bdhtechnology
asked on
SIP Traffic being blocked
I have a Linux firewall (debian) and recently we setup new phones from Vocalocity. When connecting the new phones they would not authenticate using SIP and after investigating we found out that with the phones using an outbound port of 5062,5063,5064 there would be no reply. As soon as we changed the phones to 5073,5074, or 5075 they would work fine. The port that the phones communicate with Vocalocity is port 5060 and that works fine when the phone uses port 5073, 5074 or 5075.
My first thought was there was something blocking those ports in iptables. But there was nothing in iptables blocking at all. Further increased logging showed traffic going out but nothing was ever received back. As soon as the port was changed to 5073, 5074 or 5075 there traffic was replied to successfully.
Previously I had tried to install asterisk to see how it would work so my thought is there is something related to that which is interfering with communication. I have another office with the exact same setup that has no issues so I am confident this is the case. I have checked to make sure all of the asterisk files have been purged and there is nothing listening on the blocked ports at all. I even did an apt-get install asterisk on the system working correctly so I could purge all the packages it installed along with asterisk itself.
My first thought was there was something blocking those ports in iptables. But there was nothing in iptables blocking at all. Further increased logging showed traffic going out but nothing was ever received back. As soon as the port was changed to 5073, 5074 or 5075 there traffic was replied to successfully.
Previously I had tried to install asterisk to see how it would work so my thought is there is something related to that which is interfering with communication. I have another office with the exact same setup that has no issues so I am confident this is the case. I have checked to make sure all of the asterisk files have been purged and there is nothing listening on the blocked ports at all. I even did an apt-get install asterisk on the system working correctly so I could purge all the packages it installed along with asterisk itself.
ASKER
Nothing shows up from lsof
+ for i in filter nat mangle raw
+ iptables -t filter -n -v --line-numbers -L
Chain INPUT (policy DROP 269 packets, 26251 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- * * 46.249.57.79 0.0.0.0/0
2 0 0 DROP all -- * * 91.121.86.29 0.0.0.0/0
3 0 0 DROP all -- * * 72.26.219.150 0.0.0.0/0
4 544K 550M ACCEPT all -- * * 10.233.0.0/24 0.0.0.0/0
5 4196 312K ACCEPT all -- * * x.x.x.153 0.0.0.0/0
6 50394 15M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
7 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
8 222K 199M ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 0 0 ACCEPT all -- eth1 * 10.233.0.0/24 10.233.0.0/24
10 0 0 ACCEPT all -- eth1 * 10.233.0.0/24 x.x.x.152/29
11 123 25724 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
12 0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
13 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:20
14 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:21
15 5334 295K ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:25
16 10377 729K ACCEPT udp -- * * 0.0.0.0/0 x.x.x.153 udp dpt:53
17 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp dpt:53
18 64 3788 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:80
19 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:113
20 0 0 ACCEPT udp -- * * 0.0.0.0/0 x.x.x.153 udp spts:1024:65535 dpt:123
21 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:443
22 0 0 ACCEPT udp -- * * 0.0.0.0/0 x.x.x.153 udp dpt:500
23 0 0 ACCEPT udp -- * * 0.0.0.0/0 x.x.x.153 udp spts:1024:65535 dpt:1194
24 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:1723
25 3629 218K ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:1984
26 389 20420 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:2222
27 1 60 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:3306
28 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:8000
29 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:8181
30 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpts:9000:9050
31 0 0 ACCEPT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp spts:1024:65535 dpt:9390
32 35 11605 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
33 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
34 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpts:135:139
