Recently I had to change the port Asterisk listens to
(non-standard, to hide from bruteforce attacks), but at the same time I
wanted to not break the system for all current users. So I needed some
way to listen to two ports for some time.
I did some research in the
Internet and found the only one solution – via iptables REDIRECT
some reason it was not working for me, and I found many discussions
saying that lots of people can’t get it working either.
statistics for rule say that there are packets processed by the rule,
they did not reach the Asterisk. Moreover, the statistic is kind of
strange – only 8 packets per hour… is way too few for system with 100
active users, I guess.
AND here starts the strange thing. Despite
statistics saying that so few packets are redirected to the new port,
almost all peers went up – with the new port.
Then i get to tcpdump…
And I see some weird stuff:
(A.A.A.A is client and B.B.B.B is
14:41:38.506577 IP A.A.A.A.53082 > B.B.B.B.11111: UDP,
14:41:38.506806 IP B.B.B.B > A.A.A.A: ICMP B.B.B.B udp port
11111 unreachable, length 548
Here ^^, some client trying to access
the old port, and getting Port Unreachable reply. But here:
14:41:49.396724 IP A.A.A.A.65027 > B.B.B.B.11111: UDP, length
14:41:49.397742 IP B.B.B.B.11111 > A.A.A.A.65027: UDP, length
14:41:49.397819 IP B.B.B.B.11111 > A.A.A.A.65027: UDP, length 560
some other client accessing the very same port, and Asterisk accepts
request! Despite having another port in sip.conf, and netstat showing
that no process is listening to the 11111 port.
tcpdump’ing with port
filter shows that Asterisk has lots of active conversations on both
ports – the old one and the new one.
Would you kindly share some holy
wisdom and explain me how can Asterisk listen to both ports
simultaneously, despite all configs?
And, sorry for long post.
Couldn’t make it shorter.