[App_rpt-users] Registration Issues

Bobby Lacey kf4gta at amsat.org
Sun Dec 27 17:28:28 UTC 2015


Thank you for the info, Tim & Lu! Since I'm not running NAT on my 44
subnet, I don't do any masquerade rules. I'm only adding firewall filter
rules to open the firewall up for 4569 since I block everything by default.

Strangely enough, everything started working again this morning with no
intervention on my part! My nodes on my 44 subnet are all registered.
Again, same issue as last time - so, we'll see how long this lasts! Would
really like to figure out why it does this every few months.

Thanks again for everyone's help!

73
Bobby
KF4GTA

On Sun, Dec 27, 2015 at 6:45 AM, Lu V <luvencl8 at gmail.com> wrote:

> I have an issue that comes up from time to time with my setup in Colorado.
> The first time it happened, I  changed the port in Allstar to another port
> and that was the fix. I thought it was my ISP blocking 4569.
> Then a month later it happened again. So I changed the port again and of
> course made the forwarding rule change in my router.
> After a few iterations of this, I decided that the next time this happens,
> that I would just blow away to rule and rebuild it and see what happens.
> Sure enough that was the key to fix the issue. Keep in mind, it takes a
> little while sometimes for all the other nodes to see that you registered
> by the update to the ip list ,but in my case the problem seems to be with
> the router. It is a two wire DSL router and one day I will replace it with
> one that someone could recommend. But for whatever it is worth, I am able
> to log into the modem remotely and issue a restart. I have found that
> sometimes it takes 2 to 3 restarts to the modem/router and the problem is
> resolved. I don't understand why this continues to be a problem but it
> could possibly be similar in your case.
>
> Lu Vencl
> KA4EPS
>
> On Dec 26, 2015, at 10:25 PM, Tim Sawyer <tisawyer at gmail.com> wrote:
>
> I had a hell of a time getting a MikroTik router to let AllStar register.
> The big trick is to insure outbound masqueraded packets go out the WAN
> interface. Otherwise they come back at you and confuse the heck out of
> Asterisk.
>
> Here's my masquerade rule:
> add action=masquerade chain=srcnat out-interface=ether1-WAN src-address=
> 192.168.1.0/24
>
> And just fyi, here's my forwarding rule:
> add action=dst-nat chain=dstnat  dst-port=4569 in-interface=ether1-WAN
> protocol=udp to-addresses=192.168.1.6 to-ports=4569
>
>
>
> On Sat, Dec 26, 2015 at 3:56 PM, Bobby Lacey <kf4gta at amsat.org> wrote:
>
>> I still haven't been able to figure out when it keeps trying to register,
>> but never does. All port forwards are set on my Mikrotik edge router. Like
>> I said earlier, it works for months on end and then has trouble registering
>> all of a sudden. Has anyone else had any registration issues using a
>> Mikrotik device? IAX has been stuck on the Registering/Retrying/Timeout for
>> about 5 days now.
>>
>> Thank you for any help!
>> 73
>> Bobby
>>
>> On Wed, Dec 23, 2015 at 10:16 PM, Bobby Lacey <kf4gta at amsat.org> wrote:
>>
>>> Hi David,
>>>
>>> Yes - source IP is the same 44/8 address that the allstar node is using
>>> for registering.
>>>
>>> [root at 146-760 ~]# wget http://ipinfo.io/ip -qO -
>>> 44.36.x.x
>>>
>>> Just strange that it works for months, then stops all of a sudden?
>>>
>>> Thanks for your help!
>>>
>>> 73
>>>
>>> Bobby
>>>
>>> On Wed, Dec 23, 2015 at 1:00 PM, David McGough <kb4fxc at inttek.net>
>>> wrote:
>>>
>>>>
>>>> Hi,
>>>>
>>>> I think you're hitting a security feature of the Registration System.
>>>>
>>>> When running wget (or the node info collection scripts, like:
>>>> rc.updatenodelist), you must use the same source IP address as
>>>> used during the Asterisk registration requests sent from Asterisk when
>>>> it
>>>> is running. And, your node must be properly registered to retrieve the
>>>> node list.
>>>>