35 0 0 DROP udp -- * * !10.233.0.0/24 x.x.x.152/29 udp dpts:135:139
36 6 296 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:445
37 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpts:1024:1035
38 0 0 DROP udp -- * * !10.233.0.0/24 x.x.x.152/29 udp dpts:1024:1035
39 6 264 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:1433
40 1 29 DROP udp -- * * !10.233.0.0/24 x.x.x.152/29 udp dpt:1434
41 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:2745
42 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:3127
43 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:3631
44 0 0 DROP udp -- * * !10.233.0.0/24 x.x.x.152/29 udp dpt:3631
45 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:3738
46 0 0 DROP udp -- * * !10.233.0.0/24 x.x.x.152/29 udp dpt:3738
47 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:3739
48 0 0 DROP udp -- * * !10.233.0.0/24 x.x.x.152/29 udp dpt:3739
49 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:5000
50 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:6129
51 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:15118
52 0 0 DROP udp -- * * !10.233.0.0/24 x.x.x.152/29 udp dpt:16470
53 0 0 DROP tcp -- * * !10.233.0.0/24 x.x.x.152/29 tcp dpt:31572
54 0 0 DROP udp -- * * !10.233.0.0/24 x.x.x.152/29 udp dpt:31572
55 269 26251 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix " ##INPUT DENY LOG## "
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 9871 1735K ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
2 8319 2139K ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
3 2722 1509K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:5060 LOG flags 0 level 4 prefix " ##VOCALOCITY SIP I LOG## "
4 2963 2373K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 LOG flags 0 level 4 prefix " ##VOCALOCITY SIP O LOG## "
5 1160 804K LOG all -- * * 10.233.0.20 0.0.0.0/0 LOG flags 0 level 4 prefix " #CHAD VOIP LOG## "
6 1099 544K LOG all -- * * 0.0.0.0/0 10.233.0.20 LOG flags 0 level 4 prefix " #CHAD VOIP LOG## "
7 1195 802K LOG all -- * * 10.233.0.21 0.0.0.0/0 LOG flags 0 level 4 prefix " #JEREMY VOIP LOG## "
8 1119 545K LOG all -- * * 0.0.0.0/0 10.233.0.21 LOG flags 0 level 4 prefix " #JEREMY VOIP LOG## "
9 9919 3169K LOG all -- * * 10.233.0.22 0.0.0.0/0 LOG flags 0 level 4 prefix " #CURT VOIP LOG## "
10 13623 2995K LOG all -- * * 0.0.0.0/0 10.233.0.22 LOG flags 0 level 4 prefix " #CURT VOIP LOG## "
11 0 0 ACCEPT tcp -- * * 10.233.0.0/29 0.0.0.0/0 tcp dpt:25
12 6 336 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 LOG flags 0 level 4 prefix " #SMTP TRAFFIC LOG## "
13 0 0 ACCEPT tcp -- * * 10.233.0.0/16 10.233.0.0/16 tcp dpt:53
14 0 0 ACCEPT udp -- * * 10.233.0.0/16 10.233.0.0/16 udp dpt:53
15 0 0 ACCEPT tcp -- * * 0.0.0.0/0 208.67.222.222 tcp dpt:53
16 0 0 ACCEPT tcp -- * * 0.0.0.0/0 208.67.220.220 tcp dpt:53
17 0 0 ACCEPT tcp -- * * 0.0.0.0/0 4.2.2.2 tcp dpt:53
18 3640 249K ACCEPT udp -- * * 0.0.0.0/0 208.67.222.222 udp dpt:53
19 53 3595 ACCEPT udp -- * * 0.0.0.0/0 208.67.220.220 udp dpt:53
20 230 18142 ACCEPT udp -- * * 0.0.0.0/0 4.2.2.2 udp dpt:53
21 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 LOG flags 0 level 4 prefix " ##DNS FORWARD DROP LOG## "
22 2 114 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 LOG flags 0 level 4 prefix " ##DNS FORWARD DROP LOG## "
23 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
24 2 114 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
25 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 x.x.x.153 state NEW,ESTABLISHED
26 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 x.x.x.154 state NEW,ESTABLISHED
27 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 x.x.x.155 state NEW,ESTABLISHED
28 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 x.x.x.156 state NEW,ESTABLISHED
29 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 x.x.x.157 state NEW,ESTABLISHED
30 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 10.233.0.231 tcp dpt:8150
31 900K 356M ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32 460 236K ACCEPT all -- * * 0.0.0.0/0 10.233.0.0/24
33 495K 45M ACCEPT all -- * * 10.233.0.0/24 0.0.0.0/0
34 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix " ##FORWARD DENY LOG## "
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 222K 325M ACCEPT all -- * * 0.0.0.0/0 10.233.0.0/24
2 50428 15M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
3 0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
4 236K 58M ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
5 0 0 ACCEPT all -- * * x.x.x.152/29 x.x.x.152/29
6 4169 307K ACCEPT all -- * * 10.233.0.0/24 0.0.0.0/0
