blox

   
Girish
Girish
Posts: 14


8/4/2017
Girish
Girish
Posts: 14
Hello Folks,

I am new to Blox and exploring the capabilities. The flow is my scenario is using Upper Registration , Roaming users. The Client is registered and able to make calls successfully, but when Blox sends the 183 back to the SIP client it is not using Blox external IP in the media but using the Asterisk internal IP which is passed on (So the SIP client is trying to send Media to the local IP address of asterisk which is obviously not reachable from outside world). Is there any special setting to enable RTP Proxy via Blox.


SIP Client -> Blox External Interface (Roaming User) - Internal Interface -> Asterisk.
edited by Girish on 8/4/2017
0 link
bloxsupport1
bloxsupport1
Posts: 109


8/6/2017
bloxsupport1
bloxsupport1
Posts: 109
Is your blox setup is behind firewall NAT ? Does Asterisk PBX resides in internal network(LAN) or Public IP address ?
what is your deployment scenario ?
edited by bloxsupport1 on 8/6/2017
0 link
Girish
Girish
Posts: 14


8/6/2017
Girish
Girish
Posts: 14
Support,

No the Blox is not being firewall NAT. The Asterisk is on internal LAN (192.168.5.xx)

Endpoint is an external users using Zoiper on the mobile roaming.

The blox is providing the LAN 192.168.5.xx to the Zoiper client ..
0 link
bloxsupport1
bloxsupport1
Posts: 109


8/7/2017
bloxsupport1
bloxsupport1
Posts: 109
Can you share screenshot the media profile ?
also output of following command

$ iptables -L -n
$ ps ax | grep rtp
0 link
Girish
Girish
Posts: 14


8/7/2017
Girish
Girish
Posts: 14
Support,

Appreciate your quick response.

The rtp command is not showing anything, looks some process / service is not running, Please do let me know which process / service should be running and how to start it if needed.


ps ax | grep rtp
14946 pts/0 S+ 0:00 grep rtp



******************************************************************O/P for Iptables ***************************************

iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.100.0/24 0.0.0.0/0
ACCEPT all -- 203.147.62.137 0.0.0.0/0
DEFAULT_INPUT all -- 0.0.0.0/0 0.0.0.0/0
MINIUPNPD all -- 0.0.0.0/0 0.0.0.0/0
INPUT_ACCESS_RULES all -- 0.0.0.0/0 0.0.0.0/0
ACCESS_FILTER all -- 0.0.0.0/0 0.0.0.0/0
INPUT_FILTER all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
rtpengine udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:16000:24000
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DEFAULT_FILTER all -- 0.0.0.0/0 0.0.0.0/0
MEDIA_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
DOS_CONTROL all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain ACCESS_FILTER (1 references)
target prot opt source destination
ROAMING_ACCESS_FILTER all -- 0.0.0.0/0 0.0.0.0/0
SIP_PROFILE_ACCESS_FILTER all -- 0.0.0.0/0 0.0.0.0/0
TRUNK_ACCESS_FILTER all -- 0.0.0.0/0 0.0.0.0/0

Chain BLACKLIST (1 references)
target prot opt source destination

Chain DEFAULT_FILTER (1 references)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
DROP udp -- 0.0.0.0/0 0.0.0.0/0 length 65535

Chain DEFAULT_INPUT (1 references)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
DROP udp -- 0.0.0.0/0 0.0.0.0/0 length 65535

Chain DOS_CONTROL (1 references)
target prot opt source destination
FW tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1111/sec burst 128
FW tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5000/sec burst 96
FW udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10000/sec burst 198
FW icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 10
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain DYNAMIC_BLACKLIST_FORWARD (1 references)
target prot opt source destination

Chain FIREWALL_RULES (1 references)
target prot opt source destination
FW_SBC_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 22
FW_SBC_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 23
FW_SBC_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 80,443,8080,8088
FW_SBC_FILTER icmp -- 0.0.0.0/0 0.0.0.0/0
FW_SBC_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 67,68
FW_SBC_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 53
FW_SBC_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 53
FW_SBC_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 123

Chain FW (4 references)
target prot opt source destination
FIREWALL_RULES all -- 0.0.0.0/0 0.0.0.0/0
PORT_FW_RULES all -- 0.0.0.0/0 0.0.0.0/0
FW_SBC_FILTER all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FW_BLACKLIST (1 references)
target prot opt source destination

Chain FW_GEO_FILTER (1 references)
target prot opt source destination
ACCEPT all -- 10.0.0.0/8 0.0.0.0/0
ACCEPT all -- 172.16.0.0/12 0.0.0.0/0
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 10.0.0.0/8
ACCEPT all -- 0.0.0.0/0 172.16.0.0/12
ACCEPT all -- 0.0.0.0/0 192.168.0.0/16
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain FW_SBC_FILTER (9 references)
target prot opt source destination
FW_WHITELIST all -- 0.0.0.0/0 0.0.0.0/0
FW_BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0
FW_GEO_FILTER all -- 0.0.0.0/0 0.0.0.0/0

Chain FW_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain GEO_FILTER (1 references)
target prot opt source destination
IPS_INSPECT all -- 10.0.0.0/8 0.0.0.0/0
IPS_INSPECT all -- 172.16.0.0/12 0.0.0.0/0
IPS_INSPECT all -- 192.168.0.0/16 0.0.0.0/0
IPS_INSPECT all -- 0.0.0.0/0 10.0.0.0/8
IPS_INSPECT all -- 0.0.0.0/0 172.16.0.0/12
IPS_INSPECT all -- 0.0.0.0/0 192.168.0.0/16
IPS_INSPECT all -- 0.0.0.0/0 0.0.0.0/0

