IRC log for #asterisk on 20161216

00:07.51*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
00:22.30*** join/#asterisk [TK]D-Fender (~joe@64.235.216.2)
00:42.07*** join/#asterisk Sprocks (~Sprocks@bmtnon3746w-lp140-05-65-92-121-159.dsl.bell.ca)
00:54.22*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
00:55.23*** join/#asterisk Iamnacho (~Iamnacho@ip24-252-4-195.om.om.cox.net)
01:02.14*** join/#asterisk troyt (~troyt@c-24-11-28-185.hsd1.ut.comcast.net)
01:13.23*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
01:57.09*** join/#asterisk Katty (uid62315@gateway/web/irccloud.com/x-jltcckohdygnyqtw)
02:14.25*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
02:43.25*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
02:51.49*** join/#asterisk Dovid (~dovid@ool-4573a525.dyn.optonline.net)
03:01.56*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
03:10.45*** join/#asterisk drale2k (~drale2k@46.101.230.32)
03:21.25*** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com)
04:10.28*** join/#asterisk fstd_ (~fstd@unaffiliated/fisted)
04:30.29*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
05:03.22*** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com)
05:21.01*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
05:41.31*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
05:44.59*** join/#asterisk zapata (~zapata@2a02:b18:581:10:20ee:93a4:7e22:a808)
06:24.44*** join/#asterisk Jesterboxboy (~Thunderbi@80-109-194-26.cable.dynamic.surfer.at)
06:34.15*** join/#asterisk miralin (~Thunderbi@195.19.212.23)
06:36.32*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
06:54.49*** join/#asterisk bof22 (~Thunderbi@185.13.183.107)
06:56.44*** join/#asterisk sl4ck (~slack@185.69.145.131)
07:12.33*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
07:32.58*** join/#asterisk J0hnSteel (~J0hnSteel@92.55.117.100)
07:36.03*** join/#asterisk miralin (~Thunderbi@195.19.212.23)
07:46.32*** join/#asterisk sekil (~sekil@cable-89-216-194-244.dynamic.sbb.rs)
07:49.12*** join/#asterisk sarthor (~sarthor@unaffiliated/sarthor)
07:55.10*** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com)
08:07.23*** join/#asterisk mirela666 (~mirkob@2a00:1950:400:0:2987:3fd:e34c:da41)
08:10.05*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
08:14.22*** join/#asterisk pchero_work (~pchero@109.70.54.56)
08:23.04*** join/#asterisk jkroon (~jkroon@105.3.106.249)
08:37.21*** join/#asterisk Y04NN (~y04nn@178.18.54.206)
08:57.25*** join/#asterisk sparetire (~sparetire@unaffiliated/sparetire)
09:00.36*** join/#asterisk pawiecki (~pawiecki@router.dir.pl)
09:02.37*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
09:06.22*** join/#asterisk jjrh (~jjrh@2607:f0b0:8:8035:5099:56c8:1eba:32f2)
09:13.22pawieckiHi! I'm struggling with this issue, and after some googling, I'm still not sure what the problem is. I have * and DECT's. Now one DECT number is registered, can answer calls, but can't make them. Here's my config, and CLI error: https://da.gd/8Hhl What I don't understand is why would I get this messages, if my peers are registered from different devices (different IP's), and so far this problem was not occuring.
09:30.12*** join/#asterisk miralin (~Thunderbi@195.19.212.23)
09:36.11*** join/#asterisk Tiffon (~name@unaffiliated/tiff0n)
09:54.08*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
10:02.11*** join/#asterisk friedrich (~friedrich@aextron.de)
10:25.05*** join/#asterisk jkroon (~jkroon@196.33.18.28)
10:33.48*** join/#asterisk miralin (~Thunderbi@195.19.212.23)
11:20.25*** join/#asterisk andremar (~andremar@105.211.54.77.rev.vodafone.pt)
11:42.51*** join/#asterisk miralin (~Thunderbi@195.19.212.23)
11:57.11*** join/#asterisk J0hnSteel (~J0hnSteel@92.55.116.125)
12:07.51*** join/#asterisk friedrich (~friedrich@aextron.de)
12:21.29*** join/#asterisk friedrich (~friedrich@aextron.de)
12:42.54*** join/#asterisk Dovid (~dovid@ool-4573a525.dyn.optonline.net)
12:58.30*** join/#asterisk afournier (~admin@80.215.236.200)
13:03.55afournierlet's say i have a device (100) registered to an asterisk server, when calling, the call is redirected to another asterisk (100 => asterisk => asterisk) the last one complains it failed to authenticate device "100". Is there a way to masquerade the From field, or simply accept every from for a given IP ?
