Problem connecting to 4569/UDP

Home » Asterisk Users » Problem connecting to 4569/UDP
Asterisk Users 3 Comments

Hi.

Im trying to connect 2 asterisk servers between linux firewalls (iptables).

Im using exactly the same iptables script in both firewall servers,
but i dont obtain the same answer in both.

this is the scenarie.

[ASTERISK-NetA]—–[FIREWALL-NetA]—–INTERNET—[FIREWALL-NetB]—-[ASTERISK-NetB]

Now i do a test on NetA

root@FIREWAL-NetA# nmap -sU -sV -p4569 public.ip.net.B

Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-03 12:17 GMT
Interesting ports on public.ip.net.B (5.6.7.8):
PORT STATE SERVICE VERSION
4569/udp open iax2

All fine. Now i test the NetB

root@FIREWAL-NetB# nmap -sU -sV -p4569 public.ip.net.A

Starting Nmap 5.00 ( http://nmap.org ) at 2012-01-03 12:24 GMT
Interesting ports on public.ip.net.A (1.2.3.4):
PORT STATE SERVICE VERSION
4569/udp open iax2

Fine too. But when i do a ping test to the udp port, the answer is
not the same:

root@FIREWAL-NetA# hping3 public.ip.net.B –udp -V -p 4569
using eth0, addr: 1.2.3.4, MTU: 1500
HPING public.ip.net.B (eth0 1.2.3.4): udp mode set, 28 headers + 0 data bytes
len=46 ip=5.6.7.8 ttl=57 id=60657 tos=18 iplen=40 seq=0 rtt=0.0 ms
len=46 ip=5.6.7.8 ttl=57 id=60658 tos=18 iplen=40 seq=0 rtt=0.0 ms
len=46 ip=5.6.7.8 ttl=57 id=60659 tos=18 iplen=40 seq=0 rtt=0.0 ms
^C

3 thoughts on - Problem connecting to 4569/UDP

  • iptables -L -n | grep icmp gives you the same on both machines?

    Is it possible that the other public IP is behind a “main” firewall,
    provided by your ISP? I know our hosting provider has this. They filter all
    traffic through their main router, and after that locally with iptables.

  • El día 6 de enero de 2012 06:00, Roland escribió:

    Yes.

    ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0

    the ISP say to dont have any firewall. And the port is displayed opened.

    PORT STATE SERVICE VERSION
    4569/udp open iax2

    What another test can i do to obtain any clue about the connection problem?

    thanks in advance

  • I “found” this on another post and “cleaned it up” – might help
    #!/usr/local/bin/perl
    use strict;
    use IO::Socket;

    my $target = shift; #”192.168.0.255″;
    my $target_port = 4569;

    socket(PING, PF_INET, SOCK_DGRAM, getprotobyname(“udp”));

    # Build Packet …
    # Names from ethereal filter of registration packet

    my $src_call = “8000”; #8000 most siginificant bit is IAX packet type full
    … r
    equired for a poke etc…
    my $dst_call = “0000”;
    my $timestamp = “00000000”;
    my $outbound_seq = “00”;
    my $inbound_seq = “00”;
    my $type = “06”; #IAX_Control
    my $iax_type = “1e”; #POKE
    my $msg = pack “H24”, $src_call . $dst_call . $timestamp . $outbound_seq .
    $inbo
    und_seq . $type . $iax_type;

    # Send UDP packet

    my $ipaddr = inet_aton($target);
    my $sendto = sockaddr_in($target_port,$ipaddr);

    send(PING, $msg, 0, $sendto) == length($msg) or die “cannot send to $target
    : $t
    arget_port : $!n”;

    # Listen for responses… listen for TIMEOUT seconds and report all
    responders
    (works for broadcast pings)

    my $MAXLEN = 1024;
    my $TIMEOUT = 5;

    eval {
    local $SIG{ALRM} = sub { die “alarm time out”; };
    alarm $TIMEOUT;
    while (1) {
    my $recvfrom = recv(PING, $msg, $MAXLEN, 0) or die “recv: $!”;
    my ($port, $ipaddr) = sockaddr_in($recvfrom);
    my $respaddr = inet_ntoa($ipaddr);
    print “Response from $respaddr : $portn”;
    exit;
    }
    };
    print “timed out $targetn”;