On Sep 26, 2016, at 3:52 AM, Armin Tüting <armin.tuet...@tueting-online.com> wrote:
> On Fr, 2016-09-23 at 09:30 -0500, Lonnie Abelbeck wrote: >> On Sep 23, 2016, at 9:02 AM, Armin Tüting <armin.tueting@tueting-onli >> ne.com> wrote: >> >>> >>> Hi Group, >>>> >>>> >>>> I'm having the latest AstLinux 1.2.7 running. So far I'm >>>> experiencing >>>> no issue while connecting the phone via internal interface! >>>> >>>> I was no in need to connect my phones through the external >>>> interface >>>> with no luck! A simple ping from INT->EXT doesn't work! I've >>>> disabled >>>> the FW with no luck on success! Looking at 'route -n' indicated >>>> all >>>> metrics with 0 - changed it accordingly, but no luck either! >>>> Maybe broken switch - ping to other devces worked! >>>> >>>> What I'm doing wrong? >>> OK - I've done more investigation! By accident I've found out that >>> the >>> Arno FW is causing the issue! Disabling it - everything is >>> working! >>> >>> What changes do the Arno FW apply that implies this behavior? >> >> By default the Firewall blocks all inbound traffic to the external >> interface not associated with an outbound connection state. > After further investigation the function 'setup_kernel_settings' seems > to be the culprit of the issue. But, which sysctl is causing the > trouble here :( > Is there a setting enabled which influence the route back - aka always > use the default gateway from IFEXT? > >> If you want SIP, SSH etc. inbound, you need to add firewall rules. > I'll already have firewall rules applied for several ports... Armin, The only thing I can think of that would effect external interface routing is if the Network tab -> Failover Interface: was enabled. I presume yours is [ none ] ? Do you have the "adaptive-ban" plugin enabled ? Possibly a SIP misconfiguration is causing an upstream IP to be quickly banned ? I can't imagine the AIF function setup_kernel_settings() is causing a problem, I have four different flavors of AstLinux boxes on my lab bench with the configuration you are describing working great. Any more clues on your configuration beyond the defaults would be useful at this point, like and any user.conf entries, firewall plugins enabled, etc. . What is your hardware, if not listed here: Generic x86 Boards and Appliances, what is your hardware and NIC's ? https://doc.astlinux.org/userdoc:documentation#generic_x86_boards_and_appliances Lonnie ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
