Getting LAN SIP Phones to Register with Asterisk Server/Gateway

[lee586]

I have PBXIAF on my box which also functions as a gateway. The ISP connection goes directly into eth0 and the box runs DHCP for the private LAN on eth1. All the VOIP applications and phones work perfectly on the outside but none of them work on the local LAN. My phones will FTP, boot, but for some reason they can't register with Asterisk when on the same LAN.

I first thought it was iptables but whether they're on or off, I have the same result. I can pull up PBXIAF from a local computer on the LAN although apache is serving up corrupt image and CSS files so it doesn't look very good (only on the local LAN though).

I don't worry about DNS because everything is through IP address--no domain names.

Originally, I had one NIC and the PBXIAF box worked perfectly with the devices on the LAN. Once I hadded the 2nd NIC, set the box up to function as a gateway and DHCP server, the LAN VoIP devices just lost it.

What's the secret to having the local LAN VoIP devices successfully use the box so they can interact with the external devices that are already working so well?

 

[ampster]

you give a lot of info but no specifics. Its hard to say without more info. Most people have no issues with LAN phones.

Some have the opposite problem to you - getting
WAN phones to work.

your problem could be something as dumb as forgetting
to set dhcp on your phones rather than static ip.

Anthony

 

[blanchae]

Once I hadded the 2nd NIC, set the box up to function as a gateway and DHCP server, the LAN VoIP devices just lost it.

Sounds like a routing problem....

 

[vespaman]

Which nic is your LAN ? Is this the one your local phones are connecting to ? Does IPtables know about the LAN nic ?
Did you use webmin to configure both nics ?
A network diagram may help.

 

[Bitnetix]

Yah-definitely networking. I'm guessing that you installed PIAF on the box with only one nic, then added the second one.

 

[lee586]

Yes I did install PBXIAF when I had only one NIC. DHCP is working fine. On the local LAN I can FTP and SSH without any problem. It's the phones that aren't behaving properly.

The following screenshot from webwin shows how my ethernet devices are setup. eth0 is the NIC that uses PPP to manage the DSL connection.

And here are my routes:

And finally my hostname:

And if you're curious what my iptables look like:

Chain INPUT (policy DROP 2206 packets, 254K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   13   672 DROP       tcp  --  ppp0   any     anywhere             anywhere            tcp dpt:ssh 
    8   344 DROP       tcp  --  ppp0   any     anywhere             anywhere            tcp dpt:http 
44938 6229K fail2ban-APACHE  tcp  --  any    any     anywhere             anywhere            
 105K   37M fail2ban-ASTERISK  all  --  any    any     anywhere             anywhere            
    0     0 fail2ban-SSH  tcp  --  any    any     anywhere             anywhere            tcp dpt:paragent 
   55  3181 fail2ban-VSFTPD  tcp  --  any    any     anywhere             anywhere            tcp dpt:ftp 
  224 32142 fail2ban-BadBots  tcp  --  any    any     anywhere             anywhere            multiport dports http,https 
44916 6228K fail2ban-APACHE  tcp  --  any    any     anywhere             anywhere            
  372 56788 fail2ban-SSH  tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh 
 102K   37M ACCEPT     all  --  !eth0  any     anywhere             anywhere            
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp flags:ACK/ACK 
    3   996 ACCEPT     all  --  any    any     anywhere             anywhere            state ESTABLISHED 
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED 
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp spt:domain dpts:1024:65535 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp echo-reply 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp destination-unreachable 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp source-quench 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp time-exceeded 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp parameter-problem 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:auth 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:https 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ftp 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:etlservicemgr 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:glrpc 
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:iax 
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpts:commplex-main:5082 
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpts:ndmp:dnp 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:upnotifyp 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:5038 
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:ntp 
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:t*f*t*p 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:paragent 
    0     0 ACCEPT     tcp  --  ppp0   any     anywhere             anywhere            state NEW tcp dpt:65100 
    0     0 ACCEPT     tcp  --  ppp0   any     anywhere             anywhere            state NEW tcp dpt:https 
Chain FORWARD (policy ACCEPT 179 packets, 18900 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 202K   15M ACCEPT     all  --  eth1   ppp0    anywhere             anywhere            
 584K  783M ACCEPT     all  --  ppp0   eth1    anywhere             anywhere            state RELATED,ESTABLISHED 
Chain OUTPUT (policy ACCEPT 104K packets, 29M bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain fail2ban-APACHE (2 references)
 pkts bytes target     prot opt in     out     source               destination         
89854   12M RETURN     all  --  any    any     anywhere             anywhere            
Chain fail2ban-ASTERISK (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 105K   37M RETURN     all  --  any    any     anywhere             anywhere            
Chain fail2ban-BadBots (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  224 32142 RETURN     all  --  any    any     anywhere             anywhere            
Chain fail2ban-SSH (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  372 56788 RETURN     all  --  any    any     anywhere             anywhere            
Chain fail2ban-VSFTPD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   33  1773 RETURN     all  --  any    any     anywhere             anywhere

