Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 31 October 2024, 08:31:00 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  2.4.1 Upgrade - 1 remote SIP client doesn't work now
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: 2.4.1 Upgrade - 1 remote SIP client doesn't work now  (Read 7910 times)
craigw
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 05 November 2010, 08:08:55 am »

I upgraded yesterday. Everything seemed OK until my  got home from work. He sent me an e-mail saying his phone was not registering to the server.

I logged into my Asterisk PBX and ran tcpdump. I saw no packets from his IP getting to the server. Then I connected to the EFW console and ran tcpdump. This is what I see. It's sending him back a icmp 556 "udp port sip unreachable for IP"
173.x.y.z is remote phone at .
70.x.y.z is my public address

10:40:22.990937 IP (tos 0xc0, ttl 237, id 8192, offset 0, flags [none], proto 17, length: 652) 173.x.y.z.sip > 70.x.y.z.sip: UDP, length 624
10:40:22.991089 IP (tos 0xc0, ttl  64, id 35035, offset 0, flags [none], proto 1, length: 576) 70.x.y.z > 173.x.y.z: icmp 556: 70.x.y.z udp port sip unreachable for IP (tos 0xc0, ttl 237, id 8192, offset 0, flags [none], proto 17, length: 652) 173.x.y.z.sip > 70.x.y.z.sip: UDP, length 624

Here are the SIP rules from the fw
-A INPUTFW -i br0 -p udp -m udp --dport 5060 -j ACCEPT
-A INPUTFW -i ppp0 -p udp -m udp --dport 5060 -j ACCEPT
-A PORTFWACCESS -d 192.168.0.100/32 -p udp -m udp --dport 5060 -j NFLOG --nflog-prefix "PORTFWACCESS:ALLOW:2"
-A PORTFWACCESS -d 192.168.0.100/32 -p udp -m udp --dport 5060 -j ALLOW
-A PORTFW -d 70.x.y.z/32 -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.0.100:5060

Nothing else has changed that I'm aware of except the 2.4.1 upgrade. I have other remote phones (softphones, this is a Grandstream GXP-2000) that are working OK. Any ideas?  It's just really weird that it's not even passing the packets through. I even added an explicit rule allowing his IP through with no restrictions, and set it to be the first rule.

I did not have SIP Proxy enable prior, so I don't think removing that would have broke the connection.

Thanks,
Craig
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com