<div dir="ltr">Tim saved my bacon in a similar circumstance regarding Mikrotik. It sounds like you have at least two gateways available and the registration requests go out both of them with unpredictable results. I believe you need to craft a a firewall rule to always force the use of the correct one. This seems Mikrotik specific.<div><br></div><div>73 de Ross ve6ars<br><div> <br></div><div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
Message: 2<br>
Date: Sun, 27 Dec 2015 12:28:28 -0500<br>
From: Bobby Lacey <<a href="mailto:kf4gta@amsat.org" target="_blank">kf4gta@amsat.org</a>><br>
To: Lu V <<a href="mailto:luvencl8@gmail.com" target="_blank">luvencl8@gmail.com</a>><br>
Cc: app_rpt mailing list <<a href="mailto:app_rpt-users@ohnosec.org" target="_blank">app_rpt-users@ohnosec.org</a>>, Tim Sawyer<br>
<<a href="mailto:tisawyer@gmail.com" target="_blank">tisawyer@gmail.com</a>><br>
Subject: Re: [App_rpt-users] Registration Issues<br>
Message-ID:<br>
<<a href="mailto:CA%2BTDQEz2Q5YB6M9FiNi7sF-ngAs6Epy1Yw_DPRw_vf_EzV_F5Q@mail.gmail.com" target="_blank">CA+TDQEz2Q5YB6M9FiNi7sF-ngAs6Epy1Yw_DPRw_vf_EzV_F5Q@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Thank you for the info, Tim & Lu! Since I'm not running NAT on my 44<br>
subnet, I don't do any masquerade rules. I'm only adding firewall filter<br>
rules to open the firewall up for 4569 since I block everything by default.<br>
<br>
Strangely enough, everything started working again this morning with no<br>
intervention on my part! My nodes on my 44 subnet are all registered.<br>
Again, same issue as last time - so, we'll see how long this lasts! Would<br>
really like to figure out why it does this every few months.<br>
<br>
Thanks again for everyone's help!<br>
<br>
73<br>
Bobby<br>
KF4GTA<br>
<br>
On Sun, Dec 27, 2015 at 6:45 AM, Lu V <<a href="mailto:luvencl8@gmail.com" target="_blank">luvencl8@gmail.com</a>> wrote:<br>
<br>
> I have an issue that comes up from time to time with my setup in Colorado.<br>
> The first time it happened, I changed the port in Allstar to another port<br>
> and that was the fix. I thought it was my ISP blocking 4569.<br>
> Then a month later it happened again. So I changed the port again and of<br>
> course made the forwarding rule change in my router.<br>
> After a few iterations of this, I decided that the next time this happens,<br>
> that I would just blow away to rule and rebuild it and see what happens.<br>
> Sure enough that was the key to fix the issue. Keep in mind, it takes a<br>
> little while sometimes for all the other nodes to see that you registered<br>
> by the update to the ip list ,but in my case the problem seems to be with<br>
> the router. It is a two wire DSL router and one day I will replace it with<br>
> one that someone could recommend. But for whatever it is worth, I am able<br>
> to log into the modem remotely and issue a restart. I have found that<br>
> sometimes it takes 2 to 3 restarts to the modem/router and the problem is<br>
> resolved. I don't understand why this continues to be a problem but it<br>
> could possibly be similar in your case.<br>
><br>
> Lu Vencl<br>
> KA4EPS<br>
><br>
> On Dec 26, 2015, at 10:25 PM, Tim Sawyer <<a href="mailto:tisawyer@gmail.com" target="_blank">tisawyer@gmail.com</a>> wrote:<br>
><br>
> I had a hell of a time getting a MikroTik router to let AllStar register.<br>
