[App_rpt-users] 2. Re: Registration Issues (Bobby Lacey)

R Dahl ve6ars at gmail.com
Tue Dec 29 00:23:56 UTC 2015


Tim saved my bacon in a similar circumstance regarding Mikrotik.  It sounds
like you have at least two gateways available and the registration requests
go out both of them with unpredictable results.  I believe you need to
craft a a firewall rule to always force the use of the correct one. This
seems Mikrotik specific.

73 de Ross ve6ars


>
> Message: 2
> Date: Sun, 27 Dec 2015 12:28:28 -0500
> From: Bobby Lacey <kf4gta at amsat.org>
> To: Lu V <luvencl8 at gmail.com>
> Cc: app_rpt mailing list <app_rpt-users at ohnosec.org>,   Tim Sawyer
>         <tisawyer at gmail.com>
> Subject: Re: [App_rpt-users] Registration Issues
> Message-ID:
>         <
> CA+TDQEz2Q5YB6M9FiNi7sF-ngAs6Epy1Yw_DPRw_vf_EzV_F5Q at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Thank you for the info, Tim & Lu! Since I'm not running NAT on my 44
> subnet, I don't do any masquerade rules. I'm only adding firewall filter
> rules to open the firewall up for 4569 since I block everything by default.
>
> Strangely enough, everything started working again this morning with no
> intervention on my part! My nodes on my 44 subnet are all registered.
> Again, same issue as last time - so, we'll see how long this lasts! Would
> really like to figure out why it does this every few months.
>
> Thanks again for everyone's help!
>
> 73
> Bobby
> KF4GTA
>
> On Sun, Dec 27, 2015 at 6:45 AM, Lu V <luvencl8 at gmail.com> wrote:
>
> > I have an issue that comes up from time to time with my setup in
> Colorado.
> > The first time it happened, I  changed the port in Allstar to another
> port
> > and that was the fix. I thought it was my ISP blocking 4569.
> > Then a month later it happened again. So I changed the port again and of
> > course made the forwarding rule change in my router.
> > After a few iterations of this, I decided that the next time this
> happens,
> > that I would just blow away to rule and rebuild it and see what happens.
> > Sure enough that was the key to fix the issue. Keep in mind, it takes a
> > little while sometimes for all the other nodes to see that you registered
> > by the update to the ip list ,but in my case the problem seems to be with
> > the router. It is a two wire DSL router and one day I will replace it
> with
> > one that someone could recommend. But for whatever it is worth, I am able
> > to log into the modem remotely and issue a restart. I have found that
> > sometimes it takes 2 to 3 restarts to the modem/router and the problem is
> > resolved. I don't understand why this continues to be a problem but it
> > could possibly be similar in your case.
> >
> > Lu Vencl
> > KA4EPS
> >
> > On Dec 26, 2015, at 10:25 PM, Tim Sawyer <tisawyer at gmail.com> wrote:
> >
> > I had a hell of a time getting a MikroTik router to let AllStar register.
> > The big trick is to insure outbound masqueraded packets go out the WAN
> > interface. Otherwise they come back at you and confuse the heck out of
> > Asterisk.
> >
> > Here's my masquerade rule:
> > add action=masquerade chain=srcnat out-interface=ether1-WAN src-address=
> > 192.168.1.0/24
> >
> > And just fyi, here's my forwarding rule:
> > add action=dst-nat chain=dstnat  dst-port=4569 in-interface=ether1-WAN
> > protocol=udp to-addresses=192.168.1.6 to-ports=4569
> >
> >
> >
> > On Sat, Dec 26, 2015 at 3:56 PM, Bobby Lacey <kf4gta at amsat.org> wrote:
> >
> >> I still haven't been able to figure out when it keeps trying to
> register,
> >> but never does. All port forwards are set on my Mikrotik edge router.
> Like
> >> I said earlier, it works for months on end and then has trouble
> registering
> >> all of a sudden. Has anyone else had any registration issues using a
> >> Mikrotik device? IAX has been stuck on the Registering/Retrying/Timeout
> for
> >> about 5 days now.
> >>
> >> Thank you for any help!
> >> 73
> >> Bobby
> >>
> >> On Wed, Dec 23, 2015 at 10:16 PM, Bobby Lacey <kf4gta at amsat.org> wrote:
> >>
> >>> Hi David,
> >>>
> >>> Yes - source IP is the same 44/8 address that the allstar node is using
> >>> for registering.
> >>>
> >>> [root at 146-760 ~]# wget http://ipinfo.io/ip -qO -
> >>> 44.36.x.x
> >>>
> >>> Just strange that it works for months, then stops all of a sudden?
> >>>
> >>> Thanks for your help!
> >>>
> >>> 73
> >>>
> >>> Bobby
> >>>
> >>> On Wed, Dec 23, 2015 at 1:00 PM, David McGough <kb4fxc at inttek.net>
> >>> wrote:
> >>>
> >>>>
> >>>> Hi,
> >>>>
> >>>> I think you're hitting a security feature of the Registration System.
> >>>>
> >>>> When running wget (or the node info collection scripts, like:
> >>>> rc.updatenodelist), you must use the same source IP address as
> >>>> used during the Asterisk registration requests sent from Asterisk when
> >>>> it
> >>>> is running. And, your node must be properly registered to retrieve the
> >>>> node list.
> >>>>
> >>>> So, is the source IP address of the AllStar/Asterisk server on the
> >>>> 44.0.0.0/8 network?  And, if so, when running wget, do you use the
