Solved

SIP Traffic being blocked

Posted on 2013-12-16
12
468 Views
Last Modified: 2013-12-29
I have a Linux firewall (debian) and recently we setup new phones from Vocalocity.   When connecting the new phones they would not authenticate using SIP and after investigating we found out that with the phones using an outbound port of 5062,5063,5064 there would be no reply.  As soon as we changed the phones to 5073,5074, or 5075 they would work fine.  The port that the phones communicate with Vocalocity is port 5060 and that works fine when the phone uses port 5073, 5074 or 5075.  

My first thought was there was something blocking those ports in iptables.  But there was nothing in iptables blocking at all.  Further increased logging showed traffic going out but nothing was ever received back.  As soon as the port was changed to 5073, 5074 or 5075 there traffic was replied to successfully.

Previously I had tried to install asterisk to see how it would work so my thought is there is something related to that which is interfering with communication.  I have another office with the exact same setup that has no issues so I am confident this is the case.  I have checked to make sure all of the asterisk files have been purged and there is nothing listening on the blocked ports at all.  I even did an apt-get install asterisk on the system working correctly so I could purge all the packages it installed along with asterisk itself.
0
Comment
Question by:bdhtechnology
  • 6
  • 5
12 Comments
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39722474
Is anything listening on 5062-4? (Use lsof -i run as root to check this). Please also run
{ set -x;for i in filter nat mangle raw;do iptables -t $i -n -v --line-numbers -L;done;set +x; } 2>&1|tee iptables.txt

Open in new window

and post iptables.txt
0
 
LVL 1

Author Comment

by:bdhtechnology
ID: 39722496
Nothing shows up from lsof

+ for i in filter nat mangle raw
+ iptables -t filter -n -v --line-numbers -L
Chain INPUT (policy DROP 269 packets, 26251 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 DROP       all  --  *      *       46.249.57.79         0.0.0.0/0
2        0     0 DROP       all  --  *      *       91.121.86.29         0.0.0.0/0
3        0     0 DROP       all  --  *      *       72.26.219.150        0.0.0.0/0
4     544K  550M ACCEPT     all  --  *      *       10.233.0.0/24        0.0.0.0/0
5     4196  312K ACCEPT     all  --  *      *       x.x.x.153        0.0.0.0/0
6    50394   15M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
7        0     0 ACCEPT     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0
8     222K  199M ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
9        0     0 ACCEPT     all  --  eth1   *       10.233.0.0/24        10.233.0.0/24
10       0     0 ACCEPT     all  --  eth1   *       10.233.0.0/24        x.x.x.152/29
11     123 25724 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
12       0     0 ACCEPT     47   --  *      *       0.0.0.0/0            0.0.0.0/0
13       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:20
14       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:21
15    5334  295K ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:25
16   10377  729K ACCEPT     udp  --  *      *       0.0.0.0/0            x.x.x.153        udp dpt:53
17       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp dpt:53
18      64  3788 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:80
19       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:113
20       0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            x.x.x.153        udp spts:1024:65535 dpt:123
21       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:443
22       0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            x.x.x.153        udp dpt:500
23       0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            x.x.x.153        udp spts:1024:65535 dpt:1194
24       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:1723
25    3629  218K ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:1984
26     389 20420 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:2222
27       1    60 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:3306
28       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:8000
29       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:8181
30       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpts:9000:9050
31       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp spts:1024:65535 dpt:9390
32      35 11605 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:68 dpt:67
33       0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
34       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpts:135:139
35       0     0 DROP       udp  --  *      *      !10.233.0.0/24        x.x.x.152/29     udp dpts:135:139
36       6   296 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:445
37       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpts:1024:1035
38       0     0 DROP       udp  --  *      *      !10.233.0.0/24        x.x.x.152/29     udp dpts:1024:1035
39       6   264 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:1433
40       1    29 DROP       udp  --  *      *      !10.233.0.0/24        x.x.x.152/29     udp dpt:1434
41       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:2745
42       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:3127
43       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:3631
44       0     0 DROP       udp  --  *      *      !10.233.0.0/24        x.x.x.152/29     udp dpt:3631
45       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:3738
46       0     0 DROP       udp  --  *      *      !10.233.0.0/24        x.x.x.152/29     udp dpt:3738
47       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:3739
48       0     0 DROP       udp  --  *      *      !10.233.0.0/24        x.x.x.152/29     udp dpt:3739
49       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:5000
50       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:6129
51       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:15118
52       0     0 DROP       udp  --  *      *      !10.233.0.0/24        x.x.x.152/29     udp dpt:16470
53       0     0 DROP       tcp  --  *      *      !10.233.0.0/24        x.x.x.152/29     tcp dpt:31572
54       0     0 DROP       udp  --  *      *      !10.233.0.0/24        x.x.x.152/29     udp dpt:31572
55     269 26251 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix " ##INPUT DENY LOG## "