> The big trick is to insure outbound masqueraded packets go out the WAN<br>
> interface. Otherwise they come back at you and confuse the heck out of<br>
> Asterisk.<br>
><br>
> Here's my masquerade rule:<br>
> add action=masquerade chain=srcnat out-interface=ether1-WAN src-address=<br>
> <a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">192.168.1.0/24</a><br>
><br>
> And just fyi, here's my forwarding rule:<br>
> add action=dst-nat chain=dstnat dst-port=4569 in-interface=ether1-WAN<br>
> protocol=udp to-addresses=192.168.1.6 to-ports=4569<br>
><br>
><br>
><br>
> On Sat, Dec 26, 2015 at 3:56 PM, Bobby Lacey <<a href="mailto:kf4gta@amsat.org" target="_blank">kf4gta@amsat.org</a>> wrote:<br>
><br>
>> I still haven't been able to figure out when it keeps trying to register,<br>
>> but never does. All port forwards are set on my Mikrotik edge router. Like<br>
>> I said earlier, it works for months on end and then has trouble registering<br>
>> all of a sudden. Has anyone else had any registration issues using a<br>
>> Mikrotik device? IAX has been stuck on the Registering/Retrying/Timeout for<br>
>> about 5 days now.<br>
>><br>
>> Thank you for any help!<br>
>> 73<br>
>> Bobby<br>
>><br>
>> On Wed, Dec 23, 2015 at 10:16 PM, Bobby Lacey <<a href="mailto:kf4gta@amsat.org" target="_blank">kf4gta@amsat.org</a>> wrote:<br>
>><br>
>>> Hi David,<br>
>>><br>
>>> Yes - source IP is the same 44/8 address that the allstar node is using<br>
>>> for registering.<br>
>>><br>
>>> [root@146-760 ~]# wget <a href="http://ipinfo.io/ip" rel="noreferrer" target="_blank">http://ipinfo.io/ip</a> -qO -<br>
>>> 44.36.x.x<br>
>>><br>
>>> Just strange that it works for months, then stops all of a sudden?<br>
>>><br>
>>> Thanks for your help!<br>
>>><br>
>>> 73<br>
>>><br>
>>> Bobby<br>
>>><br>
>>> On Wed, Dec 23, 2015 at 1:00 PM, David McGough <<a href="mailto:kb4fxc@inttek.net" target="_blank">kb4fxc@inttek.net</a>><br>
>>> wrote:<br>
>>><br>
>>>><br>
>>>> Hi,<br>
>>>><br>
>>>> I think you're hitting a security feature of the Registration System.<br>
>>>><br>
>>>> When running wget (or the node info collection scripts, like:<br>
>>>> rc.updatenodelist), you must use the same source IP address as<br>
>>>> used during the Asterisk registration requests sent from Asterisk when<br>
>>>> it<br>
>>>> is running. And, your node must be properly registered to retrieve the<br>
>>>> node list.<br>
>>>><br>
>>>> So, is the source IP address of the AllStar/Asterisk server on the<br>
>>>> <a href="http://44.0.0.0/8" rel="noreferrer" target="_blank">44.0.0.0/8</a> network? And, if so, when running wget, do you use the same<br>
>>>> source IP address as Asterisk? If not, these addresses must be the<br>
>>>> same.<br>
>>>><br>
>>>><br>
>>>> Merry Christmas and Happy Holidays!!<br>
>>>><br>
>>>> 73, David KB4FXC<br>
>>>><br>
>>>><br>
>>>> On Wed, 23 Dec 2015, Bobby Lacey wrote:<br>
>>>><br>
>>>> > Hello!<br>
>>>> ><br>
>>>> > Every few months, we run into a problem where our nodes will<br>
>>>> de-register<br>
>>>> > with <a href="http://register.allstarlink.org" rel="noreferrer" target="_blank">register.allstarlink.org</a> and just set there before timing out<br>
>>>> and<br>
>>>> > retrying. It never does register until it just magically starts<br>
>>>> working<br>
>>>> > again often many days later.<br>
