iptables -L -n | grep icmp gives you the same on both machines?<div><br></div><div>Is it possible that the other public IP is behind a "main" firewall, provided by your ISP? I know our hosting provider has this. They filter all traffic through their main router, and after that locally with iptables.<br>
<br><div class="gmail_quote">On Tue, Jan 3, 2012 at 6:53 PM, kazabe <span dir="ltr"><<a href="mailto:kazabe@gmail.com">kazabe@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi.<br>
<br>
Im trying to connect 2 asterisk servers between linux firewalls (iptables).<br>
<br>
Im using exactly the same iptables script in both firewall servers,<br>
but i dont obtain the same answer in both.<br>
<br>
this is the scenarie.<br>
<br>
[ASTERISK-NetA]-----[FIREWALL-NetA]-----INTERNET---[FIREWALL-NetB]----[ASTERISK-NetB]<br>
<br>
Now i do a test on NetA<br>
<br>
<Test on net A><br>
<br>
root@FIREWAL-NetA# nmap -sU -sV -p4569 public.ip.net.B<br>
<br>
Starting Nmap 5.00 ( <a href="http://nmap.org" target="_blank">http://nmap.org</a> ) at <a href="tel:2012-01-03%2012" value="+12012010312">2012-01-03 12</a>:17 GMT<br>
Interesting ports on public.ip.net.B (5.6.7.8):<br>
PORT STATE SERVICE VERSION<br>
4569/udp open iax2<br>
<br>
</Test on net A><br>
<br>
All fine. Now i test the NetB<br>
<br>
<Test in net B><br>
<br>
root@FIREWAL-NetB# nmap -sU -sV -p4569 public.ip.net.A<br>
<br>
Starting Nmap 5.00 ( <a href="http://nmap.org" target="_blank">http://nmap.org</a> ) at <a href="tel:2012-01-03%2012" value="+12012010312">2012-01-03 12</a>:24 GMT<br>
Interesting ports on public.ip.net.A (1.2.3.4):<br>
PORT STATE SERVICE VERSION<br>
4569/udp open iax2<br>
<br>
</Test in net B><br>
<br>
Fine too. But when i do a ping test to the udp port, the answer is<br>
not the same:<br>
<br>
<Ping From A><br>
root@FIREWAL-NetA# hping3 public.ip.net.B --udp -V -p 4569<br>
using eth0, addr: 1.2.3.4, MTU: 1500<br>
HPING public.ip.net.B (eth0 1.2.3.4): udp mode set, 28 headers + 0 data bytes<br>
len=46 ip=5.6.7.8 ttl=57 id=60657 tos=18 iplen=40 seq=0 rtt=0.0 ms<br>
len=46 ip=5.6.7.8 ttl=57 id=60658 tos=18 iplen=40 seq=0 rtt=0.0 ms<br>
len=46 ip=5.6.7.8 ttl=57 id=60659 tos=18 iplen=40 seq=0 rtt=0.0 ms<br>
^C<br>
--- public.ip.net.B hping statistic ---<br>
19 packets transmitted, 3 packets received, 85% packet loss<br>
round-trip min/avg/max = 0.0/0.0/0.0 ms<br>
<br>
</Ping From A><br>
<br>
Ping From A work Fine; but Ping from B obtain a "Port Unreachable"<br>
<br>
<Ping From B><br>
root@FIREWAL-NetB# hping3 public.ip.net.A --udp -V -p 4569<br>
using eth0, addr: 5.6.7.8, MTU: 1500<br>
ICMP Port Unreachable from ip=1.2.3.4 name=UNKNOWN<br>
ICMP Port Unreachable from ip=1.2.3.4 name=UNKNOWN<br>
ICMP Port Unreachable from ip=1.2.3.4 name=UNKNOWN<br>
ICMP Port Unreachable from ip=1.2.3.4 name=UNKNOWN<br>
^C<br>
--- 1.2.3.4 hping statistic ---<br>
31 packets transmitted, 4 packets received, 88% packet loss<br>
round-trip min/avg/max = 0.0/0.0/0.0 ms<br>
<br>
</Ping From B><br>
<br>
So both Asterisk servers cant be connected.<br>
<br>
What can i check? i dont understand why if use the same rules, the<br>
answer is different.<br>
<br>
Thanks in advance for your help.<br>
<font color="#888888"><br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</font></blockquote></div><br></div>