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     9871 1735K ACCEPT     all  --  tun+   *       0.0.0.0/0            0.0.0.0/0
2     8319 2139K ACCEPT     all  --  *      tun+    0.0.0.0/0            0.0.0.0/0
3     2722 1509K LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:5060 LOG flags 0 level 4 prefix " ##VOCALOCITY SIP I LOG## "
4     2963 2373K LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5060 LOG flags 0 level 4 prefix " ##VOCALOCITY SIP O LOG## "
5     1160  804K LOG        all  --  *      *       10.233.0.20          0.0.0.0/0            LOG flags 0 level 4 prefix " #CHAD VOIP LOG## "
6     1099  544K LOG        all  --  *      *       0.0.0.0/0            10.233.0.20          LOG flags 0 level 4 prefix " #CHAD VOIP LOG## "
7     1195  802K LOG        all  --  *      *       10.233.0.21          0.0.0.0/0            LOG flags 0 level 4 prefix " #JEREMY VOIP LOG## "
8     1119  545K LOG        all  --  *      *       0.0.0.0/0            10.233.0.21          LOG flags 0 level 4 prefix " #JEREMY VOIP LOG## "
9     9919 3169K LOG        all  --  *      *       10.233.0.22          0.0.0.0/0            LOG flags 0 level 4 prefix " #CURT VOIP LOG## "
10   13623 2995K LOG        all  --  *      *       0.0.0.0/0            10.233.0.22          LOG flags 0 level 4 prefix " #CURT VOIP LOG## "
11       0     0 ACCEPT     tcp  --  *      *       10.233.0.0/29        0.0.0.0/0            tcp dpt:25
12       6   336 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 LOG flags 0 level 4 prefix " #SMTP TRAFFIC LOG## "
13       0     0 ACCEPT     tcp  --  *      *       10.233.0.0/16        10.233.0.0/16        tcp dpt:53
14       0     0 ACCEPT     udp  --  *      *       10.233.0.0/16        10.233.0.0/16        udp dpt:53
15       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            208.67.222.222       tcp dpt:53
16       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            208.67.220.220       tcp dpt:53
17       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            4.2.2.2              tcp dpt:53
18    3640  249K ACCEPT     udp  --  *      *       0.0.0.0/0            208.67.222.222       udp dpt:53
19      53  3595 ACCEPT     udp  --  *      *       0.0.0.0/0            208.67.220.220       udp dpt:53
20     230 18142 ACCEPT     udp  --  *      *       0.0.0.0/0            4.2.2.2              udp dpt:53
21       0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 LOG flags 0 level 4 prefix " ##DNS FORWARD DROP LOG## "
22       2   114 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 LOG flags 0 level 4 prefix " ##DNS FORWARD DROP LOG## "
23       0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
24       2   114 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
25       0     0 ACCEPT     all  --  eth1   *       0.0.0.0/0            x.x.x.153        state NEW,ESTABLISHED
26       0     0 ACCEPT     all  --  eth1   *       0.0.0.0/0            x.x.x.154        state NEW,ESTABLISHED
27       0     0 ACCEPT     all  --  eth1   *       0.0.0.0/0            x.x.x.155        state NEW,ESTABLISHED
28       0     0 ACCEPT     all  --  eth1   *       0.0.0.0/0            x.x.x.156        state NEW,ESTABLISHED
29       0     0 ACCEPT     all  --  eth1   *       0.0.0.0/0            x.x.x.157        state NEW,ESTABLISHED
30       0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            10.233.0.231         tcp dpt:8150
31    900K  356M ACCEPT     all  --  eth0   eth1    0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
32     460  236K ACCEPT     all  --  *      *       0.0.0.0/0            10.233.0.0/24
33    495K   45M ACCEPT     all  --  *      *       10.233.0.0/24        0.0.0.0/0
34       0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix " ##FORWARD DENY LOG## "

