Amigos, tengo la siguiente red:
IssabelPBX: IP Publica DIRECTA (Sin NAT) Solo con IPTables + Fail2Ban + Doble Autenticacion WEB/HTTPS
Extensiones Remotas: Detrás de Router con NAT
Resulta, que llevaba bastante tiempo funcionando, pero de un día para otro, presenta problemas de desconexion de las extensiones remotas (Solo algunas), lo extraño es que si desactivo el IPTables, las extensiones se registran nuevamente, pero al rato, vuelven a caer (aun cuando dejo el IPTables desactivado), y no entiendo que podria ser:
[root@sip4 ~]# asterisk -rvvvvvvvvvvvvvvvvvvvvvv
Asterisk 11.25.3, Copyright (C) 1999 - 2013 Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
Connected to Asterisk 11.25.3 currently running on sip4 (pid = 2071)
sip4CLI> sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
9000/9000 (Unspecified) D Yes Yes A 0 UNKNOWN
9001 (Unspecified) D Yes Yes A 0 UNKNOWN
9002/9002 (Unspecified) D Yes Yes A 0 UNKNOWN
9003/9003 (Unspecified) D Yes Yes A 0 UNKNOWN
9004/9004 (Unspecified) D Yes Yes A 0 UNKNOWN
9005/9005 (Unspecified) D Yes Yes A 0 UNKNOWN
9006/9006 (Unspecified) D Yes Yes A 0 UNKNOWN
9007/9007 (Unspecified) D Yes Yes A 0 UNKNOWN
9008/9008 (Unspecified) D Yes Yes A 0 UNKNOWN
9009/9009 190.160.64.94 D Yes Yes A 5060 OK (19 ms)
9010/9010 (Unspecified) D Yes Yes A 0 UNKNOWN
9011/9011 (Unspecified) D Yes Yes A 0 UNKNOWN
9012/9012 190.160.64.94 D Yes Yes A 9783 OK (66 ms)
9013/9013 190.160.64.94 D Yes Yes A 9784 OK (68 ms)
9014/9014 190.160.64.94 D Yes Yes A 5062 OK (68 ms)
9015/9015 (Unspecified) D Yes Yes A 0 UNKNOWN
16 sip peers [Monitored: 4 online, 12 offline Unmonitored: 0 online, 0 offline]
sip4CLI> exit
Asterisk cleanly ending (0).
Executing last minute cleanups
[root@sip4 ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: active (exited) since Sat 2018-11-17 19:13:35 EST; 2 days ago
Process: 14253 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
Process: 15062 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 15062 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
Nov 17 19:13:35 sip4.sedetel.cl systemd[1]: Starting IPv4 firewall with iptables...
Nov 17 19:13:35 sip4.sedetel.cl iptables.init[15062]: iptables: Applying firewall rules: [ OK ]
Nov 17 19:13:35 sip4.sedetel.cl systemd[1]: Started IPv4 firewall with iptables.
[root@sip4 ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
[root@sip4 ~]# asterisk -rvvvvvvvvvvvvvvvvvvvvvv
Asterisk 11.25.3, Copyright (C) 1999 - 2013 Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
Connected to Asterisk 11.25.3 currently running on sip4 (pid = 2071)
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
-- Registered SIP '9008' at 190.160.64.94:10388
[2018-11-19 20:43:21] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9008' is now Reachable. (21ms / 2000ms)
-- Registered SIP '9010' at 190.160.64.94:10384
[2018-11-19 20:43:21] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9010' is now Reachable. (31ms / 2000ms)
sip4CLI>
-- Registered SIP '9004' at 190.160.64.94:10385
[2018-11-19 20:43:21] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9004' is now Reachable. (25ms / 2000ms)
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
-- Registered SIP '9015' at 190.160.64.94:10386
sip4CLI>
[2018-11-19 20:43:26] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9015' is now Reachable. (232ms / 2000ms)
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
-- Registered SIP '9011' at 190.160.64.94:10387