7 182 31716 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
8 25585 1817K ACCEPT all -- * * x.x.x.153 0.0.0.0/0
9 4162 307K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:5353 dpt:5353
10 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix " ##OUTPUT ACCEPT LOG## "
+ for i in filter nat mangle raw
+ iptables -t nat -n -v --line-numbers -L
Chain PREROUTING (policy ACCEPT 32469 packets, 2974K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DNAT tcp -- * * 0.0.0.0/0 x.x.x.153 tcp dpt:8150 to:10.233.0.231
2 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.153 tcp dpt:8150 to:10.233.0.231:8150
3 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.153 tcp dpts:30000:30200 to:10.233.0.231:30000-30200
4 0 0 DNAT udp -- eth0 * 0.0.0.0/0 x.x.x.153 udp dpts:30000:30200 to:10.233.0.231:30000-30200
5 0 0 DNAT all -- eth1 * 0.0.0.0/0 x.x.x.153 to:10.233.0.1
6 0 0 DNAT all -- eth1 * 0.0.0.0/0 x.x.x.154 to:10.233.0.2
7 0 0 DNAT all -- eth1 * 0.0.0.0/0 x.x.x.155 to:10.233.0.8
8 0 0 DNAT all -- eth1 * 0.0.0.0/0 x.x.x.156 to:10.233.0.6
9 10 621 DNAT all -- eth1 * 0.0.0.0/0 x.x.x.157 to:10.233.0.10
10 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.153 tcp dpt:3074 to:10.233.0.110:3074
11 0 0 DNAT udp -- eth0 * 0.0.0.0/0 x.x.x.153 udp dpt:3074 to:10.233.0.110:3074
12 0 0 DNAT udp -- eth0 * 0.0.0.0/0 x.x.x.153 udp dpt:88 to:10.233.0.110:88
13 3 180 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.154 tcp dpt:80 to:10.233.0.2:80
14 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.154 tcp dpt:6881 to:10.233.0.2:6881
15 0 0 DNAT udp -- eth0 * 0.0.0.0/0 x.x.x.154 udp dpt:6881 to:10.233.0.2:6881
16 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.154 tcp dpt:49152 to:10.233.0.2:49152
17 0 0 DNAT udp -- eth0 * 0.0.0.0/0 x.x.x.154 udp dpt:49152 to:10.233.0.2:49152
18 3 180 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.155 tcp dpt:80 to:10.233.0.8:80
19 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.155 tcp dpt:6881 to:10.233.0.8:6881
20 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.156 tcp dpt:6881 to:10.233.0.6:6881
21 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.153 tcp dpt:24814 to:10.233.0.60:24814
22 0 0 DNAT udp -- eth0 * 0.0.0.0/0 x.x.x.153 udp dpt:24814 to:10.233.0.60:24814
23 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.153 tcp dpt:53146 to:10.233.0.60:53146
24 0 0 DNAT udp -- eth0 * 0.0.0.0/0 x.x.x.153 udp dpt:53146 to:10.233.0.60:53146
25 1 60 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:25 to:10.233.0.10:25
26 17 1020 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:80 to:10.233.0.10:80
27 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:110 to:10.233.0.10:110
28 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:143 to:10.233.0.10:143
29 199 12688 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:443 to:10.233.0.10:443
30 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:993 to:10.233.0.10:993
31 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:995 to:10.233.0.10:995
32 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpts:6000:6004 to:10.233.0.10:6000-6004
33 0 0 DNAT udp -- eth0 * 0.0.0.0/0 x.x.x.157 udp dpts:6000:6004 to:10.233.0.10:6000-6004
34 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:8000 to:10.233.0.10:8000
35 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:3443 to:10.233.0.10:3443
36 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:18180 to:10.233.0.10:18180
37 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:11100 to:10.233.0.10:11100
38 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:11099 to:10.233.0.10:11099
39 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:18083 to:10.233.0.10:18083
40 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:13873 to:10.233.0.10:13873
41 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:13843 to:10.233.0.10:13843
42 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:14457 to:10.233.0.10:14457
43 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:28083 to:10.233.0.10:28083
44 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:23843 to:10.233.0.10:23843
45 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 x.x.x.157 tcp dpt:21099 to:10.233.0.10:21099
Chain INPUT (policy ACCEPT 20632 packets, 1432K bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 31440 packets, 2272K bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 6208 packets, 465K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 SNAT all -- * eth1 0.0.0.0/0 10.233.0.1 to:x.x.x.153
2 3 180 SNAT all -- * eth1 0.0.0.0/0 10.233.0.2 to:x.x.x.154
