[asterisk-users] AMI not listening on secondary IP address?

Antony Stone Antony.Stone at asterisk.open.source.it
Tue Oct 23 05:40:30 CDT 2018


I have three servers running corosync and pacemaker, to maintain a floating 
address between them.  This is working fine, and I can, for example, SSH to the 
floating address and get to whichever server has the address at the time.

I am trying to connect to the same server (using the same address) for AMI, 
and it just isn't working, even though I can connect to the primary address of 
the machine, and I have AMI configured to listen on all interfaces / addresses.

Here's my setup (I'm only talking about the single machine which owns the 
floating address at the moment here; the other two don't matter for this 

# ip address list
(output abbreviated for clarity, and real IPs mildly obscured)

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
    link/ether fe:ff:00:00:8b:9c brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet brd scope global secondary eth0
       valid_lft forever preferred_lft forever

# cat /etc/asterisk/manager.conf

enabled = yes
port = 5038
bindaddr =

# netstat -lptn

Proto Local Address       Foreign Address       State       PID/Program name    
tcp*             LISTEN      29490/asterisk      

So, it all looks like Asterisk is listening on port 5038 for connections from 
anywhere, to any local address.

But (all the tests below are carried out *from* the same machine I'm trying to 
connect to, just to eliminate external networking problems as the cause, but 
if I do the same thing from a remote machine, I get the same results):

# telnet localhost 5038
Connected to localhost.localdomain.
Escape character is '^]'.
Asterisk Call Manager/2.9.0

# telnet 5038
Connected to
Escape character is '^]'.
Asterisk Call Manager/2.9.0

# telnet 5038
telnet: Unable to connect to remote host: Connection refused

No, it's not a firewall problem; I've currently allowed connections to 5038 
from anywhere, in order to debug this problem.

Just to prove that the secondary address does work:

# ssh
The authenticity of host ' (' can't be 
ECDSA key fingerprint is SHA256:1R0SmFqRn5Jukh3GxvXq8/7bvsPq1MPvdGw6GXfUngs.
Are you sure you want to continue connecting (yes/no)?

Anyone got any ideas?


"Remember: the S in IoT stands for Security."

 - Jan-Piet Mens

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the asterisk-users mailing list