AMI Not Listening On Secondary IP Address?

Home » Asterisk Users » AMI Not Listening On Secondary IP Address?
Asterisk Users 2 Comments

Hi.

I have three servers running corosync and pacemaker, to maintain a floating address between them. This is working fine, and I can, for example, SSH to the floating address and get to whichever server has the address at the time.

I am trying to connect to the same server (using the same address) for AMI, and it just isn’t working, even though I can connect to the primary address of the machine, and I have AMI configured to listen on all interfaces / addresses.

Here’s my setup (I’m only talking about the single machine which owns the floating address at the moment here; the other two don’t matter for this discussion):

# ip address list
(output abbreviated for clarity, and real IPs mildly obscured)

eth0: mtu 1500 qdisc pfifo_fast state UP
group default qlen 1000
link/ether fe:ff:00:00:8b:9c brd ff:ff:ff:ff:ff:ff
inet 289.216.64.218/28 brd 289.216.64.223 scope global eth0
valid_lft forever preferred_lft forever
inet 289.216.64.221/28 brd 289.216.64.223 scope global secondary eth0
valid_lft forever preferred_lft forever

# cat /etc/asterisk/manager.conf

[general]
enabled = yes port = 5038
bindaddr = 0.0.0.0

# netstat -lptn

Proto Local Address Foreign Address State PID/Program name
tcp 0.0.0.0:5038 0.0.0.0:* LISTEN 29490/asterisk

So, it all looks like Asterisk is listening on port 5038 for connections from anywhere, to any local address.

But (all the tests below are carried out *from* the same machine I’m trying to connect to, just to eliminate external networking problems as the cause, but if I do the same thing from a remote machine, I get the same results):

# telnet localhost 5038
Trying 127.0.0.1… Connected to localhost.localdomain. Escape character is ‘^]’. Asterisk Call Manager/2.9.0

# telnet 289.216.64.218 5038
Trying 289.216.64.218… Connected to 289.216.64.218. Escape character is ‘^]’. Asterisk Call Manager/2.9.0

# telnet 289.216.64.221 5038
Trying 289.216.64.221… telnet: Unable to connect to remote host: Connection refused

No, it’s not a firewall problem; I’ve currently allowed connections to 5038
from anywhere, in order to debug this problem.

Just to prove that the secondary address does work:

# ssh 289.216.64.221
The authenticity of host ‘289.216.64.221 (289.216.64.221)’ can’t be established. ECDSA key fingerprint is SHA256:1R0SmFqRn5Jukh3GxvXq8/7bvsPq1MPvdGw6GXfUngs. Are you sure you want to continue connecting (yes/no)?

Anyone got any ideas?

Antony.


“Remember: the S in IoT stands for Security.”

– Jan-Piet Mens

Please reply to the list;
please *don’t* CC me.

2 thoughts on - AMI Not Listening On Secondary IP Address?

  • Antony,

    Do you have any deny/permit section in the manager.conf that would need to be adjusted?

    Doug

  • No, and since I posted this, I’ve found the problem.

    netstat -lptn shows me that Asterisk is listening on port 5038

    What it doesn’t tell me is that I have ipvs (ldirectord) listening on port
    5038 and forwarding connections on to back-end servers.

    If I change Asterisk’s manager.conf to listen on port 5039, I can connect to every address I expect to.

    Sorry for the unnecessary question about a rather complex setup…

    Regards,

    Antony.


    A user interface is like a joke. If you have to explain it, it means it doesn’t work.

    Please reply to the list;
    please *don’t* CC me.