[2018-11-19 20:43:32] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9011' is now Reachable. (24ms / 2000ms)
-- Registered SIP '9007' at 190.160.64.94:10379
[2018-11-19 20:43:35] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9007' is now Reachable. (21ms / 2000ms)
-- Registered SIP '9003' at 190.160.64.94:10380
[2018-11-19 20:43:44] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9003' is now Reachable. (20ms / 2000ms)
-- Registered SIP '9005' at 190.160.64.94:10381
[2018-11-19 20:43:44] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9005' is now Reachable. (21ms / 2000ms)
-- Registered SIP '9002' at 190.160.64.94:10382
[2018-11-19 20:43:47] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9002' is now Reachable. (21ms / 2000ms)
-- Registered SIP '9000' at 190.161.84.6:54200
[2018-11-19 20:43:49] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9000' is now Reachable. (34ms / 2000ms)
sip4CLI> sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
9000/9000 190.161.84.6 D Yes Yes A 54200 OK (34 ms)
9001 (Unspecified) D Yes Yes A 0 UNKNOWN
9002/9002 190.160.64.94 D Yes Yes A 10382 OK (21 ms)
9003/9003 190.160.64.94 D Yes Yes A 10380 OK (20 ms)
9004/9004 190.160.64.94 D Yes Yes A 10385 OK (25 ms)
9005/9005 190.160.64.94 D Yes Yes A 10381 OK (21 ms)
9006/9006 (Unspecified) D Yes Yes A 0 UNKNOWN
9007/9007 190.160.64.94 D Yes Yes A 10379 OK (21 ms)
9008/9008 190.160.64.94 D Yes Yes A 10388 OK (21 ms)
9009/9009 190.160.64.94 D Yes Yes A 5060 OK (20 ms)
9010/9010 190.160.64.94 D Yes Yes A 10384 OK (31 ms)
9011/9011 190.160.64.94 D Yes Yes A 10387 OK (24 ms)
9012/9012 190.160.64.94 D Yes Yes A 9783 OK (64 ms)
9013/9013 190.160.64.94 D Yes Yes A 9784 OK (69 ms)
9014/9014 190.160.64.94 D Yes Yes A 5062 OK (68 ms)
9015/9015 190.160.64.94 D Yes Yes A 10386 OK (232 ms)
16 sip peers [Monitored: 14 online, 2 offline Unmonitored: 0 online, 0 offline]
-- Registered SIP '9006' at 190.160.64.94:10383
[2018-11-19 20:43:53] NOTICE[2126]: chan_sip.c:23892 handle_response_peerpoke: Peer '9006' is now Reachable. (21ms / 2000ms)
sip4CLI>
sip4CLI>
sip4CLI> sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
9000/9000 190.161.84.6 D Yes Yes A 54200 OK (34 ms)
9001 (Unspecified) D Yes Yes A 0 UNKNOWN
9002/9002 190.160.64.94 D Yes Yes A 10382 OK (21 ms)
9003/9003 190.160.64.94 D Yes Yes A 10380 OK (20 ms)
9004/9004 190.160.64.94 D Yes Yes A 10385 OK (25 ms)
9005/9005 190.160.64.94 D Yes Yes A 10381 OK (21 ms)
9006/9006 190.160.64.94 D Yes Yes A 10383 OK (21 ms)
9007/9007 190.160.64.94 D Yes Yes A 10379 OK (21 ms)
9008/9008 190.160.64.94 D Yes Yes A 10388 OK (21 ms)
9009/9009 190.160.64.94 D Yes Yes A 5060 OK (20 ms)
9010/9010 190.160.64.94 D Yes Yes A 10384 OK (31 ms)
9011/9011 190.160.64.94 D Yes Yes A 10387 OK (24 ms)
9012/9012 190.160.64.94 D Yes Yes A 9783 OK (64 ms)
9013/9013 190.160.64.94 D Yes Yes A 9784 OK (69 ms)
9014/9014 190.160.64.94 D Yes Yes A 5062 OK (68 ms)
9015/9015 190.160.64.94 D Yes Yes A 10386 OK (232 ms)
16 sip peers [Monitored: 15 online, 1 offline Unmonitored: 0 online, 0 offline]
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>
[2018-11-19 20:44:04] NOTICE[2126]: chan_sip.c:28485 handle_request_register: Registration from '<sip:311@170.239.86.63>' failed for '5.62.41.43:3356' - Wrong password
[2018-11-19 20:44:15] WARNING[2126]: chan_sip.c:4100 retrans_pkt: Timeout on 516042067-194656858-1151078233 on non-critical invite transaction.
