Thank you for the info, Tim & Lu! Since I’m not running NAT on my 44 subnet, I don’t do any masquerade rules. I’m only adding firewall filter rules to open the firewall up for 4569 since I block everything by default.
Strangely enough, everything started working again this morning with no intervention on my part! My nodes on my 44 subnet are all registered. Again, same issue as last time - so, we’ll see how long this lasts! Would really like to figure out why it does this every few months.
···
On Sun, Dec 27, 2015 at 6:45 AM, Lu V luvencl8@gmail.com wrote:
I have an issue that comes up from time to time with my setup in Colorado. The first time it happened, I changed the port in Allstar to another port and that was the fix. I thought it was my ISP blocking 4569.
Then a month later it happened again. So I changed the port again and of course made the forwarding rule change in my router.
After a few iterations of this, I decided that the next time this happens, that I would just blow away to rule and rebuild it and see what happens. Sure enough that was the key to fix the issue. Keep in mind, it takes a little while sometimes for all the other nodes to see that you registered by the update to the ip list ,but in my case the problem seems to be with the router. It is a two wire DSL router and one day I will replace it with one that someone could recommend. But for whatever it is worth, I am able to log into the modem remotely and issue a restart. I have found that sometimes it takes 2 to 3 restarts to the modem/router and the problem is resolved. I don’t understand why this continues to be a problem but it could possibly be similar in your case.
Lu Vencl
KA4EPS
On Dec 26, 2015, at 10:25 PM, Tim Sawyer tisawyer@gmail.com wrote:
I had a hell of a time getting a MikroTik router to let AllStar register. The big trick is to insure outbound masqueraded packets go out the WAN interface. Otherwise they come back at you and confuse the heck out of Asterisk.
Here’s my masquerade rule:
add action=masquerade chain=srcnat out-interface=ether1-WAN src-address=192.168.1.0/24
And just fyi, here’s my forwarding rule:
add action=dst-nat chain=dstnat dst-port=4569 in-interface=ether1-WAN protocol=udp to-addresses=192.168.1.6 to-ports=4569
App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
On Sat, Dec 26, 2015 at 3:56 PM, Bobby Lacey kf4gta@amsat.org wrote:
I still haven’t been able to figure out when it keeps trying to register, but never does. All port forwards are set on my Mikrotik edge router. Like I said earlier, it works for months on end and then has trouble registering all of a sudden. Has anyone else had any registration issues using a Mikrotik device? IAX has been stuck on the Registering/Retrying/Timeout for about 5 days now.
Thank you for any help!
73
Bobby
App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
–
Tim
On Wed, Dec 23, 2015 at 10:16 PM, Bobby Lacey kf4gta@amsat.org wrote:
Hi David,
Yes - source IP is the same 44/8 address that the allstar node is using for registering.
[root@146-760 ~]# wget http://ipinfo.io/ip -qO -
44.36.x.x
Just strange that it works for months, then stops all of a sudden?
Thanks for your help!
73
Bobby
On Wed, Dec 23, 2015 at 1:00 PM, David McGough kb4fxc@inttek.net wrote:
Hi,
I think you’re hitting a security feature of the Registration System.
When running wget (or the node info collection scripts, like:
rc.updatenodelist), you must use the same source IP address as
used during the Asterisk registration requests sent from Asterisk when it
is running. And, your node must be properly registered to retrieve the
node list.
So, is the source IP address of the AllStar/Asterisk server on the
44.0.0.0/8 network? And, if so, when running wget, do you use the same
source IP address as Asterisk? If not, these addresses must be the same.
Merry Christmas and Happy Holidays!!
73, David KB4FXC
On Wed, 23 Dec 2015, Bobby Lacey wrote:
Hello!
Every few months, we run into a problem where our nodes will de-register
with register.allstarlink.org and just set there before timing out and
retrying. It never does register until it just magically starts working
again often many days later.
I haven’t really had time to troubleshooted it before, but since I’m home
from work for a few days, I’m trying to trace down the problem.
Something interesting I’ve found: These nodes are sitting on my 44Net (
44.0.0.0/8) address space and get the following when I try to wget nodes.pl:
[root@146-760 ~]# wget http://nodes1.allstarlink.org/cgi-bin/nodes.pl
–2015-12-23 11:36:23-- http://nodes1.allstarlink.org/cgi-bin/nodes.pl
Resolving nodes1.allstarlink.org (nodes1.allstarlink.org)… 96.36.57.202
Connecting to nodes1.allstarlink.org
(nodes1.allstarlink.org)|96.36.57.202|:80…
connected.
HTTP request sent, awaiting response… 403
2015-12-23 11:36:23 ERROR 403: (no description).
[root@146-760 ~]# wget http://nodes2.allstarlink.org/cgi-bin/nodes.pl
–2015-12-23 11:36:57-- http://nodes2.allstarlink.org/cgi-bin/nodes.pl
Resolving nodes2.allstarlink.org (nodes2.allstarlink.org)… 209.159.155.200
Connecting to nodes2.allstarlink.org
(nodes2.allstarlink.org)|209.159.155.200|:80…
connected.
HTTP request sent, awaiting response… 403 Forbidden
2015-12-23 11:36:57 ERROR 403: Forbidden.
[root@146-760 ~]# wget http://nodes3.allstarlink.org/cgi-bin/nodes.pl
–2015-12-23 11:37:28-- http://nodes3.allstarlink.org/cgi-bin/nodes.pl
Resolving nodes3.allstarlink.org (nodes3.allstarlink.org)… 65.110.110.172
Connecting to nodes3.allstarlink.org
(nodes3.allstarlink.org)|65.110.110.172|:80…
connected.
HTTP request sent, awaiting response… 403
2015-12-23 11:37:28 ERROR 403: (no description).
When I try from my ISP’s public IP (non 44Net), it works fine. This is just
an observation and I’m not sure if it actually is the problem.
Anyone have any ideas?
Tnx and 73
Bobby
KF4GTA
App_rpt-users mailing list
App_rpt-users@ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the “Unsubscribe or edit options button”
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.