Hi, Looking at output of iptables, i can see that 5061 is open, but for udp. Is it possible that someone put the wrong protocol there?
-A INPUT -s 192.168.0.46/32 -i eth0 -j ACCEPT -A INPUT -s 192.168.0.47/32 -i eth0 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 50000:50050 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 30000:31000 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 5060 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 5061 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 5060 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 69 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of George Niculae Sent: Tuesday, September 25, 2012 10:08 AM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] TLS port problem On Tue, Sep 25, 2012 at 11:04 AM, darthzejdr <[email protected]> wrote: > Hi, > > > > I am testing TLS with SipX and have the following problem: > > > > SipX server is not listening on port 5061. I have to manualy open port > in iptables for it to start working. Is there any way i can open the > port from web console? The problem is that the rule gets overwritten > at some point(either time or when i added second server to cluster) > and i have to add it again. > > > > I've ran /etc/init.d/iptables save, and the rule stays there after > reboot, but i think sipx overwrites it when it changes iptables. > > > > Is there any way to open tcp 5061 from web interface? > > > > > > Log of all actions: > > Default install from iso, set network and domain. > > All tests done using Bria, 3 extensions, calls to eachother, 2 min > call length > > > > Basic calls > > Started sip registrar and sip proxy(automaticaly) on server 1 > > Extensions register with domain and all tested calls work > > > > downloaded root certificate and installed it in "Trusted Root > Certification Authorities" on local computer > > Changed transport to TLS, Bria won't register. > > Trying to telnet to port 5060 - connects > > Trying to telnet to port 5061 - doesn't connect > > > > iptables -A INPUT -p tcp -m tcp --dport 5061 -j ACCEPT > > /etc/init.d/iptables save > > > > After setting that TLS works, and all tested calls work > > > > added server2 in system servers > > installed and added server to cluster > > > > TLS doesn't work, rule missing from iptables(checked next day, since > after adding server to cluster stopped work) > Hi Ivan, thanks for testing / getting back! I am going to commit a fix for port 5061 to be configurable from admin UI (and to be preserved when config changes) Regards George _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
