In article <[email protected]>, Sean Darcy <[email protected]> wrote: > On 09/07/2013 10:33 AM, Tony Mountifield wrote: > > In article <[email protected]>, > > Sean Darcy <[email protected]> wrote: > >> On 09/06/2013 07:08 PM, Steve Edwards wrote: > >>> On Fri, 6 Sep 2013, Sean Darcy wrote: > >>> > >>>> I'm not sure asterisk is even listening for the packets: > >>>> > >>>> [root@asterisk ~]# netstat -apnt | grep 4569 > >>>> [root@asterisk ~]# > >>> > >>> '-t' meand TCP. IAX is UDP. > >>> > >> > >> My bad: > >> > >> netstat -apnu | grep 4569 > >> udp 0 0 0.0.0.0:4569 0.0.0.0:* > >> 3176/asterisk > >> > >> But why isn't asterisk seeing/acting upon the registration request? > >> Wireshark finds the packet to 4569, so it's not a firewall problem. > > > > Are you sure about that? I have found in the past that tcpdump sees inbound > > packets before they get to the iptables filter. > > > > What happens if you do: > > iptables -I INPUT 1 -p udp --dport 4569 -j ACCEPT > > > > Cheers > > Tony > > > > Wow! Look: > > iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywhere ctstate > RELATED,ESTABLISHED > ACCEPT icmp -- anywhere anywhere > ACCEPT all -- anywhere anywhere > ACCEPT tcp -- anywhere anywhere ctstate > NEW tcp dpt:ssh > REJECT all -- anywhere anywhere > reject-with icmp-host-prohibited > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > REJECT all -- anywhere anywhere > reject-with icmp-host-prohibited > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > > Which means to me that the INPUT chain will ACCEPT all protocols from > anywhere to anywhere.
I suspect there's something that is not being shown there. Try: # iptables -vnL (and if pasting it, to post here, try to avoid line-wrapping if possible). > But no, iptables -I INPUT 1 -p udp --dport 4569 -j ACCEPT solves the > problem and asterisk now registers my device. > > Now I have to find a way to make it persistent across reboots. If your system is RH or CentOS-like, you can do: # service iptables save That creates the file /etc/sysconfig/iptables, which is loaded on boot. Cheers Tony -- Tony Mountifield Work: [email protected] - http://www.softins.co.uk Play: [email protected] - http://tony.mountifield.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
