[asterisk-users] 11.4.0: iax packets lost by amazon ec2
Sean Darcy
seandarcy2 at gmail.com
Sat Sep 7 11:33:04 CDT 2013
On 09/07/2013 10:33 AM, Tony Mountifield wrote:
> In article <522A934D.8010006 at gmail.com>,
> Sean Darcy <seandarcy2 at gmail.com> wrote:
>> On 09/06/2013 07:08 PM, Steve Edwards wrote:
>>> On Fri, 6 Sep 2013, Sean Darcy wrote:
>>>
>>>> I'm not sure asterisk is even listening for the packets:
>>>>
>>>> [root at asterisk ~]# netstat -apnt | grep 4569
>>>> [root at asterisk ~]#
>>>
>>> '-t' meand TCP. IAX is UDP.
>>>
>>
>> My bad:
>>
>> netstat -apnu | grep 4569
>> udp 0 0 0.0.0.0:4569 0.0.0.0:*
>> 3176/asterisk
>>
>> But why isn't asterisk seeing/acting upon the registration request?
>> Wireshark finds the packet to 4569, so it's not a firewall problem.
>
> Are you sure about that? I have found in the past that tcpdump sees inbound
> packets before they get to the iptables filter.
>
> What happens if you do:
> iptables -I INPUT 1 -p udp --dport 4569 -j ACCEPT
>
> Cheers
> Tony
>
Wow! Look:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere ctstate
NEW tcp dpt:ssh
REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Which means to me that the INPUT chain will ACCEPT all protocols from
anywhere to anywhere.
But no, iptables -I INPUT 1 -p udp --dport 4569 -j ACCEPT solves the
problem and asterisk now registers my device.
Now I have to find a way to make it persistent across reboots.
Thanks,
sean
More information about the asterisk-users
mailing list