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     222K  325M ACCEPT     all  --  *      *       0.0.0.0/0            10.233.0.0/24
2    50428   15M ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
3        0     0 ACCEPT     all  --  *      tun+    0.0.0.0/0            0.0.0.0/0
4     236K   58M ACCEPT     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
5        0     0 ACCEPT     all  --  *      *       x.x.x.152/29     x.x.x.152/29
6     4169  307K ACCEPT     all  --  *      *       10.233.0.0/24        0.0.0.0/0
7      182 31716 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
8    25585 1817K ACCEPT     all  --  *      *       x.x.x.153        0.0.0.0/0
9     4162  307K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:5353 dpt:5353
10       0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix " ##OUTPUT ACCEPT LOG## "
+ for i in filter nat mangle raw
+ iptables -t nat -n -v --line-numbers -L
Chain PREROUTING (policy ACCEPT 32469 packets, 2974K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            x.x.x.153        tcp dpt:8150 to:10.233.0.231
2        0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.153        tcp dpt:8150 to:10.233.0.231:8150
3        0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.153        tcp dpts:30000:30200 to:10.233.0.231:30000-30200
4        0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            x.x.x.153        udp dpts:30000:30200 to:10.233.0.231:30000-30200
5        0     0 DNAT       all  --  eth1   *       0.0.0.0/0            x.x.x.153        to:10.233.0.1
6        0     0 DNAT       all  --  eth1   *       0.0.0.0/0            x.x.x.154        to:10.233.0.2
7        0     0 DNAT       all  --  eth1   *       0.0.0.0/0            x.x.x.155        to:10.233.0.8
8        0     0 DNAT       all  --  eth1   *       0.0.0.0/0            x.x.x.156        to:10.233.0.6
9       10   621 DNAT       all  --  eth1   *       0.0.0.0/0            x.x.x.157        to:10.233.0.10
10       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.153        tcp dpt:3074 to:10.233.0.110:3074
11       0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            x.x.x.153        udp dpt:3074 to:10.233.0.110:3074
12       0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            x.x.x.153        udp dpt:88 to:10.233.0.110:88
13       3   180 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.154        tcp dpt:80 to:10.233.0.2:80
14       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.154        tcp dpt:6881 to:10.233.0.2:6881
15       0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            x.x.x.154        udp dpt:6881 to:10.233.0.2:6881
16       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.154        tcp dpt:49152 to:10.233.0.2:49152
17       0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            x.x.x.154        udp dpt:49152 to:10.233.0.2:49152
18       3   180 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.155        tcp dpt:80 to:10.233.0.8:80
19       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.155        tcp dpt:6881 to:10.233.0.8:6881
20       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.156        tcp dpt:6881 to:10.233.0.6:6881
21       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.153        tcp dpt:24814 to:10.233.0.60:24814
22       0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            x.x.x.153        udp dpt:24814 to:10.233.0.60:24814
23       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.153        tcp dpt:53146 to:10.233.0.60:53146
24       0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            x.x.x.153        udp dpt:53146 to:10.233.0.60:53146
25       1    60 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:25 to:10.233.0.10:25
26      17  1020 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:80 to:10.233.0.10:80
27       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:110 to:10.233.0.10:110
28       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:143 to:10.233.0.10:143
29     199 12688 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:443 to:10.233.0.10:443
30       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:993 to:10.233.0.10:993
31       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:995 to:10.233.0.10:995
32       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpts:6000:6004 to:10.233.0.10:6000-6004
33       0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            x.x.x.157        udp dpts:6000:6004 to:10.233.0.10:6000-6004
34       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:8000 to:10.233.0.10:8000
35       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:3443 to:10.233.0.10:3443
36       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:18180 to:10.233.0.10:18180
37       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:11100 to:10.233.0.10:11100
38       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:11099 to:10.233.0.10:11099
39       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:18083 to:10.233.0.10:18083
40       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:13873 to:10.233.0.10:13873
41       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:13843 to:10.233.0.10:13843
42       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:14457 to:10.233.0.10:14457
43       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:28083 to:10.233.0.10:28083
44       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:23843 to:10.233.0.10:23843
45       0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            x.x.x.157        tcp dpt:21099 to:10.233.0.10:21099

