[asterisk-users] AMI not listening on secondary IP address?

Tue Oct 23 05:40:30 CDT 2018

Hi.

I have three servers running corosync and pacemaker, to maintain a floating 
address between them.  This is working fine, and I can, for example, SSH to the 
floating address and get to whichever server has the address at the time.

I am trying to connect to the same server (using the same address) for AMI, 
and it just isn't working, even though I can connect to the primary address of 
the machine, and I have AMI configured to listen on all interfaces / addresses.

Here's my setup (I'm only talking about the single machine which owns the 
floating address at the moment here; the other two don't matter for this 
discussion):

# ip address list
(output abbreviated for clarity, and real IPs mildly obscured)

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
    link/ether fe:ff:00:00:8b:9c brd ff:ff:ff:ff:ff:ff
    inet 289.216.64.218/28 brd 289.216.64.223 scope global eth0
       valid_lft forever preferred_lft forever
    inet 289.216.64.221/28 brd 289.216.64.223 scope global secondary eth0
       valid_lft forever preferred_lft forever

# cat /etc/asterisk/manager.conf

[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0

# netstat -lptn

Proto Local Address       Foreign Address       State       PID/Program name    
tcp   0.0.0.0:5038        0.0.0.0:*             LISTEN      29490/asterisk      

So, it all looks like Asterisk is listening on port 5038 for connections from 
anywhere, to any local address.

But (all the tests below are carried out *from* the same machine I'm trying to 
connect to, just to eliminate external networking problems as the cause, but 
if I do the same thing from a remote machine, I get the same results):

# telnet localhost 5038
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Asterisk Call Manager/2.9.0

# telnet 289.216.64.218 5038
Trying 289.216.64.218...
Connected to 289.216.64.218.
Escape character is '^]'.
Asterisk Call Manager/2.9.0

# telnet 289.216.64.221 5038
Trying 289.216.64.221...
telnet: Unable to connect to remote host: Connection refused

No, it's not a firewall problem; I've currently allowed connections to 5038 
from anywhere, in order to debug this problem.

Just to prove that the secondary address does work:

# ssh 289.216.64.221
The authenticity of host '289.216.64.221 (289.216.64.221)' can't be 
established.
ECDSA key fingerprint is SHA256:1R0SmFqRn5Jukh3GxvXq8/7bvsPq1MPvdGw6GXfUngs.
Are you sure you want to continue connecting (yes/no)?

Anyone got any ideas?

Antony.

-- 
"Remember: the S in IoT stands for Security."

 - Jan-Piet Mens

                                                   Please reply to the list;
                                                         please *don't* CC me.