>>>> ><br>
>>>> > I haven't really had time to troubleshooted it before, but since I'm<br>
>>>> home<br>
>>>> > from work for a few days, I'm trying to trace down the problem.<br>
>>>> ><br>
>>>> > Something interesting I've found: These nodes are sitting on my 44Net<br>
>>>> (<br>
>>>> > <a href="http://44.0.0.0/8" rel="noreferrer" target="_blank">44.0.0.0/8</a>) address space and get the following when I try to wget<br>
>>>> <a href="http://nodes.pl" rel="noreferrer" target="_blank">nodes.pl</a>:<br>
>>>> ><br>
>>>> > [root@146-760 ~]# wget <a href="http://nodes1.allstarlink.org/cgi-bin/nodes.pl" rel="noreferrer" target="_blank">http://nodes1.allstarlink.org/cgi-bin/nodes.pl</a><br>
>>>> > --2015-12-23 11:36:23--<br>
>>>> <a href="http://nodes1.allstarlink.org/cgi-bin/nodes.pl" rel="noreferrer" target="_blank">http://nodes1.allstarlink.org/cgi-bin/nodes.pl</a><br>
>>>> > Resolving <a href="http://nodes1.allstarlink.org" rel="noreferrer" target="_blank">nodes1.allstarlink.org</a> (<a href="http://nodes1.allstarlink.org" rel="noreferrer" target="_blank">nodes1.allstarlink.org</a>)...<br>
>>>> 96.36.57.202<br>
>>>> > Connecting to <a href="http://nodes1.allstarlink.org" rel="noreferrer" target="_blank">nodes1.allstarlink.org</a><br>
>>>> > (<a href="http://nodes1.allstarlink.org" rel="noreferrer" target="_blank">nodes1.allstarlink.org</a>)|96.36.57.202|:80...<br>
>>>> > connected.<br>
>>>> > HTTP request sent, awaiting response... 403<br>
>>>> > 2015-12-23 11:36:23 ERROR 403: (no description).<br>
>>>> ><br>
>>>> > [root@146-760 ~]# wget <a href="http://nodes2.allstarlink.org/cgi-bin/nodes.pl" rel="noreferrer" target="_blank">http://nodes2.allstarlink.org/cgi-bin/nodes.pl</a><br>
>>>> > --2015-12-23 11:36:57--<br>
>>>> <a href="http://nodes2.allstarlink.org/cgi-bin/nodes.pl" rel="noreferrer" target="_blank">http://nodes2.allstarlink.org/cgi-bin/nodes.pl</a><br>
>>>> > Resolving <a href="http://nodes2.allstarlink.org" rel="noreferrer" target="_blank">nodes2.allstarlink.org</a> (<a href="http://nodes2.allstarlink.org" rel="noreferrer" target="_blank">nodes2.allstarlink.org</a>)...<br>
>>>> 209.159.155.200<br>
>>>> > Connecting to <a href="http://nodes2.allstarlink.org" rel="noreferrer" target="_blank">nodes2.allstarlink.org</a><br>
>>>> > (<a href="http://nodes2.allstarlink.org" rel="noreferrer" target="_blank">nodes2.allstarlink.org</a>)|209.159.155.200|:80...<br>
>>>> > connected.<br>
>>>> > HTTP request sent, awaiting response... 403 Forbidden<br>
>>>> > 2015-12-23 11:36:57 ERROR 403: Forbidden.<br>
>>>> ><br>
>>>> > [root@146-760 ~]# wget <a href="http://nodes3.allstarlink.org/cgi-bin/nodes.pl" rel="noreferrer" target="_blank">http://nodes3.allstarlink.org/cgi-bin/nodes.pl</a><br>
>>>> > --2015-12-23 11:37:28--<br>
>>>> <a href="http://nodes3.allstarlink.org/cgi-bin/nodes.pl" rel="noreferrer" target="_blank">http://nodes3.allstarlink.org/cgi-bin/nodes.pl</a><br>
>>>> > Resolving <a href="http://nodes3.allstarlink.org" rel="noreferrer" target="_blank">nodes3.allstarlink.org</a> (<a href="http://nodes3.allstarlink.org" rel="noreferrer" target="_blank">nodes3.allstarlink.org</a>)...<br>
>>>> 65.110.110.172<br>
>>>> > Connecting to <a href="http://nodes3.allstarlink.org" rel="noreferrer" target="_blank">nodes3.allstarlink.org</a><br>
