[asterisk-users] Asterisk 1.8.7 and client outside network
Administrator TOOTAI
admin at tootai.net
Sun Oct 16 05:33:27 CDT 2011
Hi Tarek
Le 15/10/2011 20:28, Tarek Sawah a écrit :
> Hello Daniel
> First question, do you have a firewall application or hardware
> installed on the network?
The Asterisk server is also the firewall/router, iptables running on it.
>
> Second do you have some software similar to fail2ban?
Yes, but I put the domain IP in ignoreip list. I checked fail2ban
iptables rules, no trace of this IP
>
> Third check your IPTABLES if you can post the output of iptables-save
> would be good.
>
> if you can replace the localnet=<Asterisk server external IP/32>
> with externip=<Asterisk server external IP/32>
I didn't send this info but externalip is setted to <Asterisk server
external IP/32>
>
> then we will be able to check your problem?
This setup is working on tens of customers servers (1.2, 1.4 and 1.6),
but this is the first one running 1.8 version. The same phone connect
perfectly to our 1.6 server in the same conditions, so it's seems
something related to 1.8 version.
What I don't understand is that (violating IP ) should display the IP
but in my case it's blank (or empty). Should domain contain as well the
port despite the fact that we have insecure=port,invite?
Thanks for your help
Daniel
>
>
> > Date: Sat, 15 Oct 2011 19:08:10 +0200
> > From: admin at tootai.net
> > To: asterisk-users at lists.digium.com
> > Subject: Re: [asterisk-users] Asterisk 1.8.7 and client outside network
> >
> > Hi,
> >
> > no clue on this?
> >
> > I found a thread in march from Faisal Hanif having the same problem but
> > no one of the proposed ideas where working (reverse permit/deny, tried
> > with only permit=0.0.0.0/0.0.0.0, aso), no luck :-) I don't now if it's
> > solved for him.
> >
> > If someone had a solution on this, would be great to share ;-)
> >
> > Regards
> >
> > --
> > Daniel
> >
> >
> > Le 07/10/2011 15:01, Administrator TOOTAI a écrit :
> > > Hi,
> > >
> > > my asterisk 1.8.7 is working well with phones (SNOM, Gigaset 620 and
> > > GrandStream) connected from the lan
> > >
> > > I now want to connect a snom320 from outside but it failed, having
> always
> > >
> > > [Oct 7 14:48:04] ERROR[3870]: netsock2.c:94
> ast_sockaddr_stringify_fmt:
> > > getnameinfo(): ai_family not supported
> > > [Oct 7 14:48:04] WARNING[3870]: chan_sip.c:13597
> parse_register_contact:
> > > Domain 'XX.XXX.XXX.XX:2048' disallowed by contact ACL (violating IP )
> > > [Oct 7 14:48:04] WARNING[3870]: chan_sip.c:14306 register_verify:
> > > Registration denied because of contact ACL
> > >
> > > doesn't matter if I connect through a VPN or to the public IP
> using STUN.
> > >
> > >
> > > My sip.conf:
> > >
> > > localnet=172.24.0.0/12
> > > localnet=169.254.0.0/255.255.0.0 ; Zero conf local network
> > > localnet=<Asterisk server external IP/32>
> > > autodomain=yes
> > > ;allowexternaldomains=yes
> > > domain=172.24.30.250 ;Asterisk Server IP
> > > domain=<Public Hostname>
> > > domain=<Another Public Hostname>
> > >
> > > [309](snom320,ulaw-phone,callgroup1)
> > > type=friend
> > > insecure=port,invite
> > > secret=VoIP2auDIo
> > > contactdeny=0.0.0.0/0.0.0.0
> > > contactpermit=XX.XXX.XXX.XX/32 ; External IP from phone, same as
> > > disallowed by contact ACL
> > > deny=0.0.0.0/0.0.0.0
> > > permit=XX.XXX.XXX.XX/32
> > > nat=yes
> > >
> > > Any clue? Why violating IP is empty?
More information about the asterisk-users
mailing list