8/4/2017
Topic:
Topology Hiding
Girish
|
Hello Folks,
I am new to Blox and exploring the capabilities. The flow is my scenario is using Upper Registration , Roaming users. The Client is registered and able to make calls successfully, but when Blox sends the 183 back to the SIP client it is not using Blox external IP in the media but using the Asterisk internal IP which is passed on (So the SIP client is trying to send Media to the local IP address of asterisk which is obviously not reachable from outside world). Is there any special setting to enable RTP Proxy via Blox.
SIP Client -> Blox External Interface (Roaming User) - Internal Interface -> Asterisk. edited by Girish on 8/4/2017 |
8/6/2017
Topic:
Blox Features
Girish
|
RTP pass through whereby the RTP header will be rewritten in the SBC to use itself as an RTP Proxy. -- any one has tried this ? Can please advise how to do it ? |
8/6/2017
Topic:
Topology Hiding
Girish
|
Support,
No the Blox is not being firewall NAT. The Asterisk is on internal LAN (192.168.5.xx)
Endpoint is an external users using Zoiper on the mobile roaming.
The blox is providing the LAN 192.168.5.xx to the Zoiper client .. |
8/7/2017
Topic:
Topology Hiding
Girish
|
Support,
Appreciate your quick response.
The rtp command is not showing anything, looks some process / service is not running, Please do let me know which process / service should be running and how to start it if needed.
ps ax | grep rtp 14946 pts/0 S+ 0:00 grep rtp
******************************************************************O/P for Iptables ***************************************
iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 192.168.100.0/24 0.0.0.0/0 ACCEPT all -- 203.147.62.137 0.0.0.0/0 DEFAULT_INPUT all -- 0.0.0.0/0 0.0.0.0/0 MINIUPNPD all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ACCESS_RULES all -- 0.0.0.0/0 0.0.0.0/0 ACCESS_FILTER all -- 0.0.0.0/0 0.0.0.0/0 INPUT_FILTER all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED rtpengine udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:16000:24000 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT) target prot opt source destination DEFAULT_FILTER all -- 0.0.0.0/0 0.0.0.0/0 MEDIA_FORWARD all -- 0.0.0.0/0 0.0.0.0/0 DOS_CONTROL all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain ACCESS_FILTER (1 references) target prot opt source destination ROAMING_ACCESS_FILTER all -- 0.0.0.0/0 0.0.0.0/0 SIP_PROFILE_ACCESS_FILTER all -- 0.0.0.0/0 0.0.0.0/0 TRUNK_ACCESS_FILTER all -- 0.0.0.0/0 0.0.0.0/0
Chain BLACKLIST (1 references) target prot opt source destination
Chain DEFAULT_FILTER (1 references) target prot opt source destination DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 DROP udp -- 0.0.0.0/0 0.0.0.0/0 length 65535
Chain DEFAULT_INPUT (1 references) target prot opt source destination DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 DROP udp -- 0.0.0.0/0 0.0.0.0/0 length 65535
Chain DOS_CONTROL (1 references) target prot opt source destination FW tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1111/sec burst 128 FW tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5000/sec burst 96 FW udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10000/sec burst 198 FW icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 10 DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain DYNAMIC_BLACKLIST_FORWARD (1 references) target prot opt source destination
Chain FIREWALL_RULES (1 references) target prot opt source destination FW_SBC_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 22 FW_SBC_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 23 FW_SBC_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 80,443,8080,8088 FW_SBC_FILTER icmp -- 0.0.0.0/0 0.0.0.0/0 FW_SBC_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 67,68 FW_SBC_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 53 FW_SBC_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 53 FW_SBC_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 123