>>>> > (<a href="http://nodes3.allstarlink.org" rel="noreferrer" target="_blank">nodes3.allstarlink.org</a>)|65.110.110.172|:80...<br>
>>>> > connected.<br>
>>>> > HTTP request sent, awaiting response... 403<br>
>>>> > 2015-12-23 11:37:28 ERROR 403: (no description).<br>
>>>> ><br>
>>>> ><br>
>>>> > When I try from my ISP's public IP (non 44Net), it works fine. This<br>
>>>> is just<br>
>>>> > an observation and I'm not sure if it actually is the problem.<br>
>>>> ><br>
>>>> > Anyone have any ideas?<br>
>>>> ><br>
>>>> > Tnx and 73<br>
>>>> ><br>
>>>> > Bobby<br>
>>>> > KF4GTA<br>
>>>> ><br>
>>>><br>
>>>> _______________________________________________<br>
>>>> App_rpt-users mailing list<br>
>>>> <a href="mailto:App_rpt-users@ohnosec.org" target="_blank">App_rpt-users@ohnosec.org</a><br>
>>>> <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
>>>><br>
>>>> To unsubscribe from this list please visit<br>
>>>> <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll<br>
>>>> down to the bottom of the page. Enter your email address and press the<br>
>>>> "Unsubscribe or edit options button"<br>
>>>> You do not need a password to unsubscribe, you can do it via email<br>
>>>> confirmation. If you have trouble unsubscribing, please send a message to<br>
>>>> the list detailing the problem.<br>
>>>><br>
>>><br>
>>><br>
>><br>
>> _______________________________________________<br>
>> App_rpt-users mailing list<br>
>> <a href="mailto:App_rpt-users@ohnosec.org" target="_blank">App_rpt-users@ohnosec.org</a><br>
>> <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
>><br>
>> To unsubscribe from this list please visit<br>
>> <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll<br>
>> down to the bottom of the page. Enter your email address and press the<br>
>> "Unsubscribe or edit options button"<br>
>> You do not need a password to unsubscribe, you can do it via email<br>
>> confirmation. If you have trouble unsubscribing, please send a message to<br>
>> the list detailing the problem.<br>
>><br>
><br>
><br>
><br>
> --<br>
> --<br>
> Tim<br>
><br>
> _______________________________________________<br>
> App_rpt-users mailing list<br>
> <a href="mailto:App_rpt-users@ohnosec.org" target="_blank">App_rpt-users@ohnosec.org</a><br>
> <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
><br>
> To unsubscribe from this list please visit<br>
> <a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down<br>
> to the bottom of the page. Enter your email address and press the<br>
> "Unsubscribe or edit options button"<br>
> You do not need a password to unsubscribe, you can do it via email<br>
> confirmation. If you have trouble unsubscribing, please send a message to<br>
> the list detailing the problem.<br>
><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://ohnosec.org/pipermail/app_rpt-users/attachments/20151227/95b1aece/attachment-0001.html" rel="noreferrer" target="_blank">http://ohnosec.org/pipermail/app_rpt-users/attachments/20151227/95b1aece/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
App_rpt-users mailing list<br>
<a href="mailto:App_rpt-users@ohnosec.org" target="_blank">App_rpt-users@ohnosec.org</a><br>
<a href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
<br>
<br>
End of App_rpt-users Digest, Vol 82, Issue 56<br>
*********************************************<br>
</blockquote></div><br></div></div></div></div>