[asterisk-users] 11.4.0: iax packets lost by amazon ec2

Tony Mountifield tony at softins.co.uk
Sat Sep 7 12:26:36 CDT 2013 

In article <l0fkfp$4ua$1 at ger.gmane.org>,
Sean Darcy <seandarcy2 at gmail.com> wrote:
> On 09/07/2013 10:33 AM, Tony Mountifield wrote:
> > In article <522A934D.8010006 at gmail.com>,
> > Sean Darcy <seandarcy2 at gmail.com> wrote:
> >> On 09/06/2013 07:08 PM, Steve Edwards wrote:
> >>> On Fri, 6 Sep 2013, Sean Darcy wrote:
> >>>
> >>>> I'm not sure asterisk is even listening for the packets:
> >>>>
> >>>> [root at asterisk ~]# netstat -apnt | grep 4569
> >>>> [root at asterisk ~]#
> >>>
> >>> '-t' meand TCP. IAX is UDP.
> >>>
> >>
> >> My bad:
> >>
> >> netstat -apnu | grep 4569
> >> udp        0      0 0.0.0.0:4569            0.0.0.0:*
> >>           3176/asterisk
> >>
> >> But why isn't asterisk seeing/acting upon the registration request?
> >> Wireshark finds the packet to 4569, so it's not a firewall problem.
> >
> > Are you sure about that? I have found in the past that tcpdump sees inbound
> > packets before they get to the iptables filter.
> >
> > What happens if you do:
> > iptables -I INPUT 1 -p udp --dport 4569 -j ACCEPT
> >
> > Cheers
> > Tony
> >
> 
> Wow! Look:
> 
>   iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere             ctstate 
> RELATED,ESTABLISHED
> ACCEPT     icmp --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     tcp  --  anywhere             anywhere             ctstate 
> NEW tcp dpt:ssh
> REJECT     all  --  anywhere             anywhere 
> reject-with icmp-host-prohibited
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> REJECT     all  --  anywhere             anywhere 
> reject-with icmp-host-prohibited
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> 
> Which means to me that the INPUT chain will ACCEPT all protocols from 
> anywhere to anywhere.

I suspect there's something that is not being shown there. Try:

# iptables -vnL

(and if pasting it, to post here, try to avoid line-wrapping if possible).

> But no, iptables -I INPUT 1 -p udp --dport 4569 -j ACCEPT solves the 
> problem and asterisk now registers my device.
> 
> Now I have to find a way to make it persistent across reboots.

If your system is RH or CentOS-like, you can do:

# service iptables save

That creates the file /etc/sysconfig/iptables, which is loaded on boot.

Cheers
Tony
-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org

More information about the asterisk-users mailing list