13:04.27afourniers/every/any/
13:10.45sekilafournier: yes on both counts
13:12.47afournieryes on both counts ?
13:14.24*** join/#asterisk karelk (~karel@31.10.149.26)
13:14.44sekilyeah
13:14.51sekilthere's a way to do both
13:16.11afournierok
13:16.23afournierhow would you do the second ?
13:16.28afournierallowguest=yes N
13:16.35afournierallowguest=yes ?
13:16.48sekilno
13:17.05sekilyou set the host=<IPADDRESS> in the peer/friend setting
13:17.24afournierdone already
13:18.09sekilthat would allow everything from the first asterisk..
13:22.30*** join/#asterisk miralin (~Thunderbi@195.19.212.23)
13:29.33*** join/#asterisk [TK]D-Fender (~joe@216.191.106.165)
13:31.17afournierhum... got it
13:31.18afournierit works
13:35.39[TK]D-Fendernot the way
13:35.46[TK]D-FenderYou're allowing random unauthed calls
13:35.47[TK]D-FenderBAS
13:35.49[TK]D-FenderBAD
13:36.45[TK]D-Fenderfix your peers so they auth properly
13:37.14sekilyeah..well..it's from this one ip I guess
13:37.31sekilalthough it's better to do it properly
13:37.55[TK]D-Fenderso just fix your peer
13:38.17[TK]D-Fendereach side should have:
13:38.41[TK]D-Fenderfromuser=DEFAULTUSER-NAME
13:38.50[TK]D-Fendersendrpid=yes
13:38.54[TK]D-Fendertrustrpid=yes
13:39.09[TK]D-Fenderand no need for "insecure" at all
13:45.51*** join/#asterisk brad_mssw (~brad@66.129.88.50)
13:53.53afournierhum... ok
13:58.28*** join/#asterisk davlefou (~davlefou@unaffiliated/davlefou)
14:22.23*** join/#asterisk eric_hill (~eric_hill@wsip-184-180-163-60.ks.ks.cox.net)
14:22.50*** join/#asterisk rwb (~Thunderbi@204.13.43.166)
14:29.04*** join/#asterisk Rini (uid196547@gateway/web/irccloud.com/x-iqfkzfzwitmfpvrg)
14:31.38*** join/#asterisk pawiecki (~pawiecki@router.dir.pl)
14:32.31*** join/#asterisk pawiecki (~pawiecki@217.97.180.1)
14:53.42*** join/#asterisk hehol (~hehol@gatekeeper.loca.net)
14:57.11*** join/#asterisk afournier (~admin@80.215.236.200)
15:05.44*** join/#asterisk rpifan (~rpi@c-24-98-49-231.hsd1.ga.comcast.net)
15:10.13*** join/#asterisk Tim_Toady (~fuzzy@snf-33276.vm.okeanos.grnet.gr)
15:13.38*** join/#asterisk kharwell (kharwell@nat/digium/x-ixoieixghgpepyad)
15:13.38*** mode/#asterisk [+o kharwell] by ChanServ
15:13.39*** join/#asterisk robink (~quassel@unaffilated/robink)
15:19.20*** join/#asterisk troyt (~troyt@c-24-11-28-185.hsd1.ut.comcast.net)
15:39.12*** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n)
15:39.12*** mode/#asterisk [+o cresl1n] by ChanServ
16:02.18*** join/#asterisk andremar (~andremar@105.211.54.77.rev.vodafone.pt)
16:17.13*** join/#asterisk Jesterboxboy (~Thunderbi@80-109-194-26.cable.dynamic.surfer.at)
16:21.16*** join/#asterisk n3ob_ (~n3ob@pool-96-227-225-12.phlapa.fios.verizon.net)
16:28.17*** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com)
16:28.42*** join/#asterisk igcewieling (~ewieling@ip98-170-211-145.pn.at.cox.net)
16:30.35*** join/#asterisk robink_ (~quassel@unaffilated/robink)
16:37.10*** join/#asterisk rmudgett (rmudgett@nat/digium/x-kobunfqkhpzxfnqh)
16:37.10*** mode/#asterisk [+o rmudgett] by ChanServ
16:54.13*** join/#asterisk DBordello (62e3c8eb@gateway/web/freenode/ip.98.227.200.235)
16:56.22DBordelloWe currently have a Panasonic hybrid system, with about 10 phones.  I would like better integration with the computer (dial from Outlook), and a better voice mail interface (an option to call back the number).  These phones have ~40 soft buttons that allow us to see if others are on the phone.