> same
> >>>> source IP address as Asterisk?  If not, these addresses must be the
> >>>> same.
> >>>>
> >>>>
> >>>> Merry Christmas and Happy Holidays!!
> >>>>
> >>>> 73, David KB4FXC
> >>>>
> >>>>
> >>>> On Wed, 23 Dec 2015, Bobby Lacey wrote:
> >>>>
> >>>> > Hello!
> >>>> >
> >>>> > Every few months, we run into a problem where our nodes will
> >>>> de-register
> >>>> > with register.allstarlink.org and just set there before timing out
> >>>> and
> >>>> > retrying. It never does register until it just magically starts
> >>>> working
> >>>> > again often many days later.
> >>>> >
> >>>> > I haven't really had time to troubleshooted it before, but since I'm
> >>>> home
> >>>> > from work for a few days, I'm trying to trace down the problem.
> >>>> >
> >>>> > Something interesting I've found: These nodes are sitting on my
> 44Net
> >>>> (
> >>>> > 44.0.0.0/8) address space and get the following when I try to wget
> >>>> nodes.pl:
> >>>> >
> >>>> > [root at 146-760 ~]# wget
> http://nodes1.allstarlink.org/cgi-bin/nodes.pl
> >>>> > --2015-12-23 11:36:23--
> >>>> http://nodes1.allstarlink.org/cgi-bin/nodes.pl
> >>>> > Resolving nodes1.allstarlink.org (nodes1.allstarlink.org)...
> >>>> 96.36.57.202
> >>>> > Connecting to nodes1.allstarlink.org
> >>>> > (nodes1.allstarlink.org)|96.36.57.202|:80...
> >>>> > connected.
> >>>> > HTTP request sent, awaiting response... 403
> >>>> > 2015-12-23 11:36:23 ERROR 403: (no description).
> >>>> >
> >>>> > [root at 146-760 ~]# wget
> http://nodes2.allstarlink.org/cgi-bin/nodes.pl
> >>>> > --2015-12-23 11:36:57--
> >>>> http://nodes2.allstarlink.org/cgi-bin/nodes.pl
> >>>> > Resolving nodes2.allstarlink.org (nodes2.allstarlink.org)...
> >>>> 209.159.155.200
> >>>> > Connecting to nodes2.allstarlink.org
> >>>> > (nodes2.allstarlink.org)|209.159.155.200|:80...
> >>>> > connected.
> >>>> > HTTP request sent, awaiting response... 403 Forbidden
> >>>> > 2015-12-23 11:36:57 ERROR 403: Forbidden.
> >>>> >
> >>>> > [root at 146-760 ~]# wget
> http://nodes3.allstarlink.org/cgi-bin/nodes.pl
> >>>> > --2015-12-23 11:37:28--
> >>>> http://nodes3.allstarlink.org/cgi-bin/nodes.pl
> >>>> > Resolving nodes3.allstarlink.org (nodes3.allstarlink.org)...
> >>>> 65.110.110.172
> >>>> > Connecting to nodes3.allstarlink.org
> >>>> > (nodes3.allstarlink.org)|65.110.110.172|:80...
> >>>> > connected.
> >>>> > HTTP request sent, awaiting response... 403
> >>>> > 2015-12-23 11:37:28 ERROR 403: (no description).
> >>>> >
> >>>> >
> >>>> > When I try from my ISP's public IP (non 44Net), it works fine. This
> >>>> is just
> >>>> > an observation and I'm not sure if it actually is the problem.
> >>>> >
> >>>> >  Anyone have any ideas?
> >>>> >
> >>>> > Tnx and 73
> >>>> >
> >>>> > Bobby
> >>>> > KF4GTA
> >>>> >
> >>>>
> >>>> _______________________________________________
> >>>> App_rpt-users mailing list
> >>>> App_rpt-users at ohnosec.org
> >>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> >>>>
> >>>> To unsubscribe from this list please visit
> >>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
> >>>> down to the bottom of the page. Enter your email address and press the
> >>>> "Unsubscribe or edit options button"
> >>>> You do not need a password to unsubscribe, you can do it via email
> >>>> confirmation. If you have trouble unsubscribing, please send a
> message to
> >>>> the list detailing the problem.
> >>>>
> >>>
> >>>
> >>
> >> _______________________________________________
> >> App_rpt-users mailing list
> >> App_rpt-users at ohnosec.org
> >> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> >>
> >> To unsubscribe from this list please visit
> >> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
> >> down to the bottom of the page. Enter your email address and press the
> >> "Unsubscribe or edit options button"
> >> You do not need a password to unsubscribe, you can do it via email
> >> confirmation. If you have trouble unsubscribing, please send a message
> to
> >> the list detailing the problem.
> >>
> >
> >
> >
> > --
> > --
> > Tim
> >
> > _______________________________________________
> > App_rpt-users mailing list
> > App_rpt-users at ohnosec.org
> > http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
> >
> > To unsubscribe from this list please visit
> > http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
> down
> > to the bottom of the page. Enter your email address and press the
> > "Unsubscribe or edit options button"
> > You do not need a password to unsubscribe, you can do it via email
> > confirmation. If you have trouble unsubscribing, please send a message to
> > the list detailing the problem.
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://ohnosec.org/pipermail/app_rpt-users/attachments/20151227/95b1aece/attachment-0001.html
> >
>
> ------------------------------
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
>
> End of App_rpt-users Digest, Vol 82, Issue 56
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20151228/769d7aea/attachment.html>


More information about the App_rpt-users mailing list