Re: [Shorewall-users] Asterisk/SIP stops working...

Tue, 20 Jun 2017 00:23:17 -0700 

Am 18.06.2017 um 21:04 schrieb Ian Jones:
Shorewall is running on 192.168.71.30, and Asterisk on 192.168.71.8. So, in rules I have: 

# sip
SIP(DNAT)       net             loc:192.168.71.8:5060   udp 5060
SIP(DNAT)       net             loc:192.168.71.8:5060   tcp 5060
# rtp
DNAT    net             loc:192.168.71.8:10000-10020    udp 10000:10020
# stun
DNAT    net             loc:192.168.71.8:3478   udp     3478
# iax2
DNAT    net             loc:192.168.71.8:4569   udp     4569


This all works fine - for a few hours! Then all the external Asterisk 
peers become unreachable and remain so. I can also reproduce the 
problem by restarting Asterisk, or by reloading sip.conf. I can remedy 
the problem by stopping the external interface for a couple of 
minutes, then restarting it. The Asterisk peers become reachable again 
and all is well, for a few hours.


There is no problem with IAX, the IAX peers remain reachable.


I also have a Cisco DSL router, and when I route all the Asterisk 
traffic through that, it works fine and everything is very stable with 
the same Asterisk configuration, so it seems to be a problem with the 
shorewall router. I have tried turning off the sip helper by setting 
AUTOHELPERS=No and DONT_LOAD=nf_nat_sip,nf_conntrack_sip, but that 
didn't help.




Hello Ian,


I'd suggest to make packet traces, e.g. with tcpdump and to check which 
packets and when do not get replied.
Check if the packets originating from the PBX are actually seen on the 
router and actually do leave the router.

Check if any reply packets actually do reach the router.

I have just
DNAT    net    pbx:$PBXIP    udp    5060
DNAT    net    pbx:$PBXIP    udp    10000:10999

or
ACCEPT    net:$SIPPROVIDER  pbx
DNAT-   net    $PBXIP    udp    5060
DNAT    net    pbx:$PBXIP    udp    10000:10999



You're writing that upon the start it works for few hours, but if you 
just restart Asterisk (Even after just a minute or two? Without any 
change on the router?), you can reproduce the problem. Is that correct?



I've been investigating a similar problem and it turned out that the 
problem was the internet providers modem, which would start blocking UDP 
traffic (but not TCP!) fo no apparent reason, perhaps after a distinct 
amount of traffic passed through it. You can imagine...


Good luck,
Zrin


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users























					Reply via email to