Chain FW (4 references) target prot opt source destination FIREWALL_RULES all -- 0.0.0.0/0 0.0.0.0/0 PORT_FW_RULES all -- 0.0.0.0/0 0.0.0.0/0 FW_SBC_FILTER all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FW_BLACKLIST (1 references) target prot opt source destination
Chain FW_GEO_FILTER (1 references) target prot opt source destination ACCEPT all -- 10.0.0.0/8 0.0.0.0/0 ACCEPT all -- 172.16.0.0/12 0.0.0.0/0 ACCEPT all -- 192.168.0.0/16 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 10.0.0.0/8 ACCEPT all -- 0.0.0.0/0 172.16.0.0/12 ACCEPT all -- 0.0.0.0/0 192.168.0.0/16 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain FW_SBC_FILTER (9 references) target prot opt source destination FW_WHITELIST all -- 0.0.0.0/0 0.0.0.0/0 FW_BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0 FW_GEO_FILTER all -- 0.0.0.0/0 0.0.0.0/0
Chain FW_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain GEO_FILTER (1 references) target prot opt source destination IPS_INSPECT all -- 10.0.0.0/8 0.0.0.0/0 IPS_INSPECT all -- 172.16.0.0/12 0.0.0.0/0 IPS_INSPECT all -- 192.168.0.0/16 0.0.0.0/0 IPS_INSPECT all -- 0.0.0.0/0 10.0.0.0/8 IPS_INSPECT all -- 0.0.0.0/0 172.16.0.0/12 IPS_INSPECT all -- 0.0.0.0/0 192.168.0.0/16 IPS_INSPECT all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT_ACCESS_RULES (1 references) target prot opt source destination INPUT_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 INPUT_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 INPUT_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 INPUT_FILTER icmp -- 0.0.0.0/0 0.0.0.0/0 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 25 INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport sports 67 INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport sports 53 INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport sports 123 INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 500 INPUT_FILTER udp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 4500
Chain INPUT_FILTER (10 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain IPS_INSPECT (7 references) target prot opt source destination ROAMING_IPS_INSPECT all -- 0.0.0.0/0 0.0.0.0/0 SIP_PROFILE_IPS_INSPECT all -- 0.0.0.0/0 0.0.0.0/0 TRUNK_IPS_INSPECT all -- 0.0.0.0/0 0.0.0.0/0
Chain MEDIA_FORWARD (1 references) target prot opt source destination
Chain MINIUPNPD (1 references) target prot opt source destination
Chain PORT_FW_RULES (1 references) target prot opt source destination
Chain ROAMING_ACCESS_FILTER (1 references) target prot opt source destination
Chain ROAMING_IPS_INSPECT (1 references) target prot opt source destination
Chain SBC_FILTER (2 references) target prot opt source destination WHITELIST all -- 0.0.0.0/0 0.0.0.0/0 BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0 DYNAMIC_BLACKLIST_FORWARD all -- 0.0.0.0/0 0.0.0.0/0 GEO_FILTER all -- 0.0.0.0/0 0.0.0.0/0
Chain SIP_PROFILE_ACCESS_FILTER (1 references) target prot opt source destination SBC_FILTER udp -- 0.0.0.0/0 192.168.100.75 udp dpt:5060 SBC_FILTER udp -- 0.0.0.0/0 203.147.62.15 udp dpt:5065
Chain SIP_PROFILE_IPS_INSPECT (1 references) target prot opt source destination NFQUEUE udp -- 0.0.0.0/0 192.168.100.75 udp dpt:5060 NFQUEUE num 0 NFQUEUE udp -- 0.0.0.0/0 203.147.62.15 udp dpt:5065 NFQUEUE num 0
Chain TRUNK_ACCESS_FILTER (1 references) target prot opt source destination
Chain TRUNK_IPS_INSPECT (1 references) target prot opt source destination
Chain WHITELIST (1 references) target prot opt source destination
Chain rtpengine (1 references) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:16000:24000 |
8/7/2017
Topic:
Topology Hiding
Girish
|
Sure , please find attached, i have just erased of the last two octets of the IP address |
8/7/2017
Topic:
Topology Hiding
Girish
|
Support,
Could this be creating the issue ?
