Re: [sipx-users] not seeing inbound ITSP calls

2012-07-21 Thread Tony Graziano 
This is based on a posting for sipx 4.4, because port 80 auto redirects to
port 8443, etc. It is simple guidance. Follow or don't follow it. I dont
care, I do t think it warrants discussion. The objective is to use a port
which will avoid conflicts with other components and services. In this
instance 10443 is still "safe" but do what you want.
On Jul 21, 2012 1:32 PM, "Kurt Albershardt"  wrote:

> On Jul 21, 2012, at 11:08 , Tony Graziano wrote:
>
> The NAT rules have to be created AFTER the outbound Nat rule otherwise
> they stay randomized.
>
> I do understand that, and was planning to do it by choosing Manual (AON)
> and then rebuild my ruleset.
>
> Download the config file made available. Put in your Ethernet interface
> names/ip's  and password by grabbing those from your backup, then upload
> and restart.
>
> I have a lot of work in my existing config - will need to diff them and
> see what is there that I don't already have.
>
>
>
> And I'm still wondering about these two:
>
> pfSense Webgui – I have it set for https on port 10443, change it to
> something you want, but remember stay away from: 80,8443, 5060-5080,
> 3-31000.
>
>
> Unless I plan on accessing the sipx box from outside the firewall, why
> should the webGUI port for pfSense matter?
>
> Also, can someone confirm that I'm seeing keepalives below, and whether I
> can or should disable them once I have a static NAT rule?
>
>
>
> Also make sure you don't have the stupid siproxd package erroneously
> installed.
>
> Never did install it.  Was actually hoping a decent SBC package for
> pfSense would show up someday (there was a freeswitch module that looked
> promising for awhile.)
>
>
>
>
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

-- 
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: helpd...@voice.myitdepartment.net

Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net
___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-21 Thread Kurt Albershardt 
On Jul 21, 2012, at 11:08 , Tony Graziano wrote:
> The NAT rules have to be created AFTER the outbound Nat rule otherwise they 
> stay randomized.
> 
I do understand that, and was planning to do it by choosing Manual (AON) and 
then rebuild my ruleset.

> Download the config file made available. Put in your Ethernet interface 
> names/ip's  and password by grabbing those from your backup, then upload and 
> restart.
> 
I have a lot of work in my existing config - will need to diff them and see 
what is there that I don't already have.



And I'm still wondering about these two:

>> pfSense Webgui – I have it set for https on port 10443, change it to 
>> something you want, but remember stay away from: 80,8443, 5060-5080, 
>> 3-31000.
> 
> Unless I plan on accessing the sipx box from outside the firewall, why should 
> the webGUI port for pfSense matter?
> 
> Also, can someone confirm that I'm seeing keepalives below, and whether I can 
> or should disable them once I have a static NAT rule?



> Also make sure you don't have the stupid siproxd package erroneously 
> installed.
> 
Never did install it.  Was actually hoping a decent SBC package for pfSense 
would show up someday (there was a freeswitch module that looked promising for 
awhile.)



___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-21 Thread Tony Graziano 
You are not parting attention. The NAT rules have to be created AFTER the
outbound Nat rule otherwise they stay randomized.

Download the config file made available. Put in your Ethernet interface
names/ip's  and password by grabbing those from your backup, then upload
and restart.

Also make sure you don't have the stupid siproxd package erroneously
installed.

