I am becoming more convinced that this is a nat issue, since I have
installed Asterisk on the firewall itself, and it seems to run normally
with no issues when restarting. The feedback from the Asterisk peer
support site was that: Asterisk is sending OPTIONs, but the peer is not
replying, or the request or replies are getting lost, in the network.
Possibly an automatic NAT or firewall rule has timed out. There is no
evidence of anything wrong with Asterisk.
Is there anyway to specify the UDP connection timeout?
Regards
Ian
Le 18/06/2017 à 21:04, Ian Jones a écrit :
Hello. I have installed shorewall as a nat router for my Asterisk PBX
on Debian 8.8 from the Debian package.
shorewall version
4.6.4.3
(I have replaced my public IP address with xx):
ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth-intern: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP group default qlen 1000
link/ether 4c:cc:6a:24:8f:be brd ff:ff:ff:ff:ff:ff
inet 192.168.71.30/24 brd 192.168.71.255 scope global eth-intern
valid_lft forever preferred_lft forever
inet6 fe80::4ecc:6aff:fe24:8fbe/64 scope link
valid_lft forever preferred_lft forever
3: eth-ext1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
group default qlen 1000
link/ether 00:26:55:d4:a5:f4 brd ff:ff:ff:ff:ff:ff
4: eth-ext0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc prio
state UP group default qlen 1000
link/ether 00:26:55:d4:a5:f5 brd ff:ff:ff:ff:ff:ff
inet xx.xx.xx.xx/29 brd xx.xx.xx.xx scope global eth-ext0
valid_lft forever preferred_lft forever
inet6 ::xxx:xxx:xxx:xxx/64 scope global mngtmpaddr dynamic
valid_lft 3598sec preferred_lft 3598sec
inet6 xxx::xxx:xxx:xxx:xxx/64 scope link
valid_lft forever preferred_lft forever
ip route show
default via xx.xx.xx.xx dev eth-ext0
10.0.0.0/8 via 192.168.71.6 dev eth-intern
xx.xx.xx.xx/29 dev eth-ext0 proto kernel scope link src xx.xx.xx.xx
192.168.71.0/24 dev eth-intern proto kernel scope link src
192.168.71.30
Shorewall is running on 192.168.71.30, and Asterisk on 192.168.71.8.
So, in rules I have:
# sip
SIP(DNAT) net loc:192.168.71.8:5060 udp 5060
SIP(DNAT) net loc:192.168.71.8:5060 tcp 5060
# rtp
DNAT net loc:192.168.71.8:10000-10020 udp 10000:10020
# stun
DNAT net loc:192.168.71.8:3478 udp 3478
# iax2
DNAT net loc:192.168.71.8:4569 udp 4569
This all works fine - for a few hours! Then all the external Asterisk
peers become unreachable and remain so. I can also reproduce the
problem by restarting Asterisk, or by reloading sip.conf. I can remedy
the problem by stopping the external interface for a couple of
minutes, then restarting it. The Asterisk peers become reachable again
and all is well, for a few hours.
There is no problem with IAX, the IAX peers remain reachable.
I also have a Cisco DSL router, and when I route all the Asterisk
traffic through that, it works fine and everything is very stable with
the same Asterisk configuration, so it seems to be a problem with the
shorewall router. I have tried turning off the sip helper by setting
AUTOHELPERS=No and DONT_LOAD=nf_nat_sip,nf_conntrack_sip, but that
didn't help.
Any help appreciated!
Regards,
Ian
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