Unloading module for in-kernel packet forwarding iptables: No chain/target/match by that name. cmd_exec:echo 'del 0' > /proc/rtpengine/control; rmmod xt_RTPENGINE: /etc/init.d/rtpengine: line 204: /proc/rtpengine/control: No such file or directory ERROR: Module xt_RTPENGINE does not exist in /proc/modules /etc/init.d/rtpengine: line 204: /proc/rtpengine/control: No such file or directory ERROR: Module xt_RTPENGINE does not exist in /proc/modules /etc/init.d/rtpengine: line 204: /proc/rtpengine/control: No such file or directory ERROR: Module xt_RTPENGINE does not exist in /proc/modules Loading module for in-kernel packet forwarding FATAL: Module xt_RTPENGINE not found. iptables: No chain/target/match by that name. Starting rtpengine: daemon /usr/sbin/rtpengine --pidfile=/var/run/Media.conf.pid /usr/sbin/rtpengine --pidfile /var/run/Media.conf.pid --table=0 --no-fallback --interface=internal/192.168.100.75 --interface=external/203.147.62.15 --interface=publicif/203.147.62.15 --listen-ng=127.0.0.1:2224 --listen-cli=127.0.0.1:2225 --port-min=16000 --port-max=24000 --log-level=7 --log-facility=local1 FAILED TO CREATE KERNEL TABLE 0, KERNEL FORWARDING DISABLED |
8/7/2017
Topic:
Topology Hiding
Girish
|
Support.
Manage to resolve it. I had a different kernel loaded ....Thanks for the help. |
8/15/2017
Topic:
Geo IP List
Girish
|
Can we manually add / edit the GEO IP list. If so where is it stored. |
8/19/2017
Topic:
CRITICAL:core:receive
Girish
|
Support,
The service was running fine for few days and suddenly got the below messages and had to reboot the server. Can you please help.
blox_opensips-1.0.4-8.x86_64 blox_ministun_client-1.0.4-8.x86_64 blox_security-1.0.4-8.x86_64 blox-rpm-keys-1.0.4-8.x86_64 blox_rtppinhole-1.0.4-8.x86_64 blox_core-1.0.4-8.x86_64 freeblox-1.0.4-8.x86_64 blox_rtpengine-1.0.4-8.x86_64
Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15797]: CRITICAL:core:receive_fd: EOF on 30 Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15719]: INFO:core:handle_sigs: child process 15763 exited by a signal 11 Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15719]: INFO:core:handle_sigs: core was generated Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15719]: INFO:core:handle_sigs: terminating due to SIGCHLD Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15794]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15793]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15790]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15789]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15784]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15783]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15782]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15778]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15741]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15747]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15771]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15748]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15740]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15749]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15770]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15772]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15773]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15758]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15777]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15736]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15739]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15738]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15733]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15734]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15728]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15737]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15797]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15732]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15759]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15729]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15779]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15761]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15760]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15762]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15735]: INFO:core:sig_usr: signal 15 received Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15719]: INFO:core:cleanup: cleanup Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15719]: NOTICE:event_datagram:destroy: destroy module ...
Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15719]: INFO:db_mysql:switch_state_to_disconnected: disconnect event for 0x7f9e689592f0 Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15719]: INFO:db_mysql:reset_all_statements: reseting all statements on connection: (0x7f9e6895a318) 0x7f9e689592f0 Aug 19 11:55:12 BloXeSBC blox-1-0-4-stable[15719]: INFO:db_mysql:connect_with_retry: re-connected successful for 0x7f9e689592f0 Aug 19 11:56:12 BloXeSBC blox-1-0-4-stable[15719]: CRITICAL:core:sig_alarm_abort: BUG - shutdown timeout triggered, dying... Aug 19 11:56:37 BloXeSBC rtpengine[15503]: [901a8c25997c3d51-12035180] Closing call due to timeout Aug 19 11:56:37 BloXeSBC rtpengine[15503]: [901a8c25997c3d51-12035180] Final packet stats: |
8/19/2017
Topic:
Codec negotiation
Girish
|
Hello Support.
Is it possible to enable only G711 A and Mu Codecs for negotiation when placing out and disable other Codecs. I don't want transcoding but always use G711 if offered and offer G711.
Since no transcoding, the incoming offer has G711, G729 but SBC is sending out G729, G711 to the B party and one leg is on G729 and one leg is on G711 resulting in no audio.
