[asterisk-users] Asterisk 13.13.1

Ron Wheeler rwheeler at artifact-software.com
Mon Jan 30 12:58:43 CST 2017 

CentOS 7 uses firewalld to control TCP amd UDP access.

The iptables configuration will be overwritten and dynamically changed 
by Firewalld so don't count on the old practice of manipulating iptables 
directly.

I recently moved our Asterisk from an old CentOS to CentOS 7 running 
FreePBX 14.0.1.beta2.

You can add a firewalld service yp /etc/firewalld/services like mine.
[root at firewall0 services]# cat Asterisk.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
   <short>asterisk</short>
   <description>Asterisk PBX</description>
   <port protocol="udp" port="10000-10100"/>
   <port protocol="tcp" port="8003"/>
   <port protocol="udp" port="4569"/>
   <port protocol="tcp" port="8088"/>
   <port protocol="udp" port="5060-5061"/>
</service>

You then permit this service in your interface (zones) as a service
  <service name="Asterisk"/>

I also added a rule to get some logging on the Asterisk ports while 
getting things up and running.
   <rule>
     <service name="Asterisk"/>
     <log level="warning"/>
     <accept/>
   </rule>
   <rule>


I did this all on my exterior firewall which is also a CentOS 7 system.
On the Asterisk server, I do not block anything which is not a best 
practice but the entire internal network is very small and I consider it 
to be secure.

You (and I) should control the interface using Firewalld with the same 
service and zone specifications.





On 30/01/2017 12:13 PM, Motty Cruz wrote:
> I thought it was a firewall issues. I disabled IP Tables & Selinux, but the
> problem persist! I have not made changes on our firewall since the upgrade!
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Doug Lytle
> Sent: Monday, January 30, 2017 9:05 AM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [asterisk-users] Asterisk 13.13.1
>
>>>> On Jan 30, 2017, at 11:55 AM, Motty Cruz motty.cruz at gmail.com wrote:
>>>> Fresh installed CentOS 7.3 and Asterisk 13.13.1. Download Asterisk from
> here:
> http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-13-current.tar
> .gz
>
>>>> I continue to see errors like this:
>>>> [2017-01-30 08:37:17] WARNING[2332]: chan_sip.c:4061 retrans_pkt:
> Retransmission timeout reached on transmission
> 56849706-ba96a6d9-817305d0 at 192.168.125.173 for seqno 109 (Critical Request)
> -- See >>> >>>
>
> Firewall?
>
> Doug
>


-- 
Ron Wheeler
President
Artifact Software Inc
email: rwheeler at artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102

More information about the asterisk-users mailing list