[2018-11-19 20:44:16] WARNING[2126]: chan_sip.c:4100 retrans_pkt: Timeout on 1323795191-1037309679-1256733387 on non-critical invite transaction.
sip4CLI> sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
9000/9000 190.161.84.6 D Yes Yes A 54200 OK (34 ms)
9001 (Unspecified) D Yes Yes A 0 UNKNOWN
9002/9002 190.160.64.94 D Yes Yes A 10382 OK (21 ms)
9003/9003 190.160.64.94 D Yes Yes A 10380 OK (20 ms)
9004/9004 190.160.64.94 D Yes Yes A 10385 OK (21 ms)
9005/9005 190.160.64.94 D Yes Yes A 10381 OK (21 ms)
9006/9006 190.160.64.94 D Yes Yes A 10383 OK (21 ms)
9007/9007 190.160.64.94 D Yes Yes A 10379 OK (21 ms)
9008/9008 190.160.64.94 D Yes Yes A 10388 OK (19 ms)
9009/9009 190.160.64.94 D Yes Yes A 5060 OK (19 ms)
9010/9010 190.160.64.94 D Yes Yes A 10384 OK (22 ms)
9011/9011 190.160.64.94 D Yes Yes A 10387 OK (24 ms)
9012/9012 190.160.64.94 D Yes Yes A 9783 OK (61 ms)
9013/9013 190.160.64.94 D Yes Yes A 9784 OK (69 ms)
9014/9014 190.160.64.94 D Yes Yes A 5062 OK (69 ms)
9015/9015 190.160.64.94 D Yes Yes A 10386 OK (43 ms)
16 sip peers [Monitored: 15 online, 1 offline Unmonitored: 0 online, 0 offline]
sip4*CLI> exit
Asterisk cleanly ending (0).
Executing last minute cleanups
[root@sip4 ~]# service iptables stop
Redirecting to /bin/systemctl stop iptables.service
[root@sip4 ~]# service iptables start
Redirecting to /bin/systemctl start iptables.service
[root@sip4 ~]# asterisk -rvvvvvvvvvvvvvvvvvvvvvv
Asterisk 11.25.3, Copyright (C) 1999 - 2013 Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
Connected to Asterisk 11.25.3 currently running on sip4 (pid = 2071)
sip4CLI>
sip4CLI>
sip4CLI>
-- Remote UNIX connection
-- Remote UNIX connection disconnected
[2018-11-19 20:45:05] WARNING[2126]: chan_sip.c:4100 retrans_pkt: Timeout on 903819610-2133772409-2030865686 on non-critical invite transaction.
[2018-11-19 20:45:08] WARNING[2126]: chan_sip.c:4100 retrans_pkt: Timeout on 208959943-68226670-29607388 on non-critical invite transaction.
sip4CLI> sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
9000/9000 190.161.84.6 D Yes Yes A 54200 OK (24 ms)
9001 (Unspecified) D Yes Yes A 0 UNKNOWN
9002/9002 190.160.64.94 D Yes Yes A 10382 OK (18 ms)
9003/9003 190.160.64.94 D Yes Yes A 10380 OK (18 ms)
9004/9004 190.160.64.94 D Yes Yes A 10385 OK (22 ms)
9005/9005 190.160.64.94 D Yes Yes A 10381 OK (18 ms)
9006/9006 190.160.64.94 D Yes Yes A 10383 OK (20 ms)
9007/9007 190.160.64.94 D Yes Yes A 10379 OK (20 ms)
9008/9008 190.160.64.94 D Yes Yes A 10388 OK (24 ms)
9009/9009 190.160.64.94 D Yes Yes A 5060 OK (20 ms)
9010/9010 190.160.64.94 D Yes Yes A 10384 OK (20 ms)
9011/9011 190.160.64.94 D Yes Yes A 10387 OK (19 ms)
9012/9012 190.160.64.94 D Yes Yes A 9783 OK (62 ms)
9013/9013 190.160.64.94 D Yes Yes A 9784 OK (68 ms)
9014/9014 190.160.64.94 D Yes Yes A 5062 OK (67 ms)
9015/9015 190.160.64.94 D Yes Yes A 10386 OK (36 ms)
16 sip peers [Monitored: 15 online, 1 offline Unmonitored: 0 online, 0 offline]
sip4CLI>
sip4CLI>
sip4CLI>
sip4CLI>