16:56.30DBordelloAre there some phones you would recommend that would allow a similar setup?
16:57.18[TK]D-FenderTons of phones out there
16:57.55[TK]D-FenderWitth lots of buttons.  And side-cars you can load up, etc
16:59.27DBordelloI looked quickly at a few vendors, Polycom for instance.  None of them seemed well suited for showing the status of ~10 extensions
16:59.34DBordelloBut I will look further.
16:59.36*** join/#asterisk funxion (324d7d39@gateway/web/cgi-irc/kiwiirc.com/ip.50.77.125.57)
16:59.52DBordelloDo you think Asterisk is a good solution for replacing a similar setup?
17:00.24[TK]D-FenderThe phonoes do the phones part ... and there are outlook dialers that use AMI for * integration.
17:00.39[TK]D-FenderAnd you can do a call-back from app_voicemail.
17:00.49[TK]D-FenderSo tthat sounds like a "yes" by default
17:01.37DBordelloI figured as much.  Just wanted some more insight before I jumped it.  I have a sad little 1 extension setup on my desk.
17:04.54DBordelloWowzers, the GS-GXP2170 looks full functioning, and inexpensive
17:05.43[TK]D-Fender~gs
17:05.44infobotGrandSuck phones & gateways are cheap junk which should be avoided with extreme prejudice.
17:05.46igcewielingha!
17:05.56[TK]D-Fender~grandstream
17:05.56infobotwell, grandstream is the Yugo of VoIP hardware.  Run...  Run away now.  Though, therealcircut says that they're not that bad.
17:05.56DBordelloOkay :)
17:06.08[TK]D-FenderThey're "meh".
17:06.25[TK]D-Fendermight work, but you'll be lacking in features & qualitty
17:06.27DBordelloWhat do you recommend for quality executive phones?
17:06.42igcewielingPolycom phones.
17:06.51[TK]D-FenderPolycom, Aastra/Mitel,
17:07.14DBordelloPolycom I can believe, I have an old 501 sitting on my desk that has been rock solid
17:07.38[TK]D-Fenderindeed very old
17:08.24DBordelloI bought it 5 years ago to play with Asterisk (at home).  It has done what I have asked of it (often with some config file convincing)
17:09.56DBordelloWhile probably not a big deal, the polycom phones seem to be lacking in hard/soft keys
17:10.31igcewielingDBordello: search for "polycom sidecar"
17:11.28igcewielingOnly the VVX series of their phones support the most recent firmware.   The older Soundpoint phones don't seem to be getting anything but bug fixes.
17:11.51[TK]D-FenderBecause ... older
17:18.44DBordelloWhat would be the best way of bringing PSTN in to the system?  We currently are using Comcast for internet, and 5 lines.
17:18.56DBordelloSIP provider?  Interface with the Comcast lines somehow?
17:19.47igcewielingDon't expect to interface with any major carrier with SIP.
17:20.42igcewielingYou would need analog cards if you want to connect the POTS lines to the PBX.
17:20.57DBordelloAre analog lines better than going with a SIP provider?
17:21.02igcewielingI suggest finding a SIP provider instead of using analog.
17:21.12DBordelloI would figure as much
17:21.13igcewielingno.  analog is the worst, but it is also the cheapest.
17:21.36DBordelloGot it.
17:22.03igcewielingon systems I install, there is always a 2 port FXO card for backup analog lines for when the main lines are down.
17:23.12DBordelloThat is a good idea
17:24.30*** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com)
17:24.55DBordelloIt sounds like I need to simply chose the correct phone, grab a few, and dig in
17:28.13*** part/#asterisk afournier (~admin@80.215.236.200)
17:28.34igcewielingin your case it might not matter if your provider puts the phone service on the same coax as the internet.
