Hi.
I have three servers running corosync and pacemaker, to maintain a floating
address between them. This is working fine, and I can, for example, SSH to the
floating address and get to whichever server has the address at the time.
I am trying to connect to the same server (using the same address) for AMI,
and it just isn't working, even though I can connect to the primary address of
the machine, and I have AMI configured to listen on all interfaces / addresses.
Here's my setup (I'm only talking about the single machine which owns the
floating address at the moment here; the other two don't matter for this
discussion):
# ip address list
(output abbreviated for clarity, and real IPs mildly obscured)
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether fe:ff:00:00:8b:9c brd ff:ff:ff:ff:ff:ff
inet 289.216.64.218/28 brd 289.216.64.223 scope global eth0
valid_lft forever preferred_lft forever
inet 289.216.64.221/28 brd 289.216.64.223 scope global secondary eth0
valid_lft forever preferred_lft forever
# cat /etc/asterisk/manager.conf
[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0
# netstat -lptn
Proto Local Address Foreign Address State PID/Program name
tcp 0.0.0.0:5038 0.0.0.0:* LISTEN 29490/asterisk
So, it all looks like Asterisk is listening on port 5038 for connections from
anywhere, to any local address.
But (all the tests below are carried out *from* the same machine I'm trying to
connect to, just to eliminate external networking problems as the cause, but
if I do the same thing from a remote machine, I get the same results):
# telnet localhost 5038
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Asterisk Call Manager/2.9.0
# telnet 289.216.64.218 5038
Trying 289.216.64.218...
Connected to 289.216.64.218.
Escape character is '^]'.
Asterisk Call Manager/2.9.0
# telnet 289.216.64.221 5038
Trying 289.216.64.221...
telnet: Unable to connect to remote host: Connection refused
No, it's not a firewall problem; I've currently allowed connections to 5038
from anywhere, in order to debug this problem.
Just to prove that the secondary address does work:
# ssh 289.216.64.221
The authenticity of host '289.216.64.221 (289.216.64.221)' can't be
established.
ECDSA key fingerprint is SHA256:1R0SmFqRn5Jukh3GxvXq8/7bvsPq1MPvdGw6GXfUngs.
Are you sure you want to continue connecting (yes/no)?
Anyone got any ideas?
Antony.
--
"Remember: the S in IoT stands for Security."
- Jan-Piet Mens
Please reply to the list;
please *don't* CC me.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Astricon is coming up October 9-11! Signup is available at:
https://www.asterisk.org/community/astricon-user-conference
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