Until you realize you cannot expect Nat to work until you destroy your
rules and recreate them in the correct order and reboot or great states you
will not get anywhere and are wasting time.
On Jul 21, 2012 12:42 PM, "Kurt Albershardt"  wrote:

> Thanks.  I read several mentions of port randomization and static NAT
> previously, but I didn't see it happening in the logs.
>
> Wondering about
> "pfSense Webgui – I have it set for https on port 10443, change it
> to something you want, but remember stay away from: 80,8443,
> 5060-5080, 3-31000."
> Unless I plan on accessing the sipx box from outside the firewall, why
> should the webGUI port for pfSense matter?
>
> Also, can someone confirm that I'm seeing keepalives below, and whether I
> can or should disable them once I have a static NAT rule?
>
>
> On Jul 20, 2012, at 19:12 , Tony Graziano wrote:
>
> Read this
>
> http://blog.myitdepartment.net/?p=37
> On Jul 20, 2012 9:06 PM, "Tony Graziano" 
> wrote:
>
>> Your outbound Nat type needs to be set for "static port" before your Nat
>> rules are created.
>> On Jul 20, 2012 8:03 PM, "Kurt Albershardt"  wrote:
>>
>>> Forgot to mention that it does not appear to be doing port
>>> randomization.  Running tcpdump from the pfSense box itself shows source
>>> ports of 5080, which should effectively open the hole for their inbound UDP:
>>>
>>> 17:47:36.868729 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>>> 17:47:56.875211 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>>> 17:48:16.882387 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>>> 17:48:36.889707 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>>> 17:48:56.896991 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>>>
>>
>
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

-- 
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: helpd...@voice.myitdepartment.net

Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net
___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-21 Thread Kurt Albershardt 
Thanks.  I read several mentions of port randomization and static NAT 
previously, but I didn't see it happening in the logs.

Wondering about 
"pfSense Webgui – I have it set for https on port 10443, change it to something 
you want, but remember stay away from: 80,8443, 5060-5080, 3-31000."
Unless I plan on accessing the sipx box from outside the firewall, why should 
the webGUI port for pfSense matter?

Also, can someone confirm that I'm seeing keepalives below, and whether I can 
or should disable them once I have a static NAT rule?


On Jul 20, 2012, at 19:12 , Tony Graziano wrote:

> Read this
> 
> http://blog.myitdepartment.net/?p=37
> 
> On Jul 20, 2012 9:06 PM, "Tony Graziano"  wrote:
> Your outbound Nat type needs to be set for "static port" before your Nat 
> rules are created.
> 
> On Jul 20, 2012 8:03 PM, "Kurt Albershardt"  wrote:
> Forgot to mention that it does not appear to be doing port randomization.  
> Running tcpdump from the pfSense box itself shows source ports of 5080, which 
> should effectively open the hole for their inbound UDP:
> 
> 17:47:36.868729 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
> 17:47:56.875211 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
> 17:48:16.882387 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
> 17:48:36.889707 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
> 17:48:56.896991 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4

___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-20 Thread Tony Graziano 
Read this

http://blog.myitdepartment.net/?p=37
On Jul 20, 2012 9:06 PM, "Tony Graziano" 
wrote:

> Your outbound Nat type needs to be set for "static port" before your Nat
> rules are created.
> On Jul 20, 2012 8:03 PM, "Kurt Albershardt"  wrote:
>
>> Forgot to mention that it does not appear to be doing port randomization.
>>  Running tcpdump from the pfSense box itself shows source ports of 5080,
>> which should effectively open the hole for their inbound UDP:
>>
>> 17:47:36.868729 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>> 17:47:56.875211 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>> 17:48:16.882387 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>> 17:48:36.889707 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>> 17:48:56.896991 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>>
>>
>>
>>
>> On Jul 20, 2012, at 17:36 , Tony Graziano wrote:
>>
>> What is the firewall?
>> On Jul 20, 2012 7:22 PM, "Kurt Albershardt"  wrote:
>>
>>> Packets appear not to be making it out of the firewall, despite the fact
>>> that it is logging them.  The sipx box does not receive the packets (at
>>> all.)  Both tcpdump and sipXbridge.log show no packets coming from the ITSP
>>> gateway address (tcpdump does show keepalives we are sending to them every
>>> 20 seconds.)  I can ping the sipx box from pfsense, and I can send
>>> UDP/5080 packets using netcat which get picked up both by sipxbridge.log
>>> and by tcpdump.
>>>
>>> I'm starting to suspect that the keepalives we're sending might be
>>> messing up the firewall state table.  Is there some way to turn off the
>>> keepalives since we have a static NAT mapping to allow inbound?  Or is
>>> there a good reason to leave them running?
>>>
>>>
>>>
>>>
>>> On Jul 20, 2012, at 15:46 , Tony Graziano wrote:
>>>
>>> You will need to make sure the DID call number format in sipx is the
>>> correct format +1npanxx 1npanxx npanxx etc.
>>>
>>> I would look through the sipXbridge log (tail -f) when the call comes in
>>> to see what is in the invite.
>>> On Jul 20, 2012 5:11 PM, "Kurt Albershardt"  wrote:
>>>
 Vitelity sending invites on 5080 now
 Firewall NAT/PAT reconfigured to forward 5080 to 5080