Chain INPUT (policy ACCEPT 20632 packets, 1432K bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 31440 packets, 2272K bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 6208 packets, 465K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 SNAT       all  --  *      eth1    0.0.0.0/0            10.233.0.1           to:x.x.x.153
2        3   180 SNAT       all  --  *      eth1    0.0.0.0/0            10.233.0.2           to:x.x.x.154
3        5   360 SNAT       all  --  *      eth1    0.0.0.0/0            10.233.0.8           to:x.x.x.155
4        0     0 SNAT       all  --  *      eth1    0.0.0.0/0            10.233.0.6           to:x.x.x.156
5     1420 98873 SNAT       all  --  *      eth1    0.0.0.0/0            10.233.0.10          to:x.x.x.157
6        0     0 SNAT       tcp  --  *      *       10.233.0.110         0.0.0.0/0            tcp spt:3074 to:x.x.x.153:3074
7        0     0 SNAT       udp  --  *      *       10.233.0.110         0.0.0.0/0            udp spt:3074 to:x.x.x.153:3074
8        0     0 SNAT       udp  --  *      *       10.233.0.110         0.0.0.0/0            udp spt:88 to:x.x.x.153:88
9     1566 84672 SNAT       all  --  *      eth0    10.233.0.2           0.0.0.0/0            to:x.x.x.154
10    1257 68128 SNAT       all  --  *      eth0    10.233.0.8           0.0.0.0/0            to:x.x.x.155
11       0     0 SNAT       all  --  *      eth0    10.233.0.6           0.0.0.0/0            to:x.x.x.156
12    3356  222K SNAT       all  --  *      eth0    10.233.0.10          0.0.0.0/0            to:x.x.x.157
13   27103 1962K SNAT       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0            to:x.x.x.153
+ for i in filter nat mangle raw
+ iptables -t mangle -n -v --line-numbers -L
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
+ for i in filter nat mangle raw
+ iptables -t raw -n -v --line-numbers -L
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
+ set +x

Open in new window

0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39722502
Please also detail your network topology. Are the phones on the same LAN segment as the server they are trying to contact?
If the phones work on ports 5073-5, can you just change them to do that?
Please clarify which ports are TCP or UDP - for now I assume that 5060 is the TCP control port and the others are UDP carrying sound
0
 
LVL 1

Author Comment

by:bdhtechnology
ID: 39722530
Vocalocity is a cloud based PBX, so they connect across the Internet.  The port on the Vocalocity side is 5060 (udp) and the phones use their own outgoing ports, which are also udp.  They default to 5062, 5063 and 5064 for the 3 phones once they reboot, which seems to be daily.  I have to go in and edit the port to change them to 5073-5 udp each morning for them to work correctly.  I have not talked to Vocalocity support to see if they can make that a permanent change, I figured there was something going on with my router setup that was causing the issues.

Incidentally the other location, which works fine, the phones use port 5060 and 5061 (udp) to connect with and have no problems.
0
 
LVL 15

Expert Comment

by:Phonebuff
ID: 39722955
Sounds like a stale state table in your Firewall left over from your Asterisk trials.  Or a custom rule someone added to the Firewall.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39723132
Since Vocalocity is a cloud based PBX, I wouldn't expect lsof to show anything. I didn't know it was cloud based.
I would still be interested to see iptables.txt from your router system.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:bdhtechnology
ID: 39723809
iptables output is listed above.  The 3 phones are at 10.233.0.20, 21 and 22 above.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39725163
Sorry, so it is. I read Nothing shows up from lsof and somehow assumed lsof output followed. I was hoping for and expecting a file attachment for iptables, but I can select and copy (a rather painful process, because the "Select All" option doesn't work when trying to paste into an xterm).
Please confirm: do all occurrences of x.x.x refer to the same network?
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39725183
I can't straight away see anything that would differentiate between e.g. 5062 & 5072. Possibly nothing at the other end receiving from 5062? A quick check would be to momentarily drop the firewall and try a 506x call. But I understand you may not find that feasible. Wouldn't help with a routing problem anyway.
Have to go now
0
 
LVL 1

Author Comment

by:bdhtechnology
ID: 39725266
Correct  x.x.x is all part of the same subnet.

This same configuration works without issues in another office, running on the exact same setup.  Port 5062, 5063 and 5064 all work just fine there.  That is why I am sure there has to be something specific to the device in question.
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 500 total points
ID: 39725874
It may still be something beyond your router. I would use tcpdump to verify whether you can see datagrams being sent on your internet-facing interface. Make sure you can see them on your telephopne-facing interface - you will see them whether or not your firewall rules drop them (tcpdump gets a look before iptables does).
Verify first that you can see everything with 5072-4
0
 
LVL 1

Author Comment

by:bdhtechnology
ID: 39745103
I switched the phones over to send traffic out over our secondary Internet connection (which is connected via a different router as well) and it has been working fine.  At some point I will try the Linux router on that connection and that will tell me if it is the router or something beyond our router that is blocking it.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Implementing Avaya's One-X portal is pretty painless, until you want to deploy this to the Android and iPhone clients when these clients are outside of your network. The clients will also work within your local network. Here is our experience and so…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now