If so how to enable / disbale the codes for offer.... |
8/19/2017
Topic:
CRITICAL:core:receive
Girish
|
Sorry the firmware version details are wrong, the below is right
blox-rpm-keys-1.0.5-2.x86_64 blox_rtpengine-1.0.5-2.x86_64 blox_rtppinhole-1.0.5-2.x86_64 blox_ministun_client-1.0.5-2.x86_64 blox_security-1.0.5-2.x86_64 freeblox-1.0.4-8.x86_64 blox_core-1.0.5-2.x86_64 blox_opensips-1.0.5-2.x86_64 |
8/19/2017
Topic:
Firewall Rules for RTP Engine
Girish
|
Hello Support,
I face this issue where once the service is restarted I can see the below lines in the firewall opening the RTP engine and ports.
Chain rtpengine (1 references) pkts bytes target prot opt in out source destination 0 0 RTPENGINE udp -- * * 0.0.0.0/0 0.0.0.0/0 RTPENGINE id:0 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:16000:20001
Once I make any changes on the Geo IP Filter like say I remove a country (block a country from the list) and click apply changes then) the firewall rules of RTP engine disappears until I go and change the port under Media from 20001 to say 20002 and apply changes the Rules chain is back.
Please help. edited by Girish on 8/19/2017 |
8/21/2017
Topic:
CRITICAL:core:receive
Girish
|
Sure, let me arrange and send it. In the mean time do you need any logs that can be useful to check on the same ? |
8/21/2017
Topic:
CRITICAL:core:receive
Girish
|
Sure, let me arrange and send it. In the mean time do you need any logs that can be useful to check on the same ? |
10/3/2017
Topic:
Restart from Web
Girish
|
Support,
Can you tell me if there is a single script that is called when the user clicks the Restart services from the web, if so what is the script name and where is it located. |
12/29/2017
Topic:
Geo IP Black list is not loaded on Firewall
Girish
|
Support,
Updated to 1.0.6-19. After upgrade seems the Geo-IP list is not getting loaded on the firewall. I dont see the countries IP in the GEO FILTER blocked list on the firewall.
blox_rtpengine-1.0.6-19.x86_64 blox_opensips-debuginfo-1.0.5-2.x86_64 blox-rpm-keys-1.0.6-19.x86_64 blox_rtppinhole-1.0.6-19.x86_64 blox_ministun_client-1.0.6-19.x86_64 blox_security-1.0.6-19.x86_64 freeblox-1.0.4-8.x86_64 blox_core-1.0.6-19.x86_64 blox_opensips-1.0.6-19.x86_64 |
2/7/2018
Topic:
Blox sending Options to Private IP
Girish
|
Hello Guys,
We are facing an issue where the Blox is sending SIP OPTIONS to the Private IP address of the Client rather than to the Public IP. How can it be fixed. Also I am unable to change any settings under Singalling -> General Settings page. When I change something and click save the page is not refreshing. Is that a bug. Below are the version details.
Attached file showing SBC sending to the Private IP of the client.
[root@bloxesbc opensips]# rpm -qa | grep blox blox_rtpengine-1.0.6-19.x86_64 blox_opensips-debuginfo-1.0.5-2.x86_64 blox-rpm-keys-1.0.6-19.x86_64 blox_rtppinhole-1.0.6-19.x86_64 blox_ministun_client-1.0.6-19.x86_64 blox_security-1.0.6-19.x86_64 freeblox-1.0.6-19.x86_64 blox_core-1.0.6-19.x86_64 blox_opensips-1.0.6-19.x86_64 |
2/7/2018
Topic:
Blox sending Options to Private IP
Girish
|
While on call resulting in sending BYE to either side as OPTIONS is not being responded by Client. |
2/7/2018
Topic:
Blox sending Options to Private IP
Girish
|
While on call resulting in sending BYE to either side as OPTIONS is not being responded by Client. |
5/15/2018
Topic:
Call Flow on RTP
Girish
|
Support,
I am facing an issue where lets say
SIP Client registers (Roaming User) on the External IP and then forwarded to the asterisk via the blox Internal IP. (Phone is able to register). I have three phones (1002, 1006 and 1005) registered in the fashion.
When 1005 calls 1006, the INVITE is received on the external port is then sent to asterisk using the Internal port. When asterisk sends the INVITE back to the Internal port of the blox, blox then sends the INVITE back to the External port to the SIP client. All is working fine here, just that when the INVITE from the Internal is sent to the External port , blox is not proxying the media but sending the Media IP address of the asterisk. How can we avoid this , what settings should I put. |