[asterisk-users] Slightly OT: trying to mangle packets from Asterisk for a multiple ISP setup (reward)

Mike list at virtutel.ca
Tue Jun 1 09:27:58 CDT 2010 

Hi,

 

Reward offered: 50$ (paypal), and I am sure this is a ridiculous thing I
have missing.

 

My goal: On a 2 NIC Asterisk box, to send packets that came in Asterisk on
NIC1 back to NIC 1, and NIC2 back to NIC 2. (basically, send them back the
same way they came from).

 

I have been doing what was recommended to me and mangling packets left and
right.  I have reached a point where I am stuck, and can`t imagine why this
last little step isnt working.

 

As you know, Asterisk sends all packets "from" the default IP (in my case,
NIC 1 IP).  So connections to NIC 1 work fine, to NIC 2 they don`t.  I
therefore put in some routing rules to help me.  Some example, a phone
(remote PBX setup) coming in from 65.77.77.77 works fine because of these
(slightly obfuscated by changing IPs shown) routing rules:

 

ip rule show: 

0:      from all lookup 255

32759:  from all fwmark 0x64 lookup ISP2 (<----- this is key to my issue)

32760:  from all to 65.77.77.77 lookup ISP2

32766:  from all lookup main

32767:  from all lookup default

 

ip route show table ISP2:

default via 22.22.22.22 dev eth1  src 22.22.22.21

 

BUT I can't reliably know where the phones come from (long story), or what
IP they use (ISP1 or ISP2) to connect to me. So instead, I have done this
with iptables:

 

MARK       all  --  anywhere             STRING match "22.22.22.21" ALGO
name bm TO 65535MARK set 0x64

 

Basically saying to mark all packets that have the string "22.22.22.21" in
it's SIP content (meaning they came in on NIC2 originally because the phone
registered to 22.22.22.21) with mark 0x64.  And that works fine, because
another rule that LOGs these marked packets is logging them correctly.

 

Because of my above routing rules, packets going out marked with 0x64 or
those going to 65.77.77.77 should go to the same ip route (route table
ISP2).  Mysteriously, I see that packets going to 65.77.77.77 (using
wireshark) are correctly mangled as coming from 22.22.22.21, but not those
marked with 0x64.  Those still go out through the default routing table.

 

What the heck am I missing? I believe I have done my homework, but there is
no more door left to bang my head on.

 

Mike

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100601/c1181f8b/attachment.htm

More information about the asterisk-users mailing list