 Firewall says it's sending packets to sipx:

 Jul 20 14:55:31 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
 Jul 20 14:55:29 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
 Jul 20 14:55:28 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
 Jul 20 14:55:27 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP



 Nothing hitting the logs (both sipviewer and grepping for the external
 IP show nothing), and nothing showing in tcpdump other than what appear to
 be keepalives we are sending to them?

 root@sipx sipxpbx]# tcpdump host 66.241.X.X
 tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back
 to cooked socket
 tcpdump: verbose output suppressed, use -v or -vv for full protocol
 decode
 listening on venet0, link-type LINUX_SLL (Linux cooked), capture size
 96 bytes
 15:00:34.923739 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
 15:00:54.924269 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
 15:01:14.923785 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
 15:01:34.924285 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
 15:01:54.923618 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
 15:02:14.924102 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
 15:02:34.923555 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4


 ___
 sipx-users mailing list
 sipx-users@list.sipfoundry.org
 List Archive: http://list.sipfoundry.org/archive/sipx-users/

>>>
>>> LAN/Telephony/Security and Control Systems Helpdesk:
>>> Telephone: 434.984.8426
>>> sip: helpdesk@voice.myitdepartment.**net
>>>
>>> Helpdesk Customers: 
>>> http://myhelp.myitdepartment.**net
>>> Blog: http://blog.myitdepartment.net
>>> ___
>>> sipx-users mailing list
>>> sipx-users@list.sipfoundry.org
>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>>>
>>>
>>>
>>> ___
>>> sipx-users mailing list
>>> sipx-users@list.sipfoundry.org
>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>>>
>>
>> LAN/Telephony/Security and Control Systems Helpdesk:
>> Telephone: 434.984.8426
>> sip: helpdesk@voice.myitdepartment.**net
>>
>> Helpdesk Customers: 
>> http://myhelp.myitdepartment.**net
>> Blog: http://blog.myitdepartment.net
>> ___
>> sipx-users mailing list
>> sipx-users@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>>
>>
>>
>>

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-20 Thread Tony Graziano 
Your outbound Nat type needs to be set for "static port" before your Nat
rules are created.
On Jul 20, 2012 8:03 PM, "Kurt Albershardt"  wrote:

> Forgot to mention that it does not appear to be doing port randomization.
>  Running tcpdump from the pfSense box itself shows source ports of 5080,
> which should effectively open the hole for their inbound UDP:
>
> 17:47:36.868729 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
> 17:47:56.875211 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
> 17:48:16.882387 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
> 17:48:36.889707 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
> 17:48:56.896991 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
>
>
>
>
> On Jul 20, 2012, at 17:36 , Tony Graziano wrote:
>
> What is the firewall?
> On Jul 20, 2012 7:22 PM, "Kurt Albershardt"  wrote:
>
>> Packets appear not to be making it out of the firewall, despite the fact
>> that it is logging them.  The sipx box does not receive the packets (at
>> all.)  Both tcpdump and sipXbridge.log show no packets coming from the ITSP
>> gateway address (tcpdump does show keepalives we are sending to them every
>> 20 seconds.)  I can ping the sipx box from pfsense, and I can send
>> UDP/5080 packets using netcat which get picked up both by sipxbridge.log
>> and by tcpdump.
>>
>> I'm starting to suspect that the keepalives we're sending might be
>> messing up the firewall state table.  Is there some way to turn off the
>> keepalives since we have a static NAT mapping to allow inbound?  Or is
>> there a good reason to leave them running?
>>
>>
>>
>>
>> On Jul 20, 2012, at 15:46 , Tony Graziano wrote:
>>
>> You will need to make sure the DID call number format in sipx is the
>> correct format +1npanxx 1npanxx npanxx etc.
>>
>> I would look through the sipXbridge log (tail -f) when the call comes in
>> to see what is in the invite.
>> On Jul 20, 2012 5:11 PM, "Kurt Albershardt"  wrote:
>>
>>> Vitelity sending invites on 5080 now
>>> Firewall NAT/PAT reconfigured to forward 5080 to 5080
>>>
>>>
>>> Firewall says it's sending packets to sipx:
>>>
>>> Jul 20 14:55:31 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>>> Jul 20 14:55:29 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>>> Jul 20 14:55:28 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>>> Jul 20 14:55:27 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>>>
>>>
>>>
>>> Nothing hitting the logs (both sipviewer and grepping for the external
>>> IP show nothing), and nothing showing in tcpdump other than what appear to
>>> be keepalives we are sending to them?
>>>
>>> root@sipx sipxpbx]# tcpdump host 66.241.X.X
>>> tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back
>>> to cooked socket
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96
>>> bytes
>>> 15:00:34.923739 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>>> 15:00:54.924269 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>>> 15:01:14.923785 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>>> 15:01:34.924285 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>>> 15:01:54.923618 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>>> 15:02:14.924102 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>>> 15:02:34.923555 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>>>
>>>
>>> ___
>>> sipx-users mailing list
>>> sipx-users@list.sipfoundry.org
>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>>>
>>
>> LAN/Telephony/Security and Control Systems Helpdesk:
>> Telephone: 434.984.8426
>> sip: helpdesk@voice.myitdepartment.**net
>>
>> Helpdesk Customers: 
>> http://myhelp.myitdepartment.**net
>> Blog: http://blog.myitdepartment.net
>> ___
>> sipx-users mailing list
>> sipx-users@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>>
>>
>>
>> ___
>> sipx-users mailing list
>> sipx-users@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>>
>
> LAN/Telephony/Security and Control Systems Helpdesk:
> Telephone: 434.984.8426
> sip: helpdesk@voice.myitdepartment.**net
>
> Helpdesk Customers: 
> http://myhelp.myitdepartment.**net
> Blog: http://blog.myitdepartment.net
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>
>
>
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

-- 
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: helpd..

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-20 Thread Kurt Albershardt 
Forgot to mention that it does not appear to be doing port randomization.  
Running tcpdump from the pfSense box itself shows source ports of 5080, which 
should effectively open the hole for their inbound UDP:

17:47:36.868729 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
17:47:56.875211 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
17:48:16.882387 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
17:48:36.889707 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4
17:48:56.896991 IP sipx.domain.com.5080 > 66.241.X.X.5060: SIP, length: 4




On Jul 20, 2012, at 17:36 , Tony Graziano wrote:

> What is the firewall?
> 
> On Jul 20, 2012 7:22 PM, "Kurt Albershardt"  wrote:
> Packets appear not to be making it out of the firewall, despite the fact that 
> it is logging them.  The sipx box does not receive the packets (at all.)  
> Both tcpdump and sipXbridge.log show no packets coming from the ITSP gateway 
> address (tcpdump does show keepalives we are sending to them every 20 
> seconds.)  I can ping the sipx box from pfsense, and I can send UDP/5080 
> packets using netcat which get picked up both by sipxbridge.log and by 
> tcpdump.
> 
> I'm starting to suspect that the keepalives we're sending might be messing up 
> the firewall state table.  Is there some way to turn off the keepalives since 
> we have a static NAT mapping to allow inbound?  Or is there a good reason to 
> leave them running?
> 
> 
> 
> 
> On Jul 20, 2012, at 15:46 , Tony Graziano wrote:
> 
>> You will need to make sure the DID call number format in sipx is the correct 
>> format +1npanxx 1npanxx npanxx etc.
>> 
>> I would look through the sipXbridge log (tail -f) when the call comes in to 
>> see what is in the invite.
>> 
>> On Jul 20, 2012 5:11 PM, "Kurt Albershardt"  wrote:
>> Vitelity sending invites on 5080 now
>> Firewall NAT/PAT reconfigured to forward 5080 to 5080
>> 
>> 
>> Firewall says it's sending packets to sipx:
>> 
>> Jul 20 14:55:31 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> Jul 20 14:55:29 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> Jul 20 14:55:28 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> Jul 20 14:55:27 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> 
>> 
>> 
>> Nothing hitting the logs (both sipviewer and grepping for the external IP 
>> show nothing), and nothing showing in tcpdump other than what appear to be 
>> keepalives we are sending to them?
>> 
>> root@sipx sipxpbx]# tcpdump host 66.241.X.X
>> tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to 
>> cooked socket
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96 
>> bytes
>> 15:00:34.923739 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:00:54.924269 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:01:14.923785 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:01:34.924285 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:01:54.923618 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:02:14.924102 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:02:34.923555 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 
>> 
>> ___
>> sipx-users mailing list
>> sipx-users@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>> 
>> LAN/Telephony/Security and Control Systems Helpdesk:
>> Telephone: 434.984.8426
>> sip: helpd...@voice.myitdepartment.net
>> 
>> Helpdesk Customers: http://myhelp.myitdepartment.net
>> Blog: http://blog.myitdepartment.net
>> ___
>> sipx-users mailing list
>> sipx-users@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
> 
> 
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
> 
> LAN/Telephony/Security and Control Systems Helpdesk:
> Telephone: 434.984.8426
> sip: helpd...@voice.myitdepartment.net
> 
> Helpdesk Customers: http://myhelp.myitdepartment.net
> Blog: http://blog.myitdepartment.net
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-20 Thread Kurt Albershardt 
pfSense 1.2.3



On Jul 20, 2012, at 17:36 , Tony Graziano wrote:

> What is the firewall?
> 
> On Jul 20, 2012 7:22 PM, "Kurt Albershardt"  wrote:
> Packets appear not to be making it out of the firewall, despite the fact that 
> it is logging them.  The sipx box does not receive the packets (at all.)  
> Both tcpdump and sipXbridge.log show no packets coming from the ITSP gateway 
> address (tcpdump does show keepalives we are sending to them every 20 
> seconds.)  I can ping the sipx box from pfsense, and I can send UDP/5080 
> packets using netcat which get picked up both by sipxbridge.log and by 
> tcpdump.
> 
> I'm starting to suspect that the keepalives we're sending might be messing up 
> the firewall state table.  Is there some way to turn off the keepalives since 
> we have a static NAT mapping to allow inbound?  Or is there a good reason to 
> leave them running?
> 
> 
> 
> 
> On Jul 20, 2012, at 15:46 , Tony Graziano wrote:
> 
>> You will need to make sure the DID call number format in sipx is the correct 
>> format +1npanxx 1npanxx npanxx etc.
>> 
>> I would look through the sipXbridge log (tail -f) when the call comes in to 
>> see what is in the invite.
>> 
>> On Jul 20, 2012 5:11 PM, "Kurt Albershardt"  wrote:
>> Vitelity sending invites on 5080 now
>> Firewall NAT/PAT reconfigured to forward 5080 to 5080
>> 
>> 
>> Firewall says it's sending packets to sipx:
>> 
>> Jul 20 14:55:31 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> Jul 20 14:55:29 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> Jul 20 14:55:28 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> Jul 20 14:55:27 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> 
>> 
>> 
>> Nothing hitting the logs (both sipviewer and grepping for the external IP 
>> show nothing), and nothing showing in tcpdump other than what appear to be 
>> keepalives we are sending to them?
>> 
>> root@sipx sipxpbx]# tcpdump host 66.241.X.X
>> tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to 
>> cooked socket
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96 
>> bytes
>> 15:00:34.923739 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:00:54.924269 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:01:14.923785 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:01:34.924285 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:01:54.923618 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:02:14.924102 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:02:34.923555 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 
>> 
>> ___
>> sipx-users mailing list
>> sipx-users@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>> 
>> LAN/Telephony/Security and Control Systems Helpdesk:
>> Telephone: 434.984.8426
>> sip: helpd...@voice.myitdepartment.net
>> 
>> Helpdesk Customers: http://myhelp.myitdepartment.net
>> Blog: http://blog.myitdepartment.net
>> ___
>> sipx-users mailing list
>> sipx-users@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
> 
> 
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
> 
> LAN/Telephony/Security and Control Systems Helpdesk:
> Telephone: 434.984.8426
> sip: helpd...@voice.myitdepartment.net
> 
> Helpdesk Customers: http://myhelp.myitdepartment.net
> Blog: http://blog.myitdepartment.net
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-20 Thread Tony Graziano 
What is the firewall?
On Jul 20, 2012 7:22 PM, "Kurt Albershardt"  wrote:

> Packets appear not to be making it out of the firewall, despite the fact
> that it is logging them.  The sipx box does not receive the packets (at
> all.)  Both tcpdump and sipXbridge.log show no packets coming from the ITSP
> gateway address (tcpdump does show keepalives we are sending to them every
> 20 seconds.)  I can ping the sipx box from pfsense, and I can send
> UDP/5080 packets using netcat which get picked up both by sipxbridge.log
> and by tcpdump.
>
> I'm starting to suspect that the keepalives we're sending might be messing
> up the firewall state table.  Is there some way to turn off the keepalives
> since we have a static NAT mapping to allow inbound?  Or is there a good
> reason to leave them running?
>
>
>
>
> On Jul 20, 2012, at 15:46 , Tony Graziano wrote:
>
> You will need to make sure the DID call number format in sipx is the
> correct format +1npanxx 1npanxx npanxx etc.
>
> I would look through the sipXbridge log (tail -f) when the call comes in
> to see what is in the invite.
> On Jul 20, 2012 5:11 PM, "Kurt Albershardt"  wrote:
>
>> Vitelity sending invites on 5080 now
>> Firewall NAT/PAT reconfigured to forward 5080 to 5080
>>
>>
>> Firewall says it's sending packets to sipx:
>>
>> Jul 20 14:55:31 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> Jul 20 14:55:29 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> Jul 20 14:55:28 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>> Jul 20 14:55:27 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>>
>>
>>
>> Nothing hitting the logs (both sipviewer and grepping for the external IP
>> show nothing), and nothing showing in tcpdump other than what appear to be
>> keepalives we are sending to them?
>>
>> root@sipx sipxpbx]# tcpdump host 66.241.X.X
>> tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back
>> to cooked socket
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96
>> bytes
>> 15:00:34.923739 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:00:54.924269 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:01:14.923785 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:01:34.924285 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:01:54.923618 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:02:14.924102 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>> 15:02:34.923555 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>>
>>
>> ___
>> sipx-users mailing list
>> sipx-users@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>>
>
> LAN/Telephony/Security and Control Systems Helpdesk:
> Telephone: 434.984.8426
> sip: helpdesk@voice.myitdepartment.**net
>
> Helpdesk Customers: 
> http://myhelp.myitdepartment.**net
> Blog: http://blog.myitdepartment.net
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>
>
>
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

-- 
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: helpd...@voice.myitdepartment.net

Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net
___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-20 Thread Kurt Albershardt 
Packets appear not to be making it out of the firewall, despite the fact that 
it is logging them.  The sipx box does not receive the packets (at all.)  Both 
tcpdump and sipXbridge.log show no packets coming from the ITSP gateway address 
(tcpdump does show keepalives we are sending to them every 20 seconds.)  I can 
ping the sipx box from pfsense, and I can send UDP/5080 packets using netcat 
which get picked up both by sipxbridge.log and by tcpdump.