17:29.27igcewielingI've been pushing for putting in GSM cards and use cellular during an provider/carrier outage, but the cards are expensive.
17:30.39DBordelloWhile the phone service is on the same physical line, it isn't VOIP over the internet segment.  It is a separate (presumably higher QoS) service.
17:30.51*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
17:36.19igcewielingI'm referring to a cable failure, not a simple ISP failure.
17:37.03DBordelloGot it
17:37.12igcewielingOver and over and over again, when our T-1s go down, the analogs go down too because they are riding the same cable bundle.   It doesn't always happen, but it happen often enough to be a problem.
18:39.52*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
18:40.29*** join/#asterisk friedrich (~friedrich@aextron.de)
19:05.04*** join/#asterisk davlefou (~davlefou@unaffiliated/davlefou)
19:05.53*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
19:23.50*** join/#asterisk miralin (~Thunderbi@194.8.128.47)
19:31.54*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
19:50.48*** join/#asterisk ChkDigit (~u388mw@74.3.144.66)
20:04.14*** join/#asterisk DBordello (62e3c8eb@gateway/web/freenode/ip.98.227.200.235)
20:09.11*** join/#asterisk friedrich (~friedrich@aextron.de)
20:16.55*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
20:20.11DBordelloAnythoughts on Snom or Yealink phones?
20:22.48SamotDecent. I prefer Snom over Yealink.
20:23.09*** join/#asterisk KNERD (~KNERD@2604:a880:1:20::9b:4001)
20:26.11DBordelloI like the combination of hard keys and a display
20:34.16*** join/#asterisk sawgood (~sawgood@unaffiliated/sawgood)
20:34.19*** join/#asterisk Jesterboxboy (~Thunderbi@80-109-194-26.cable.dynamic.surfer.at)
20:34.35*** join/#asterisk robmal (robmal@anarxi.st)
20:44.14*** join/#asterisk nix8n82 (~AndChat58@63-155-104-69.chyn.qwest.net)
20:46.30DBordelloAlthough the Yealink T48G is sexy looking
20:52.26*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
20:54.28*** join/#asterisk robmal (r@wporzo.pl)
21:11.30*** join/#asterisk mub (~jub@static-173-53-12-18.rcmdva.fios.verizon.net)
21:22.57*** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl)
21:38.48*** join/#asterisk agoodm (~alan@host81-149-38-69.in-addr.btopenworld.com)
21:43.01agoodmIm fairly experienced with Asterisk; but am having mind block while trying to troubleshoot an issue with a clients installation.  This setup was working properly until the server was rebooted.  after a reboot the server is unable to qualify the external sip peers it uses to talk to the pstn. Please could someone point me in the right direction for figuring out why the qualify is failing (host appears unreachable, despite host bein
21:43.01agoodmg available)
21:55.43igcewielingtry enabling dnsmgr and make sure all interface IPs are listed in /etc/hosts
21:56.06*** join/#asterisk slav3_sergal (~frankthet@unaffiliated/slav3-kitten/x-0866809)
21:57.42*** join/#asterisk seiggy (~seiggy@74.203.105.194)
21:58.26seiggyI could use some help trying to setup Kamailio as a load balancer for asterisk using WebRTC. I can get signaling to work just fine, but I've tried about a dozen things and I cannot get the RTP stream to work
21:58.54seiggyanyone know of anyone that could help for a few hours at a resonable rate that's done this before?
21:59.48igcewielingI'd rather have a root canal.
22:00.33seiggyat this point me too
22:01.04seiggyis there a better solution for load balancing WebRTC traffic to multiple asterisk servers?
22:01.24seiggyI can get everything working for a single asterisk server
22:01.41seiggybut as soon as I try to use 2 servers and throw in Kamailio as a load balancer, it all goes to hell
22:03.03agoodmigcewieling, I should have been clearer. with qualify=no the sip peer is working as intended
22:04.10igcewielingagoodm: fixing it with qualify no is just hiding the problem.