Yes, I'm sure it's a routing problem but I'm not bright enough to figure it out. I don't want to reinstall PBXIAF simply to configure both NICS from the beginning since everything else seems to work just fine. I know I'm close and I'm sure it's something obvious.

Any ideas anyone?

Thanks in advance.

 

[phonebuff]

First off,

I do not beleive that theDefault rout is correct. This is the NIC to use to get to any specifically undefined "public" IP such as google.com and yet you hae it pointing at the LAN segment on ETH1.

If the ISP connection is on ETH0 / ppp0 then the default route is there as Well. It should probably be 72.123.4.n of some form.

Next what addresses is the DHCP server handling out to the LAN Devices ? 192.168.2.n ?

Finally What IP is Asterisk binding to ?

Start an Asterisk cli or run status to get the bound IP.
Second do a route to see the route tables being built.
Next do a ifconfig -a to list the adapters and settings.
Lastly, use traceroute to check your paths / routes..

------------------------------------------

 

[lee586]

I changed the default route to eth0 and ppp0 using the static IP as the gateway. I reloaded network and even rebooted the server with no apparent changes.

The DHCP server is giving out address in the 192.168.2.200 to 192.168.2.254 range.

Asterisk is binding to the local IP that eth0 is receiving from the DLS modem - 192.168.1.45.

Results from route:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
branmocobr2.bra *               255.255.255.255 UH    0      0        0 ppp0
192.168.2.0     *               255.255.255.0   U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         *               0.0.0.0         U     0      0        0 ppp0

Results from ifconfig:

eth0      Link encap:Ethernet  HWaddr 00:11:25:A3:3E:36  
          inet addr:192.168.1.45  Bcast:255.255.255.255  Mask:255.255.255.0
          inet6 addr: fe80::211:25ff:fea3:3e36/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7713 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5435 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9476264 (9.0 MiB)  TX bytes:859265 (839.1 KiB)
          Interrupt:169 Memory:da100000-da110000 
eth1      Link encap:Ethernet  HWaddr 00:04:76:F7:17:3B  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::204:76ff:fef7:173b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1674801 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2899557 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:297608014 (283.8 MiB)  TX bytes:3261689954 (3.0 GiB)
          Interrupt:169 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:265027 errors:0 dropped:0 overruns:0 frame:0
          TX packets:265027 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:37515448 (35.7 MiB)  TX bytes:37515448 (35.7 MiB)
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:72.123.45.6  P-t-P:72.29.179.166  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:7663 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5229 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:9273458 (8.8 MiB)  TX bytes:708333 (691.7 KiB)
sit0      Link encap:IPv6-in-IPv4  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 

[phonebuff]

Check the setting on a phone..

Be sure the phone has a gateway of 192.168.2.1 should be assigned by DHCP Server and is looking for the proxy / asterisk server at 192.168.1.45. Your TFTPBoot file ?

-----------------