Tim saved my bacon in a similar circumstance regarding Mikrotik. It sounds like you have at least two gateways available and the registration requests go out both of them with unpredictable results. I believe you need to craft a a firewall rule to always force the use of the correct one. This seems Mikrotik specific.
73 de Ross ve6ars
···
Message: 2
Date: Sun, 27 Dec 2015 12:28:28 -0500
From: Bobby Lacey kf4gta@amsat.org
To: Lu V luvencl8@gmail.com
Cc: app_rpt mailing list app_rpt-users@ohnosec.org, Tim Sawyer
<tisawyer@gmail.com>Subject: Re: [App_rpt-users] Registration Issues
Message-ID:
<CA+TDQEz2Q5YB6M9FiNi7sF-ngAs6Epy1Yw_DPRw_vf_EzV_F5Q@mail.gmail.com>Content-Type: text/plain; charset=“utf-8”
Thank you for the info, Tim & Lu! Since I’m not running NAT on my 44
subnet, I don’t do any masquerade rules. I’m only adding firewall filter
rules to open the firewall up for 4569 since I block everything by default.
Strangely enough, everything started working again this morning with no
intervention on my part! My nodes on my 44 subnet are all registered.
Again, same issue as last time - so, we’ll see how long this lasts! Would
really like to figure out why it does this every few months.
Thanks again for everyone’s help!
73
Bobby
KF4GTA
On Sun, Dec 27, 2015 at 6:45 AM, Lu V luvencl8@gmail.com wrote:
I have an issue that comes up from time to time with my setup in Colorado.
The first time it happened, I changed the port in Allstar to another port
and that was the fix. I thought it was my ISP blocking 4569.
Then a month later it happened again. So I changed the port again and of
course made the forwarding rule change in my router.
After a few iterations of this, I decided that the next time this happens,
that I would just blow away to rule and rebuild it and see what happens.
Sure enough that was the key to fix the issue. Keep in mind, it takes a
little while sometimes for all the other nodes to see that you registered
by the update to the ip list ,but in my case the problem seems to be with
the router. It is a two wire DSL router and one day I will replace it with
one that someone could recommend. But for whatever it is worth, I am able
to log into the modem remotely and issue a restart. I have found that
sometimes it takes 2 to 3 restarts to the modem/router and the problem is
resolved. I don’t understand why this continues to be a problem but it
could possibly be similar in your case.
Lu Vencl
KA4EPS
On Dec 26, 2015, at 10:25 PM, Tim Sawyer tisawyer@gmail.com wrote:
I had a hell of a time getting a MikroTik router to let AllStar register.
The big trick is to insure outbound masqueraded packets go out the WAN
interface. Otherwise they come back at you and confuse the heck out of
Asterisk.
Here’s my masquerade rule:
add action=masquerade chain=srcnat out-interface=ether1-WAN src-address=
And just fyi, here’s my forwarding rule:
add action=dst-nat chain=dstnat dst-port=4569 in-interface=ether1-WAN
protocol=udp to-addresses=192.168.1.6 to-ports=4569
On Sat, Dec 26, 2015 at 3:56 PM, Bobby Lacey kf4gta@amsat.org wrote:
I still haven’t been able to figure out when it keeps trying to register,
but never does. All port forwards are set on my Mikrotik edge router. Like
I said earlier, it works for months on end and then has trouble registering
all of a sudden. Has anyone else had any registration issues using a
Mikrotik device? IAX has been stuck on the Registering/Retrying/Timeout for
about 5 days now.
Thank you for any help!
73
Bobby
On Wed, Dec 23, 2015 at 10:16 PM, Bobby Lacey kf4gta@amsat.org wrote:
Hi David,
Yes - source IP is the same 44/8 address that the allstar node is using
for registering.
[root@146-760 ~]# wget http://ipinfo.io/ip -qO -
44.36.x.x
Just strange that it works for months, then stops all of a sudden?
Thanks for your help!
73
Bobby
On Wed, Dec 23, 2015 at 1:00 PM, David McGough kb4fxc@inttek.net
wrote:
Hi,
I think you’re hitting a security feature of the Registration System.
When running wget (or the node info collection scripts, like:
rc.updatenodelist), you must use the same source IP address as
used during the Asterisk registration requests sent from Asterisk when
it
is running. And, your node must be properly registered to retrieve the
node list.
So, is the source IP address of the AllStar/Asterisk server on the
44.0.0.0/8 network? And, if so, when running wget, do you use the same
source IP address as Asterisk? If not, these addresses must be the
same.
Merry Christmas and Happy Holidays!!
73, David KB4FXC
On Wed, 23 Dec 2015, Bobby Lacey wrote:
Hello!
Every few months, we run into a problem where our nodes will
de-register
with register.allstarlink.org and just set there before timing out
and
retrying. It never does register until it just magically starts
working
again often many days later.
I haven’t really had time to troubleshooted it before, but since I’m
home
from work for a few days, I’m trying to trace down the problem.
Something interesting I’ve found: These nodes are sitting on my 44Net
(
44.0.0.0/8) address space and get the following when I try to wget
[root@146-760 ~]# wget http://nodes1.allstarlink.org/cgi-bin/nodes.pl
–2015-12-23 11:36:23–
Resolving nodes1.allstarlink.org (nodes1.allstarlink.org)…
96.36.57.202
Connecting to nodes1.allstarlink.org
(nodes1.allstarlink.org)|96.36.57.202|:80…
connected.
HTTP request sent, awaiting response… 403
2015-12-23 11:36:23 ERROR 403: (no description).
[root@146-760 ~]# wget http://nodes2.allstarlink.org/cgi-bin/nodes.pl
–2015-12-23 11:36:57–
Resolving nodes2.allstarlink.org (nodes2.allstarlink.org)…
209.159.155.200
Connecting to nodes2.allstarlink.org
(nodes2.allstarlink.org)|209.159.155.200|:80…
connected.
HTTP request sent, awaiting response… 403 Forbidden
2015-12-23 11:36:57 ERROR 403: Forbidden.
[root@146-760 ~]# wget http://nodes3.allstarlink.org/cgi-bin/nodes.pl
–2015-12-23 11:37:28–
Resolving nodes3.allstarlink.org (nodes3.allstarlink.org)…
65.110.110.172
Connecting to nodes3.allstarlink.org
(nodes3.allstarlink.org)|65.110.110.172|:80…
connected.
HTTP request sent, awaiting response… 403
2015-12-23 11:37:28 ERROR 403: (no description).
When I try from my ISP’s public IP (non 44Net), it works fine. This
is just
an observation and I’m not sure if it actually is the problem.
Anyone have any ideas?
Tnx and 73
Bobby
KF4GTA
App_rpt-users mailing list
To unsubscribe from this list please visit
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
down to the bottom of the page. Enter your email address and press the
“Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email
confirmation. If you have trouble unsubscribing, please send a message to
the list detailing the problem.
App_rpt-users mailing list
To unsubscribe from this list please visit
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
down to the bottom of the page. Enter your email address and press the
“Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email
confirmation. If you have trouble unsubscribing, please send a message to
the list detailing the problem.
–
–
Tim
App_rpt-users mailing list
To unsubscribe from this list please visit
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down
to the bottom of the page. Enter your email address and press the
“Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email
confirmation. If you have trouble unsubscribing, please send a message to
the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed…
URL: <http://ohnosec.org/pipermail/app_rpt-users/attachments/20151227/95b1aece/attachment-0001.html>
App_rpt-users mailing list
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
End of App_rpt-users Digest, Vol 82, Issue 56