craigw
Jr. Member
Offline
Posts: 1
|
|
« on: Friday 05 November 2010, 08:08:55 am » |
|
I upgraded yesterday. Everything seemed OK until my got home from work. He sent me an e-mail saying his phone was not registering to the server.
I logged into my Asterisk PBX and ran tcpdump. I saw no packets from his IP getting to the server. Then I connected to the EFW console and ran tcpdump. This is what I see. It's sending him back a icmp 556 "udp port sip unreachable for IP" 173.x.y.z is remote phone at . 70.x.y.z is my public address
10:40:22.990937 IP (tos 0xc0, ttl 237, id 8192, offset 0, flags [none], proto 17, length: 652) 173.x.y.z.sip > 70.x.y.z.sip: UDP, length 624 10:40:22.991089 IP (tos 0xc0, ttl 64, id 35035, offset 0, flags [none], proto 1, length: 576) 70.x.y.z > 173.x.y.z: icmp 556: 70.x.y.z udp port sip unreachable for IP (tos 0xc0, ttl 237, id 8192, offset 0, flags [none], proto 17, length: 652) 173.x.y.z.sip > 70.x.y.z.sip: UDP, length 624
Here are the SIP rules from the fw -A INPUTFW -i br0 -p udp -m udp --dport 5060 -j ACCEPT -A INPUTFW -i ppp0 -p udp -m udp --dport 5060 -j ACCEPT -A PORTFWACCESS -d 192.168.0.100/32 -p udp -m udp --dport 5060 -j NFLOG --nflog-prefix "PORTFWACCESS:ALLOW:2" -A PORTFWACCESS -d 192.168.0.100/32 -p udp -m udp --dport 5060 -j ALLOW -A PORTFW -d 70.x.y.z/32 -p udp -m udp --dport 5060 -j DNAT --to-destination 192.168.0.100:5060
Nothing else has changed that I'm aware of except the 2.4.1 upgrade. I have other remote phones (softphones, this is a Grandstream GXP-2000) that are working OK. Any ideas? It's just really weird that it's not even passing the packets through. I even added an explicit rule allowing his IP through with no restrictions, and set it to be the first rule.
I did not have SIP Proxy enable prior, so I don't think removing that would have broke the connection.
Thanks, Craig
|