[App_rpt-users] mikrotik and Allstar registration problem

Fri Sep 4 16:10:36 UTC 2015

Great! thanks Tim, and everyone else who offered suggestions.
That got it working consistently.
Ross

On Thu, Sep 3, 2015 at 8:55 PM, Tim Sawyer <tisawyer at gmail.com> wrote:

> Posting this again because the list didn't take my attachment. If you want
> to see the screenshot contact me off list.
>
> In the mean time here's the command line way to do it:
>
> ip firewall nat
>
> add action=masquerade chain=srcnat comment="HairPin NAT"
> out-interface=ether1-WAN src-address=192.168.1.0/24
>
> add action=dst-nat chain=dstnat comment="Asterisk AIX" dst-port=4569
> in-interface=ether1-WAN protocol=udp to-addresses=\
>     192.168.1.6 to-ports=4569
>
> ---------
> There is a little thing to know about MikroTik routers and AllStar
> registration. It took me a long time to sort this out and I almost gave up
> on MikroTik. But don't despair they are really good routers.
>
> You have to have both the out-interface and the in-interface set properly
> on the masquerade rule. If you forget the out interface the AllStar
> registration packets go to all interfaces. That really confuses Asterisk if
> you have AllStar on more then one interface.
>
>
> On Thu, Sep 3, 2015 at 7:29 PM, Tim Sawyer <tisawyer at gmail.com> wrote:
>
>> There is a little thing to know about MikroTik routers and AllStar
>> registration. It took me a long time to sort this out and I almost gave up
>> on MikroTik. But don't despair they are really good routers.
>>
>> You have to have both the out-interface and the in-interface set properly
>> on the masquerade rule. If you forget the out interface the AllStar
>> registration packets go to all interfaces. That really confuses Asterisk if
>> you have AllStar on more then one interface.
>>
>> Let me know if the attached screen shot doesn't come through.
>>
>> On Thu, Sep 3, 2015 at 3:32 PM, Jesse Lloyd <ve7lyd at gmail.com> wrote:
>>
>>> Maybe it's not marking UDP packets? All the other protocols you listed
>>> are TCP. If you want to test another UDP protocol maybe try TFTP. The
>>> server side will tell you what IP has hit it.
>>>
>>> Jesse
>>>
>>> On Sep 3, 2015, at 2:43 PM, R Dahl <ve6ars at gmail.com> wrote:
>>>
>>> Well, I have to admit, I wasn't sure whether this was the right forum
>>> either. My network has 3 flaky wifi wan's and the routing mark/distance
>>> settings have allowed for a simple failover system.  routing marks are
>>> applied by the firewall based on ip's and works great for everything but
>>> the connection from the allstar server to the rtcm or registration server.
>>> Other connections from the allstar server work corrrectly and honor the
>>> marks, (ssh, telnet, http, etc...)
>>> All this leads me to believe there is something different about the
>>> allstar arrangement that I haven't clued into.  I also tried applying the
>>> routing marks based on mac but no luck there either.  Perhaps port and
>>> protocol as well? As you suggest, I will try a mikrotik group
>>> Thanks,
>>> Ross.
>>>
>>> On Thu, Sep 3, 2015 at 1:47 PM, David McGough <kb4fxc at inttek.net> wrote:
>>>
>>>>
>>>> Hi Ross,
>>>>
>>>> From what you describe, this isn't an Asterisk/AllStar problem at
>>>> all--your router is load balancing across multiple Internet (WAN)
>>>> connections.
>>>>
>>>> You need to add a source route for the IP address of your Asterisk
>>>> server
>>>> that guarantees that your router always uses the proper WAN connection
>>>> for
>>>> this host.
>>>>
>>>> I recommend finding a -local- MikroTik network guru. The problem with
>>>> working on this kind of stuff remotely is that, with one accidental
>>>> misstep, you're down and they can't get back in.  Oops!
>>>>
>>>> 73, David KB4FXC
>>>>
>>>>
>>>> On Thu, 3 Sep 2015, R Dahl wrote:
>>>>
>>>> > I have an Acid (40526) server with an rtcm for radio connection.  The
>>>> > mikrotik router has 3 wan connections with the acid server connected
>>>> to its
>>>> > lan ports as well as the rtcm.  My problem is that the registration
>>>> > requests appear to go out an arbitrary wan port rather than the one I
>>>> want
>>>> > it to use.
>>>> > I try to force it to use a particular wan by assigning a routing mark
>>>> based
>>>> > on its ip and then have the desired wan with the same routing mark.
>>>> This
>>>> > approach works for splitting workstations and servers among the wan's
>>>> but
>>>> > the asterisk registration process ignores it.
>>>> >
>>>> > iax2 registration shows it as perceived as one of the other wans and
>>>> is not
>>>> > consistent.
>>>> > traceroute from asterisk server shows it using the desired wan.
>>>> >
>>>> >
>>>> > This is all mostly over my payscale.
>>>> >
>>>> > Ross
>>>> >
>>>>
>>>>
>>> _______________________________________________
>>> App_rpt-users mailing list
>>> App_rpt-users at ohnosec.org
>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>
>>> To unsubscribe from this list please visit
>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
>>> down to the bottom of the page. Enter your email address and press the
>>> "Unsubscribe or edit options button"
>>> You do not need a password to unsubscribe, you can do it via email
>>> confirmation. If you have trouble unsubscribing, please send a message to
>>> the list detailing the problem.
>>>
>>>
>>> _______________________________________________
>>> App_rpt-users mailing list
>>> App_rpt-users at ohnosec.org
>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>
>>> To unsubscribe from this list please visit
>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll
>>> down to the bottom of the page. Enter your email address and press the
>>> "Unsubscribe or edit options button"
>>> You do not need a password to unsubscribe, you can do it via email
>>> confirmation. If you have trouble unsubscribing, please send a message to
>>> the list detailing the problem.
>>>
>>
>>
>>
>> --
>> --
>> Tim
>>
>
>
>
> --
> --
> Tim
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20150904/f2facf5f/attachment.html>