>>>> So, is the source IP address of the AllStar/Asterisk server on the
>>>> 44.0.0.0/8 network?  And, if so, when running wget, do you use the same
>>>> source IP address as Asterisk?  If not, these addresses must be the
>>>> same.
>>>>
>>>>
>>>> Merry Christmas and Happy Holidays!!
>>>>
>>>> 73, David KB4FXC
>>>>
>>>>
>>>> On Wed, 23 Dec 2015, Bobby Lacey wrote:
>>>>
>>>> > Hello!
>>>> >
>>>> > Every few months, we run into a problem where our nodes will
>>>> de-register
>>>> > with register.allstarlink.org and just set there before timing out
>>>> and
>>>> > retrying. It never does register until it just magically starts
>>>> working
>>>> > again often many days later.
>>>> >
>>>> > I haven't really had time to troubleshooted it before, but since I'm
>>>> home
>>>> > from work for a few days, I'm trying to trace down the problem.
>>>> >
>>>> > Something interesting I've found: These nodes are sitting on my 44Net
>>>> (
>>>> > 44.0.0.0/8) address space and get the following when I try to wget
>>>> nodes.pl:
>>>> >
>>>> > [root at 146-760 ~]# wget http://nodes1.allstarlink.org/cgi-bin/nodes.pl
>>>> > --2015-12-23 11:36:23--
>>>> http://nodes1.allstarlink.org/cgi-bin/nodes.pl
>>>> > Resolving nodes1.allstarlink.org (nodes1.allstarlink.org)...
>>>> 96.36.57.202
>>>> > Connecting to nodes1.allstarlink.org
>>>> > (nodes1.allstarlink.org)|96.36.57.202|:80...
>>>> > connected.
>>>> > HTTP request sent, awaiting response... 403
>>>> > 2015-12-23 11:36:23 ERROR 403: (no description).
>>>> >
>>>> > [root at 146-760 ~]# wget http://nodes2.allstarlink.org/cgi-bin/nodes.pl
>>>> > --2015-12-23 11:36:57--
>>>> http://nodes2.allstarlink.org/cgi-bin/nodes.pl
>>>> > Resolving nodes2.allstarlink.org (nodes2.allstarlink.org)...
>>>> 209.159.155.200
>>>> > Connecting to nodes2.allstarlink.org
>>>> > (nodes2.allstarlink.org)|209.159.155.200|:80...
>>>> > connected.
>>>> > HTTP request sent, awaiting response... 403 Forbidden
>>>> > 2015-12-23 11:36:57 ERROR 403: Forbidden.
>>>> >
>>>> > [root at 146-760 ~]# wget http://nodes3.allstarlink.org/cgi-bin/nodes.pl
>>>> > --2015-12-23 11:37:28--
>>>> http://nodes3.allstarlink.org/cgi-bin/nodes.pl
>>>> > Resolving nodes3.allstarlink.org (nodes3.allstarlink.org)...
>>>> 65.110.110.172
>>>> > Connecting to nodes3.allstarlink.org
>>>> > (nodes3.allstarlink.org)|65.110.110.172|:80...
>>>> > connected.
>>>> > HTTP request sent, awaiting response... 403
>>>> > 2015-12-23 11:37:28 ERROR 403: (no description).
>>>> >
>>>> >
>>>> > When I try from my ISP's public IP (non 44Net), it works fine. This
>>>> is just
>>>> > an observation and I'm not sure if it actually is the problem.
>>>> >
>>>> >  Anyone have any ideas?
>>>> >
>>>> > Tnx and 73
>>>> >
>>>> > Bobby
>>>> > KF4GTA
>>>> >
>>>>
>>>> _______________________________________________
>>>> App_rpt-users mailing list
>>>> App_rpt-users at ohnosec.org
>>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>>
>>>> To unsubscribe from this list please visit
>>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
>>>> down to the bottom of the page. Enter your email address and press the
>>>> "Unsubscribe or edit options button"
>>>> You do not need a password to unsubscribe, you can do it via email
>>>> confirmation. If you have trouble unsubscribing, please send a message to
>>>> the list detailing the problem.
>>>>
>>>
>>>
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
>> down to the bottom of the page. Enter your email address and press the
>> "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email
>> confirmation. If you have trouble unsubscribing, please send a message to
>> the list detailing the problem.
>>
>
>
>
> --
> --
> Tim
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down
> to the bottom of the page. Enter your email address and press the
> "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20151227/95b1aece/attachment.html>


More information about the App_rpt-users mailing list