22:04.27agoodmwith qualify=yes the peer is alwas unreachable and thus asterisk refuses to use it. I've ran a tcpdump dst or src ipaddress -w somefile.dump and i am seeing an options request and a status 200 ok back from the host... but asterisk is saying that the host is unreachable
22:04.44agoodmigcewieling, I know :) but I am struggling to fathom what is going on :(
22:04.55agoodmigcewieling, as packet capture looks fine
22:05.58igcewielingdoes your capture include ICMP?
22:06.08*** join/#asterisk rwb (~Thunderbi@65-183-151-239-dhcp.burlingtontelecom.net)
22:06.33agoodmigcewieling, all traffic to/from the affected host
22:07.18agoodmigcewieling, basically tcpdump src or dst 94.75.247.45 -i ppp0 -w localphone2.dump
22:08.38WIMPys/src or dst/host/
22:09.16agoodmigcewieling, WIMPy http://imgur.com/a/AovQU
22:22.05*** join/#asterisk Y04NN (~y04nn@2a01:e34:ef37:5870:5074:9ce0:914c:a946)
22:23.56*** join/#asterisk bravvve (~user@41.100.78.71)
22:24.36bravvvehi,i have server installed and i need some one to tested it with me
22:26.54agoodmbravvve, what testing do you need?
22:27.26bravvveconnection from outof my network
22:27.45agoodmbravvve, an unauthenticated call?
22:27.58bravvveyes
22:28.12agoodmbravvve, please provide details and ill see what i can do
22:30.21bravvveserveur TCP 41.100.78.71:5062 user id :2205 password:p2205
22:30.44agoodmbravvve, thats not an unauthenticated call so sorry i cant help
22:31.10agoodmbravvve, also with user/password combo like that open to the world expect to get hacked within hours
22:32.02bravvveagoodm:hacked how?stoping service?
22:32.13igcewielingheh, "The Pantelegraph was invented by the Italian physicist Giovanni Caselli. He introduced the first commercial telefax service between Paris and Lyon in 1865, some 11 years before the invention of the telephone."
22:32.56agoodmbravvve, there are a lot of people actively scanning for extensions with weak credentials and once found abusing them to perform toll fraud
22:36.05igcewielingas of 2011 the top catagory for fraud was "Compromised PBX/Voicemail Systems"
22:36.41agoodmigcewieling, little wonder when people blindly connect their pbx to the internet with stupid usernames/password combination :(
22:36.56igcewielingA smidgen under $5 million in losses for that catagory
22:37.12igcewielingagoodm: or expose their FreePBX GUI to the internet
22:37.41agoodmigcewieling, haha. I got hit a few years ago. ever since I've been very very very anal about security
22:38.16agoodmigcewieling, for me I had typoed in sip.conf the secret= parameter name... default is no secret :( or it used to be
22:38.18bravvvei have no anglophone,is there any risk?
22:38.23igcewielingagoodm: I work for a (small) phone company and am the one who prevents fraudulent use of our services.
22:38.54agoodmigcewieling, sounds fun :) more fun than my perplexing issue today :(
22:40.00igcewielingagoodm: We rarely have a problem anymore.  At most a customer PBX gets hacked and triggers either our own internal fraud alterts or the carrier fraud alerts.
22:40.46igcewieling(where customer pbx == customer installed, managed, non-asterisk pbx)
22:42.08agoodmigcewieling, mine was caught by the carriers fraud alerts thankfully, but then my auto failover kicked it over to the physical pstn phone line and they didnt catch it for several hours, about £400 worth of phone calls :( ultimately they decided that the bill must be due to fraud due to dialling patterns and waived the bill thankfully. after my close shave I learnt a lot more about security and implemented my new found knowlege :-
22:42.08agoodmP this was back in 2009
22:45.08bravvvewell,i'd installed asterisk to use it to communicate with my friends,and get some experience with it
22:46.02agoodmbravvve, grab a copy of the source code, and look at the file README-SERIOUSLY-bestpractices.txt
22:46.19agoodmbravvve, read it and implement the suggestions, if you dont you're going to end up in a world of hurt
22:46.54agoodmbravvve, hint: dont make your extension names easilly guessable if you can help it and make absolutly sure that your secrets are not easy to guess.
