Recently I had to change the port Asterisk listens to (non-standard, to hide from bruteforce attacks), but at the same time I wanted to not break the system for all current users. So I needed some way to listen to two ports for some time.
I did some research in the Internet and found the only one solution - via iptables REDIRECT
For some reason it was not working for me, and I found many discussions saying that lots of people can't get it working either.
Despite the statistics for rule say that there are packets processed by the rule, they did not reach the Asterisk. Moreover, the statistic is kind of strange - only 8 packets per hour... is way too few for system with 100 active users, I guess.
AND here starts the strange thing. Despite statistics saying that so few packets are redirected to the new port, almost all peers went up - with the new port.
Then i get to tcpdump... And I see some weird stuff:
(A.A.A.A is client and B.B.B.B is asterisk)
14:41:38.506577 IP A.A.A.A.53082 > B.B.B.B.11111: UDP, length 512
14:41:38.506806 IP B.B.B.B > A.A.A.A: ICMP B.B.B.B udp port 11111 unreachable, length 548
Here ^^, some client trying to access the old port, and getting Port Unreachable reply. But here:
14:41:49.396724 IP A.A.A.A.65027 > B.B.B.B.11111: UDP, length 673
14:41:49.397742 IP B.B.B.B.11111 > A.A.A.A.65027: UDP, length 555
14:41:49.397819 IP B.B.B.B.11111 > A.A.A.A.65027: UDP, length 560
some other client accessing the very same port, and Asterisk accepts request! Despite having another port in sip.conf, and netstat showing that no process is listening to the 11111 port.
tcpdump'ing with port filter shows that Asterisk has lots of active conversations on both ports - the old one and the new one.
Would you kindly share some holy wisdom and explain me how can Asterisk listen to both ports simultaneously, despite all configs?
And, sorry for long post. Couldn't make it shorter.
With Best Regards
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Gnu Gatekeeper] [IETF Sipping] [Info Cyrus] [ALSA User] [Fedora Linux Users] [DCCP] [Gimp] [100% Free Online Dating] [Yosemite News] [Arts & Crafts] [Yosemite Photos] [Deep Creek Hot Springs] [Yosemite Campsites] [ISDN Cause Codes]