3 5 360 SNAT all -- * eth1 0.0.0.0/0 10.233.0.8 to:x.x.x.155
4 0 0 SNAT all -- * eth1 0.0.0.0/0 10.233.0.6 to:x.x.x.156
5 1420 98873 SNAT all -- * eth1 0.0.0.0/0 10.233.0.10 to:x.x.x.157
6 0 0 SNAT tcp -- * * 10.233.0.110 0.0.0.0/0 tcp spt:3074 to:x.x.x.153:3074
7 0 0 SNAT udp -- * * 10.233.0.110 0.0.0.0/0 udp spt:3074 to:x.x.x.153:3074
8 0 0 SNAT udp -- * * 10.233.0.110 0.0.0.0/0 udp spt:88 to:x.x.x.153:88
9 1566 84672 SNAT all -- * eth0 10.233.0.2 0.0.0.0/0 to:x.x.x.154
10 1257 68128 SNAT all -- * eth0 10.233.0.8 0.0.0.0/0 to:x.x.x.155
11 0 0 SNAT all -- * eth0 10.233.0.6 0.0.0.0/0 to:x.x.x.156
12 3356 222K SNAT all -- * eth0 10.233.0.10 0.0.0.0/0 to:x.x.x.157
13 27103 1962K SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:x.x.x.153
+ for i in filter nat mangle raw
+ iptables -t mangle -n -v --line-numbers -L
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
+ for i in filter nat mangle raw
+ iptables -t raw -n -v --line-numbers -L
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
+ set +x
Please also detail your network topology. Are the phones on the same LAN segment as the server they are trying to contact?
If the phones work on ports 5073-5, can you just change them to do that?
Please clarify which ports are TCP or UDP - for now I assume that 5060 is the TCP control port and the others are UDP carrying sound
If the phones work on ports 5073-5, can you just change them to do that?
Please clarify which ports are TCP or UDP - for now I assume that 5060 is the TCP control port and the others are UDP carrying sound
ASKER
Vocalocity is a cloud based PBX, so they connect across the Internet. The port on the Vocalocity side is 5060 (udp) and the phones use their own outgoing ports, which are also udp. They default to 5062, 5063 and 5064 for the 3 phones once they reboot, which seems to be daily. I have to go in and edit the port to change them to 5073-5 udp each morning for them to work correctly. I have not talked to Vocalocity support to see if they can make that a permanent change, I figured there was something going on with my router setup that was causing the issues.
Incidentally the other location, which works fine, the phones use port 5060 and 5061 (udp) to connect with and have no problems.
Incidentally the other location, which works fine, the phones use port 5060 and 5061 (udp) to connect with and have no problems.
Sounds like a stale state table in your Firewall left over from your Asterisk trials. Or a custom rule someone added to the Firewall.
Since Vocalocity is a cloud based PBX, I wouldn't expect lsof to show anything. I didn't know it was cloud based.
I would still be interested to see iptables.txt from your router system.
I would still be interested to see iptables.txt from your router system.
ASKER
iptables output is listed above. The 3 phones are at 10.233.0.20, 21 and 22 above.
Sorry, so it is. I read Nothing shows up from lsof and somehow assumed lsof output followed. I was hoping for and expecting a file attachment for iptables, but I can select and copy (a rather painful process, because the "Select All" option doesn't work when trying to paste into an xterm).
Please confirm: do all occurrences of x.x.x refer to the same network?
Please confirm: do all occurrences of x.x.x refer to the same network?
I can't straight away see anything that would differentiate between e.g. 5062 & 5072. Possibly nothing at the other end receiving from 5062? A quick check would be to momentarily drop the firewall and try a 506x call. But I understand you may not find that feasible. Wouldn't help with a routing problem anyway.
Have to go now
Have to go now
ASKER
Correct x.x.x is all part of the same subnet.
This same configuration works without issues in another office, running on the exact same setup. Port 5062, 5063 and 5064 all work just fine there. That is why I am sure there has to be something specific to the device in question.
This same configuration works without issues in another office, running on the exact same setup. Port 5062, 5063 and 5064 all work just fine there. That is why I am sure there has to be something specific to the device in question.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I switched the phones over to send traffic out over our secondary Internet connection (which is connected via a different router as well) and it has been working fine. At some point I will try the Linux router on that connection and that will tell me if it is the router or something beyond our router that is blocking it.
Open in new window
and post iptables.txt