22:47.53bravvveagoodm:what problem can i get for example
22:48.01agoodmbravvve, toll fraud
22:48.32bravvveagoodm:am connected with adsl
22:48.54*** join/#asterisk [TK]D-Fender (~joe@64.235.216.2)
22:49.10agoodmbravvve, an attacker could perform any action that your 'authenticated user' could perform. including making chargable calls if you have the ability configured
22:49.52agoodmbravvve, if you make any stupid enough mistakes then an attacker could make chargable calls without authentication as well
22:50.47bravvveagoodm:what chargable calls meen?
22:51.01agoodmagoodm, they could perform actions that cost money
22:51.08agoodmbravvve, **
22:52.29bravvveusing adsl connection????
22:52.49agoodmigcewieling, I copied the sip.conf section from my broken server to another server thats working fine and the qualify is working properly from there so I guess at least I know my asterisk config is correct
22:53.10agoodmigcewieling, but I cant fathom why asterisk isnt seeing the packets that I am seeing in my capture :(
22:53.32agoodmbravvve, lets turn this around... what functions have you implemented in your phone system ?
22:53.39[TK]D-FenderShow us
22:53.51*** join/#asterisk lankanmon (~LKNnet@2607:fea8:d20:239:1cac:8830:f3f7:fd5a)
22:54.12agoodm[TK]D-Fender, me?
22:54.35[TK]D-Fenderyes
22:54.37bravvvenon,just adsl modem
22:54.59agoodm[TK]D-Fender, http://i.imgur.com/MtN1Qwd.jpg
22:55.30[TK]D-Fendernow for the chanell driver status dump and system firewall...
22:55.37agoodmbravvve, well, security is a good place to start your journey, otherwise your not going to have much fun
22:56.16agoodm[TK]D-Fender, firewall is coming up... could you explain how to do a channel driver status dump? do you mean sip show peers ?
22:56.34[TK]D-Fenderand "sip show settings" <-
22:56.51[TK]D-FenderAnd show you're enabling SIP debug
22:58.13bravvvenon,just adsl modem
22:58.42agoodmhttp://pastebin.com/L3ezNrNj
22:59.00agoodm[TK]D-Fender, sip debug im about to complete
22:59.47agoodm[TK]D-Fender, sip debug is basically just showing that its retransmitting to that peer over and over again
23:00.17agoodm[TK]D-Fender, however if you look at my imgur link above youll see that the other side is replying - but asterisk doesnt seem to be seeing the packets
23:03.53agoodm[TK]D-Fender, http://pastebin.com/JXCaghMA
23:04.02[TK]D-Fender3890  133K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
23:05.07agoodm[TK]D-Fender, thats the last rule in the chain... above that is     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:5060
23:05.07agoodm<PROTECTED>
23:05.27agoodm[TK]D-Fender, I've also temporarilly disabled the rules that were rate limiting but that hasnt helped
23:08.41agoodm[TK]D-Fender, for the sake of my sanity I've added a log before the final drop on the input chain, and we're not getting that far
23:08.44[TK]D-FenderTrash everything you can
23:08.48[TK]D-Fenderthat list is crazy big
23:08.56[TK]D-Fenderif that's your actual * server
23:09.07[TK]D-FenderOr is this another *NIX gateway box?
23:09.13agoodm[TK]D-Fender, its a big network and this is the gateway machine as well as the phone system
23:09.29[TK]D-FenderA lot of eggs in one basket and inviting trouble
23:09.36[TK]D-FenderNOT a good idea
23:10.20agoodm[TK]D-Fender, I've got literally dozens of boxes like this... this is one of the more complex admittedly as there is two sites linked with microwave links, two internet connections, tons of vlans with different access privs etc
23:11.10[TK]D-FenderPackets aren't making it because of firewalls.