I'm starting to suspect that the keepalives we're sending might be messing up 
the firewall state table.  Is there some way to turn off the keepalives since 
we have a static NAT mapping to allow inbound?  Or is there a good reason to 
leave them running?




On Jul 20, 2012, at 15:46 , Tony Graziano wrote:

> You will need to make sure the DID call number format in sipx is the correct 
> format +1npanxx 1npanxx npanxx etc.
> 
> I would look through the sipXbridge log (tail -f) when the call comes in to 
> see what is in the invite.
> 
> On Jul 20, 2012 5:11 PM, "Kurt Albershardt"  wrote:
> Vitelity sending invites on 5080 now
> Firewall NAT/PAT reconfigured to forward 5080 to 5080
> 
> 
> Firewall says it's sending packets to sipx:
> 
> Jul 20 14:55:31 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
> Jul 20 14:55:29 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
> Jul 20 14:55:28 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
> Jul 20 14:55:27 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
> 
> 
> 
> Nothing hitting the logs (both sipviewer and grepping for the external IP 
> show nothing), and nothing showing in tcpdump other than what appear to be 
> keepalives we are sending to them?
> 
> root@sipx sipxpbx]# tcpdump host 66.241.X.X
> tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to 
> cooked socket
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
> 15:00:34.923739 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:00:54.924269 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:01:14.923785 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:01:34.924285 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:01:54.923618 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:02:14.924102 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:02:34.923555 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 
> 
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
> 
> LAN/Telephony/Security and Control Systems Helpdesk:
> Telephone: 434.984.8426
> sip: helpd...@voice.myitdepartment.net
> 
> Helpdesk Customers: http://myhelp.myitdepartment.net
> Blog: http://blog.myitdepartment.net
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Re: [sipx-users] not seeing inbound ITSP calls

2012-07-20 Thread Tony Graziano 
You will need to make sure the DID call number format in sipx is the
correct format +1npanxx 1npanxx npanxx etc.

I would look through the sipXbridge log (tail -f) when the call comes in to
see what is in the invite.
On Jul 20, 2012 5:11 PM, "Kurt Albershardt"  wrote:

> Vitelity sending invites on 5080 now
> Firewall NAT/PAT reconfigured to forward 5080 to 5080
>
>
> Firewall says it's sending packets to sipx:
>
> Jul 20 14:55:31 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
> Jul 20 14:55:29 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
> Jul 20 14:55:28 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
> Jul 20 14:55:27 NG0 66.241.X.X:5060 192.168.X.24:5080 UDP
>
>
>
> Nothing hitting the logs (both sipviewer and grepping for the external IP
> show nothing), and nothing showing in tcpdump other than what appear to be
> keepalives we are sending to them?
>
> root@sipx sipxpbx]# tcpdump host 66.241.X.X
> tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to
> cooked socket
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96
> bytes
> 15:00:34.923739 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:00:54.924269 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:01:14.923785 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:01:34.924285 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:01:54.923618 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:02:14.924102 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
> 15:02:34.923555 IP sipx.domain.com.5080 > 66.241.X.X.sip: SIP, length: 4
>
>
> ___
> sipx-users mailing list
> sipx-users@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

-- 
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: helpd...@voice.myitdepartment.net

Helpdesk Customers: http://myhelp.myitdepartment.net
Blog: http://blog.myitdepartment.net
___
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/