Chain INPUT_ACCESS_RULES (1 references)
target prot opt source destination
INPUT_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
INPUT_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
INPUT_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
INPUT_FILTER icmp -- 0.0.0.0/0 0.0.0.0/0
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 25
INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport sports 67
INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport sports 53
INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport sports 123
INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 500
INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 4500

Chain INPUT_FILTER (10 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain IPS_INSPECT (7 references)
target prot opt source destination
ROAMING_IPS_INSPECT all -- 0.0.0.0/0 0.0.0.0/0
SIP_PROFILE_IPS_INSPECT all -- 0.0.0.0/0 0.0.0.0/0
TRUNK_IPS_INSPECT all -- 0.0.0.0/0 0.0.0.0/0

Chain MEDIA_FORWARD (1 references)
target prot opt source destination

Chain MINIUPNPD (1 references)
target prot opt source destination

Chain PORT_FW_RULES (1 references)
target prot opt source destination

Chain ROAMING_ACCESS_FILTER (1 references)
target prot opt source destination

Chain ROAMING_IPS_INSPECT (1 references)
target prot opt source destination

Chain SBC_FILTER (2 references)
target prot opt source destination
WHITELIST all -- 0.0.0.0/0 0.0.0.0/0
BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0
DYNAMIC_BLACKLIST_FORWARD all -- 0.0.0.0/0 0.0.0.0/0
GEO_FILTER all -- 0.0.0.0/0 0.0.0.0/0

Chain SIP_PROFILE_ACCESS_FILTER (1 references)
target prot opt source destination
SBC_FILTER udp -- 0.0.0.0/0 192.168.100.75 udp dpt:5060
SBC_FILTER udp -- 0.0.0.0/0 203.147.62.15 udp dpt:5065

Chain SIP_PROFILE_IPS_INSPECT (1 references)
target prot opt source destination
NFQUEUE udp -- 0.0.0.0/0 192.168.100.75 udp dpt:5060 NFQUEUE num 0
NFQUEUE udp -- 0.0.0.0/0 203.147.62.15 udp dpt:5065 NFQUEUE num 0

Chain TRUNK_ACCESS_FILTER (1 references)
target prot opt source destination

Chain TRUNK_IPS_INSPECT (1 references)
target prot opt source destination

Chain WHITELIST (1 references)
target prot opt source destination

Chain rtpengine (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:16000:24000
0 link
bloxsupport1
bloxsupport1
Posts: 109


8/7/2017
bloxsupport1
bloxsupport1
Posts: 109
have you created media profile ? Can you share screenshot the media profile ?
0 link
Girish
Girish
Posts: 14


8/7/2017
Girish
Girish
Posts: 14
Sure , please find attached, i have just erased of the last two octets of the IP address

Attachments:
Untitled.png
0 link
Girish
Girish
Posts: 14


8/7/2017
Girish
Girish
Posts: 14
Support,

Could this be creating the issue ?



Unloading module for in-kernel packet forwarding
iptables: No chain/target/match by that name.
cmd_exec:echo 'del 0' > /proc/rtpengine/control; rmmod xt_RTPENGINE:
/etc/init.d/rtpengine: line 204: /proc/rtpengine/control: No such file or directory
ERROR: Module xt_RTPENGINE does not exist in /proc/modules
/etc/init.d/rtpengine: line 204: /proc/rtpengine/control: No such file or directory
ERROR: Module xt_RTPENGINE does not exist in /proc/modules
/etc/init.d/rtpengine: line 204: /proc/rtpengine/control: No such file or directory
ERROR: Module xt_RTPENGINE does not exist in /proc/modules
Loading module for in-kernel packet forwarding
FATAL: Module xt_RTPENGINE not found.
iptables: No chain/target/match by that name.
Starting rtpengine: daemon /usr/sbin/rtpengine --pidfile=/var/run/Media.conf.pid /usr/sbin/rtpengine --pidfile /var/run/Media.conf.pid --table=0 --no-fallback --interface=internal/192.168.100.75 --interface=external/203.147.62.15 --interface=publicif/203.147.62.15 --listen-ng=127.0.0.1:2224 --listen-cli=127.0.0.1:2225 --port-min=16000 --port-max=24000 --log-level=7 --log-facility=local1
FAILED TO CREATE KERNEL TABLE 0, KERNEL FORWARDING DISABLED
0 link
Girish
Girish
Posts: 14


8/7/2017
Girish
Girish
Posts: 14
Support.

Manage to resolve it. I had a different kernel loaded ....Thanks for the help.
0 link
bloxsupport1
bloxsupport1
Posts: 109


8/7/2017
bloxsupport1
bloxsupport1
Posts: 109
I guess you have upgraded the kernel

here is the info for other folks to resolve the issue if you have upgraded, since the module is pre-compiled for kernel 2.6.32-358.el6.x86_64
we can't grantee it works always for updated kernel
but still a workaround is here


$ mkdir -p /lib/modules/$(uname -r)/update/; cp -av /lib/modules/2.6.32-358.el6.x86_64/updates/xt_RTPENGINE.ko /lib/modules/$(uname -r)/updates/ ; depmod -a
edited by bloxsupport1 on 8/7/2017
0 link






Powered by blox.org 1.0.0.0 © 2015