23:11.17[TK]D-FenderThat's really the bottom line
23:11.28[TK]D-FenderIf you can't see the answer then it isn't hitting the stack for * to see
23:11.39[TK]D-FenderSo stare at it until yopu find the mistake
23:11.48[TK]D-Fenderbecause there is no other blocking layer from *
23:12.03agoodm[TK]D-Fender, the sensible thing here seems to be bung a log in before the accept rule to ensure we're getting to it... ill try it 1 sec
23:18.13agoodm[TK]D-Fender, well not getting that far, detective work time :)
23:20.09[TK]D-FenderStep 1; strip EVERYTHING
23:21.14agoodm[TK]D-Fender, step 2 would be drive to site with a monitor keyboard and mouse :D im running some checks now :) ill be sure to share what I find so we can all laugh at my blindness later :)
23:21.52[TK]D-FenderA1
23:28.31*** join/#asterisk Jesterboxboy (~Thunderbi@80-109-194-26.cable.dynamic.surfer.at)
23:29.51*** part/#asterisk kharwell (kharwell@nat/digium/x-ixoieixghgpepyad)
23:36.43agoodm[TK]D-Fender something very weird is going on with this box :( I inserted an iptables log line into the top of the INPUT table... basically iptables -I INPUT -s 94.75.247.45 -j LOG --log-prefix LocalPhone
23:37.23agoodm[TK]D-Fender, I did this on two boxes, one that is working and the troublesome one, the one thats working sees the traffic hitting INPUT and logs as you would expect... the problematic one doesnt
23:37.59agoodm[TK]D-Fender, im starting to think the problematic box might be rootkitted or something weird like that
23:38.38*** join/#asterisk Y04NN (~y04nn@2a01:e34:ef37:5870:e005:7d88:56c1:cbe1)
23:39.22WIMPyDid you say the box is multihomed?
23:39.40agoodmWIMPy, yes, but one internet connection is disabled at present for debugging
23:40.03agoodmWIMPy, so we just have ppp0 with external connectivity essentially atm
23:40.04WIMPyWhat does disabled mean?
23:40.32WIMPyNothing interesting in your routing table?
23:40.46agoodmWIMPy, the modem for it is physically disconnected
23:40.52WIMPy... with the rp filter biting you?
23:41.35agoodmWIMPy, mmm could be
23:41.52WIMPyI don't care if the 2nd link is working. Is it configured?
23:42.05agoodmWIMPy, the second link isnt configured
23:43.19agoodmWIMPy, I am seeing the traffic in a tcpdump but its not hitting *. I am also not seeing the traffic get logged with an iptables -I INPUT -s ipaddress -j LOG
23:43.36agoodmWIMPy, so its getting lost somewhere before iptables i guess
23:45.28WIMPySo what's in your PREROUTING?
23:46.31agoodmthe multi homed-ness basically cant work at present because the second sites internet connection is no longer existent due to company related issues (part of the company went bust and the supplier pulled the plug on that connection) but basically we had the ability to swap to using a different default gateway. the script basically killed the pppoe connection and did a root add default gw anotheripaddress anotherinterface
23:47.33agoodmWIMPy, we just have some DNAT rules, basically port forward 80 to the web server, 3389 to some box that needs rdp etc
23:48.56*** join/#asterisk TandyUK (~admin@87.252.44.195)
23:49.02agoodmtheres also a metric butt load of rules in mangle tables to mark up the traffic for the QoS but none of that can cause drops :)
23:49.48agoodmI'm going to grab a known good firewall template copy it over, make some minor modifications and see if its still broken
23:51.07[TK]D-Fenderactuall, pastebin the OUTGOING that's working
23:51.13[TK]D-FenderI want to see what it's using
23:51.40agoodm[TK]D-Fender, output policy is accept and there are 0 rules
23:51.50*** join/#asterisk pcarlino (~pablo@2800:810:410:580:157f:e8ce:95a8:7473)
23:53.42pcarlinohi somebody knows if i can make "a camera connected to the asterisk server"the video source for a sip call
23:54.09SamotYou need an IP camera that supports SIP.
23:55.10SamotGenerally phones that can support video either have a built in camera or a camera addon that can be plugged into the phone.
23:57.21pcarlinoSamot yes but i need to send a cctv video. Is that possible.
23:57.41SamotThere are IP cameras for this.
23:58.10SamotThere are entire IP based video surveillance systems.
23:58.14pcarlinoSamot the video is going to only a phone. I dont need two way video
23:58.24SamotI know.
23:58.30SamotThere are IP based systems for this.
23:58.55SamotThat will relay the data via the Internet and do digital storage locally or remotely.
23:59.47pcarlinoyes. The problem is i,trying somthing and i haven't that money to spend.
23:59.50[TK]D-Fenderagoodm, I want to see the PACKET
23:59.54[TK]D-FenderI know it goes out
23:59.58SamotAre you saying you want the camera to start a video call to a phone?

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.