Advanced network

Trying to help out a buddy who is running ASL with Echolink. He uses 2 NICS, one connected to his LAN (internet router enabled) and the other connected to the AREDN Mesh network.
All appropriate ports are properly forwarded in both routers. His ASL node is public but connects to a remote private node, on the Mesh side of things.

Now the fun part…

Inbound Internet Echolink connects work fine. Inbound ASL Internet connects do not but outbound to public ASL nodes work. Yes I know, BUT PORT ROUTING IS PROPERLY DEFINED IN HIS INTERNET ROUTER

Inbound ASL connects work just fine from the Mesh NIC. So what are we missing?

Sounds like a IP/NIC routing issue.

What is the node number in question?
What is the public IP for that server holding the node (normal internet service)?
What is the ip for the mesh network at the server?

Node is 54326
Public ip 73.157.138 95
Mesh ip 10 .216.155.86

As you see, totally different nets

You will need to do some google work on gateway/routing with 2 NIC;s.

But verify the settings for each NIC first.

I would agree with that except for that fact that Echolink works fine. Echolink is just another layer on ASL, no?

Which interface is originating the default outbound traffic:

ip route show default

Make sure that where is says “default via n.n.n.n dev _____ …”, the _____ is the interface with the IP address that should be the default outbound to the Internet. It’s also possible there are two default routes defined which never works well. I don’t know much about ARDEN mesh stuff, but I assume it runs some sort of routing protocols? Need to make sure it’s not leaking in an unexpected default route.

Correctly shows both NICs

default via dev ens18 
default via dev enx00e04c36010f proto dhcp metric 100

With still unknown gateway routing,
The thing that stands out to me from what you show is the DHCP on the public network.

So, do you have adequate measure to route ports required to what is suppose to be the asl server?
Because the address can change. And likely is. If you are forwarding by mac, it would not be an issue, so I can only pose the question.

But I would say it would be recommended to change that to static addressing unless you have good reason not to and before you make other adjustments.
And recheck port forwarding matches the static address.

Yes, DHCP is used but its MAC is reserved in the router

What is the gateway address and the dns addresses for the public NIC ? is the correct gateway but I don’t quite grasp your 2nd question. Do you mean the DNS range?

Let me pose the question this way…
what is the result of cat /etc/resolv.conf

root@eoh:~# nmap -sU -p 4569
Starting Nmap 7.70 ( ) at 2023-08-10 18:06 EDT
Nmap scan report for (
Host is up (0.099s latency).

4569/udp open|filtered iax

Show the contents of rpt.conf for “nodes”

In my experience, two default gateways is not a good thing. I have two ways around that problem:

  1. Use a specific route for one of the networks, if it exists, rather than a default route. In this instance, that would probably require static configuration for the mesh interface.

There’s a couple of tricks you can use here, like using two /1 routes for your ISP connection (this will override a default route by being more specific), and a more specific network route for the mesh network. This would allow you to keep your DHCP configuration. You’d need an event to run external scripts when DHCP configuration is complete.


  1. Use policy routing to route outbound packets based on source address. This uses rules and multiple routing tables to control how packets are forwarded. I use this technique in a few places, to ensure packets go where they should, in a predictable manner.

nmap -sU -p 4569

Starting Nmap 7.80 ( ) at 2023-08-10 15:13 PDT
Nmap scan report for
Host is up.

4569/udp open|filtered iax

Nmap done: 1 IP address (1 host up) scanned in 2.12 seconds

#vi /etc/asterisk/rpt.conf

54326 = radio@,NONE ; This must be changed to your node number
;and iax port number if not the default

1100 = radio@,NONE
1200 = radio@,NONE

The last 2 are obviously private nodes that connect to this public node. They connect just fine via the Mesh

What is the bindport and bind address show in iax.conf

Also show the following lines in extensions.conf where it starts

exten => 54326,1,Answer


domain local.mesh
search local.mesh.

Did I mention outgoing connects to the internet work fine?

Mike, thanks for your effort in this - and everyone else’s efforts but we decided the easiest route was to change how this particular computer accessed the network(s).
(if anyone follows AREDN, we used a hAP - with it’s built in VLANs - and use it as a go between for the Proxmox computer - running the ASL VM -, his internet router and the Mesh network. All is working as it should now

We should have done this days ago :rofl:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.