=0D=0AUnited States EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20070608T220446Z END:VCARD ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX connections broken
On 7/27/07, Michael Munger [EMAIL PROTECTED] wrote: It did change, which is what caused this problem in the first place, but all the updates have been applied, propagated, and are working….well, with the exception of this one. Does anyone know what the iptables command would be to forward these IAX packets to a specific LAN ip? Your connection to voicepulse works because it does not need inbound access. Are you sure your firewall is passing UDP? Check your IP addresses. If you can access it from inside iyour LAN it certainly is your router. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX connections broken
I agree it is the NAT in the router. Does anyone know what the ip tables command would be to pass IAX to an Asterisk box on the LAN? Michael Munger High Powered Help, Inc [EMAIL PROTECTED] 404-438-2128 x 101 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Joakimsen Sent: Saturday, July 28, 2007 12:27 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] IAX connections broken On 7/27/07, Michael Munger [EMAIL PROTECTED] wrote: It did change, which is what caused this problem in the first place, but all the updates have been applied, propagated, and are workingwell, with the exception of this one. Does anyone know what the iptables command would be to forward these IAX packets to a specific LAN ip? Your connection to voicepulse works because it does not need inbound access. Are you sure your firewall is passing UDP? Check your IP addresses. If you can access it from inside iyour LAN it certainly is your router. BEGIN:VCARD VERSION:2.1 N:Munger;Michael FN:Michael Munger ADR;WORK:;;194 Powers Ferry Road;Marietta;GA;30067;United States LABEL;WORK;ENCODING=QUOTED-PRINTABLE:194 Powers Ferry Road=0D=0AMarietta, GA 30067=0D=0AUnited States EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20070608T220446Z END:VCARD ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX connections broken
Are sites listed by IP or DN. If IP, dumb question but did it change? If DN, can you resolve it from the respective boxea? Dave Bour Desktop Solution Center 905.381.0077 [EMAIL PROTECTED] For those who just want it to work... Giving you complete IT peace of mind. (Sent via Blackberry - hence message may be shorter than my usual verbose responses) PIN 4cc364db (as of March 24, 2007) - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com Sent: Thu Jul 26 10:17:23 2007 Subject: Re: [asterisk-users] IAX connections broken Not likely. #1, I have a public IP on that firewall. #2. If I block 4569 at our firewall, then it goes from closed to stealth. If I forward the port, it goes from stealth to closed. The iaxping tool (http://www.bpvn.com/asterisk/iaxping.zip) has no problems pinging the box from the lan, and our test machine can make an IAX connection to the box. From outside the network, however, it times out. It has to be a NAT problem, but forwarding doesn't appear to be working. Yours, Michael Munger, dCAP 404-438-2128 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Baji Panchumarti Sent: Thursday, July 26, 2007 10:06 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] IAX connections broken what if your internet provider is blocking inbound 4569 ? -- On 7/26/07, Michael Munger wrote: Dear All: I have several boxes that up and running just great, then we changed internet equipment due to a lightning strike, now all my inbound IAX connections (iax2 show peers) have unknown status. If I log into the remote boxes, it says Request sent. The authentications haven't changed at all, and all the iax.conf settings are correct. It looks like a firewall issue, but we've got 4569 TCP UDP forwarded to our Asterisk box. When I use Shields up from GRC.com to test the port, it is showing up as closed rather than open, which normally means the port is open, but the service is not running, yet Asterisk is up and running just fine, and my outbound connections to Voicepulse work fine. I see voicepulse, voicepulse sees me. There is something I am not seeing here. Any thoughts? -Michael ___ ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX connections broken
Not likely. #1, I have a public IP on that firewall. #2. If I block 4569 at our firewall, then it goes from closed to stealth. If I forward the port, it goes from stealth to closed. The iaxping tool (http://www.bpvn.com/asterisk/iaxping.zip) has no problems pinging the box from the lan, and our test machine can make an IAX connection to the box. From outside the network, however, it times out. It has to be a NAT problem, but forwarding doesn't appear to be working. Yours, Michael Munger, dCAP 404-438-2128 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Baji Panchumarti Sent: Thursday, July 26, 2007 10:06 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] IAX connections broken what if your internet provider is blocking inbound 4569 ? -- On 7/26/07, Michael Munger wrote: Dear All: I have several boxes that up and running just great, then we changed internet equipment due to a lightning strike, now all my inbound IAX connections (iax2 show peers) have unknown status. If I log into the remote boxes, it says Request sent. The authentications haven't changed at all, and all the iax.conf settings are correct. It looks like a firewall issue, but we've got 4569 TCP UDP forwarded to our Asterisk box. When I use Shields up from GRC.com to test the port, it is showing up as closed rather than open, which normally means the port is open, but the service is not running, yet Asterisk is up and running just fine, and my outbound connections to Voicepulse work fine. I see voicepulse, voicepulse sees me. There is something I am not seeing here. Any thoughts? -Michael ___ ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX connections broken
what if your internet provider is blocking inbound 4569 ? -- On 7/26/07, Michael Munger wrote: Dear All: I have several boxes that up and running just great, then we changed internet equipment due to a lightning strike, now all my inbound IAX connections (iax2 show peers) have unknown status. If I log into the remote boxes, it says Request sent. The authentications haven't changed at all, and all the iax.conf settings are correct. It looks like a firewall issue, but we've got 4569 TCP UDP forwarded to our Asterisk box. When I use Shields up from GRC.com to test the port, it is showing up as closed rather than open, which normally means the port is open, but the service is not running, yet Asterisk is up and running just fine, and my outbound connections to Voicepulse work fine. I see voicepulse, voicepulse sees me. There is something I am not seeing here. Any thoughts? -Michael ___ ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users