[App_rpt-users] mikrotik and Allstar registration problem

Tim Sawyer tisawyer at gmail.com
Fri Sep 4 02:55:20 UTC 2015 

Posting this again because the list didn't take my attachment. If you want
to see the screenshot contact me off list.

In the mean time here's the command line way to do it:

ip firewall nat

add action=masquerade chain=srcnat comment="HairPin NAT"
out-interface=ether1-WAN src-address=192.168.1.0/24

add action=dst-nat chain=dstnat comment="Asterisk AIX" dst-port=4569
in-interface=ether1-WAN protocol=udp to-addresses=\
    192.168.1.6 to-ports=4569

---------
There is a little thing to know about MikroTik routers and AllStar
registration. It took me a long time to sort this out and I almost gave up
on MikroTik. But don't despair they are really good routers.

You have to have both the out-interface and the in-interface set properly
on the masquerade rule. If you forget the out interface the AllStar
registration packets go to all interfaces. That really confuses Asterisk if
you have AllStar on more then one interface.


On Thu, Sep 3, 2015 at 7:29 PM, Tim Sawyer <tisawyer at gmail.com> wrote:

> There is a little thing to know about MikroTik routers and AllStar
> registration. It took me a long time to sort this out and I almost gave up
> on MikroTik. But don't despair they are really good routers.
>
> You have to have both the out-interface and the in-interface set properly
> on the masquerade rule. If you forget the out interface the AllStar
> registration packets go to all interfaces. That really confuses Asterisk if
> you have AllStar on more then one interface.
>
> Let me know if the attached screen shot doesn't come through.
>
> On Thu, Sep 3, 2015 at 3:32 PM, Jesse Lloyd <ve7lyd at gmail.com> wrote:
>
>> Maybe it's not marking UDP packets? All the other protocols you listed
>> are TCP. If you want to test another UDP protocol maybe try TFTP. The
>> server side will tell you what IP has hit it.
>>
>> Jesse
>>
>> On Sep 3, 2015, at 2:43 PM, R Dahl <ve6ars at gmail.com> wrote:
>>
>> Well, I have to admit, I wasn't sure whether this was the right forum
>> either. My network has 3 flaky wifi wan's and the routing mark/distance
>> settings have allowed for a simple failover system.  routing marks are
>> applied by the firewall based on ip's and works great for everything but
>> the connection from the allstar server to the rtcm or registration server.
>> Other connections from the allstar server work corrrectly and honor the
>> marks, (ssh, telnet, http, etc...)
>> All this leads me to believe there is something different about the
>> allstar arrangement that I haven't clued into.  I also tried applying the
>> routing marks based on mac but no luck there either.  Perhaps port and
>> protocol as well? As you suggest, I will try a mikrotik group
>> Thanks,
>> Ross.
>>
>> On Thu, Sep 3, 2015 at 1:47 PM, David McGough <kb4fxc at inttek.net> wrote:
>>
>>>
>>> Hi Ross,
>>>
>>> From what you describe, this isn't an Asterisk/AllStar problem at
>>> all--your router is load balancing across multiple Internet (WAN)
>>> connections.
>>>
>>> You need to add a source route for the IP address of your Asterisk server
>>> that guarantees that your router always uses the proper WAN connection
>>> for
>>> this host.
>>>
>>> I recommend finding a -local- MikroTik network guru. The problem with
>>> working on this kind of stuff remotely is that, with one accidental
>>> misstep, you're down and they can't get back in.  Oops!
>>>
>>> 73, David KB4FXC
>>>
>>>
>>> On Thu, 3 Sep 2015, R Dahl wrote:
>>>
>>> > I have an Acid (40526) server with an rtcm for radio connection.  The
>>> > mikrotik router has 3 wan connections with the acid server connected
>>> to its
>>> > lan ports as well as the rtcm.  My problem is that the registration
>>> > requests appear to go out an arbitrary wan port rather than the one I
>>> want
>>> > it to use.
>>> > I try to force it to use a particular wan by assigning a routing mark
>>> based
>>> > on its ip and then have the desired wan with the same routing mark.
>>> This
>>> > approach works for splitting workstations and servers among the wan's
>>> but
>>> > the asterisk registration process ignores it.
>>> >
>>> > iax2 registration shows it as perceived as one of the other wans and
>>> is not
>>> > consistent.
>>> > traceroute from asterisk server shows it using the desired wan.
>>> >
>>> >
>>> > This is all mostly over my payscale.
>>> >
>>> > Ross
>>> >
>>>
>>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
>> down to the bottom of the page. Enter your email address and press the
>> "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email
>> confirmation. If you have trouble unsubscribing, please send a message to
>> the list detailing the problem.
>>
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
>> down to the bottom of the page. Enter your email address and press the
>> "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email
>> confirmation. If you have trouble unsubscribing, please send a message to
>> the list detailing the problem.
>>
>
>
>
> --
> --
> Tim
>



-- 
--
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20150903/579146e0/attachment.html>

More information about the App_rpt-users mailing list