hello all,
I try connect in my manager 2.7.0 but all time appears these massege Connection closed by foreign host
My configuration iis
[admin]
secret = 123456789
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.255
read=all
write=all
same one can help me
Regards
verify services running
netstat -apn | grep asterisk
also verify the iptables
iptables -L -n
Hi,
netstat -apn | grep asterisk
tcp 0 0 0.0.0.0:5038 0.0.0.0:* LISTEN 8247/asterisk
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN 8247/asterisk
udp 0 0 0.0.0.0:4520 0.0.0.0:* 8247/asterisk
udp 0 0 0.0.0.0:4569 0.0.0.0:* 8247/asterisk
udp 0 0 0.0.0.0:49898 0.0.0.0:* 8247/asterisk
udp 0 0 0.0.0.0:5000 0.0.0.0:* 8247/asterisk
udp 0 0 0.0.0.0:5060 0.0.0.0:* 8247/asterisk
udp 0 0 0.0.0.0:45098 0.0.0.0:* 8247/asterisk
unix 2 [ ACC ] STREAM LISTENING 226330 8247/asterisk /var/run/asterisk/asterisk.ctl
iptables open tcp 5038
but still same message
Regards,
asterisk it is listening on port 5038, so I assume AMI service is running but just in case check your general settings for manager.conf
[general]
enabled = yes
also try to test the AMI connection directly on the Asterisk machine using loopback address, so in that way you will know if is network connection issue
You can test connectivity to the AMI using the âtelnetâ command. For example:
| you type | you see |
|-----------------------+-----------------------------------------|
| telnet localhost 5038 | |
| | Trying 127.0.0.1... |
| | Connected to localhost. |
| | Escape character is '^]'. |
| | Asterisk Call Manager/2.9.0 |
| action: login | |
| username: test | |
| secret: secret | |
| (Press <RETURN> twice | |
| | Response: Success |
| | Message: Authentication accepted |
| | Event: FullyBooted |
| | Privilege: system,all |
| | Status: Fully Booted |
| | |
| | Event: SuccessfulAuth |
| | Privilege: security,all |
| | EventTV: 2018-09-25T19:45:02.145-0700 |
| | Severity: Informational |
| | Service: AMI |
| | EventVersion: 1 |
| | AccountID: test |
| | SessionID: 0x73f036f0 |
| | LocalAddress: IPV4/TCP/127.0.0.1/5038 |
| | RemoteAddress: IPV4/TCP/127.0.0.1/46928 |
| | UsingPassword: 0 |
| | SessionTV: 2018-09-25T19:45:02.145-0700 |
| ^]quit | |
Where 'test' is the name of the section in manager.conf (or one of
it's includes), 'secret' is the respective secret and '^]' is pressing
down the right square bracket key while holding down the CTRL key.
Hi
i use command in my asterisk telnet ip 5038
after i do Action: login
Username: admin ( i creat these user
Secret: 123456789
enter two times
but all time appears these information Response: Error
Message: Authentication failed
Connection closed by foreign host.
Regards,
Hi
already make login
Tank you for your atencion
Regards,
Can you share the cause with us? Thanks.
Hello
Creat a user in manager.conf
like these -
[admin]
secret = 123456789
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.255
displayconnects=yes
read=all
write=all
in you terminal use command telnet 127.0.0.1 5038 enter
action: login
username: admin
secret:123456789
2x enter for login
afther
action: logoff 2x enter for exit
My issue is that I am able to connect successfully from inside asterisk machine, but when I tried connecting from outside the asterisk machine it doesnât connect and I noticed the port 5038 is closed to outside connection but opened for inside connection
Sounds like you have bind=127.0.0.1, in the configuration.
This is my configuration
;
; AMI - Asterisk Manager interface
;
; IssabelPBX needs this to be enabled. Note that if you enable it on a different IP, you need
; to assure that this canât be reached from un-authorized hosts with the ACL settings (permit/deny).
; Also, remember to configure non-default port or IP-addresses in amportal.conf.
;
; The AMI connection is used both by the portal and the operatorâs panel in IssabelPBX.
;
; IssabelPBX assumes an AMI connection to localhost:5038 by default.
;
[general]
enabled = yes
;webenabled = yes
bindaddr = 0.0.0.0
port = 5039
#include manager_general_additional.conf
[admin]
secret = FT3cwfue9Yyq!9C
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
permit=192.168.0.247/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate
writetimeout = 5000
[ber]
secret = ber@world12
permit = 192.168.0.247/255.255.255.0
read = all
write = all
writetimeout = 5000
#include manager_additional.conf
#include manager_custom.conf
Nothing should be listening on 5038, as it is binding to 5039.
On Tuesday 17 September 2024 at 13:08:50, tjdibbs via Asterisk Community
wrote:
I noticed the port 5038 is closed to outside connection but opened for
inside connection
On Tuesday 17 September 2024 at 13:32:14, tjdibbs via Asterisk Community
wrote:
port = 5039
How are you identifying that âport 5038 is closed to outside connection but
opened for inside connectionâ?
What does ânetstat -lptnâ tell you?
Antony.
â
The Linux Operating System kernel was first released on this day in 1991.
https://www.kernel.org/
Please reply to the list;
please *don't* CC me.
Yeah⌠I had to change to the port to see if it going to work but same thingâŚ
I changed the port to 5039 to check if it will connect, but it didnâtâŚ
[root@issabel ~]# netstat -tlup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:radan-http 0.0.0.0:* LISTEN 22598/asterisk
tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN 22598/asterisk
tcp 0 0 0.0.0.0:smtp 0.0.0.0:* LISTEN 1791/master
tcp 0 0 0.0.0.0:pc-telecommute 0.0.0.0:* LISTEN 916/sshd
tcp 0 0 0.0.0.0:sieve 0.0.0.0:* LISTEN 2513/cyrus-master
tcp 0 0 0.0.0.0:imaps 0.0.0.0:* LISTEN 2513/cyrus-master
tcp 0 0 0.0.0.0:pop3s 0.0.0.0:* LISTEN 2513/cyrus-master
tcp 0 0 localhost:20004 0.0.0.0:* LISTEN 2583/php
tcp 0 0 0.0.0.0:openwebnet 0.0.0.0:* LISTEN 1708/php
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN 1343/mysqld
tcp 0 0 0.0.0.0:pop3 0.0.0.0:* LISTEN 2513/cyrus-master
tcp 0 0 0.0.0.0:5039 0.0.0.0:* LISTEN 22598/asterisk
tcp 0 0 0.0.0.0:hylafax 0.0.0.0:* LISTEN 2615/hfaxd
tcp 0 0 0.0.0.0:imap 0.0.0.0:* LISTEN 2513/cyrus-master
tcp6 0 0 [::]:pc-telecommute [::]:* LISTEN 916/sshd
tcp6 0 0 [::]:sieve [::]:* LISTEN 2513/cyrus-master
tcp6 0 0 [::]:imaps [::]:* LISTEN 2513/cyrus-master
tcp6 0 0 [::]:pop3s [::]:* LISTEN 2513/cyrus-master
tcp6 0 0 [::]:54443 [::]:* LISTEN 919/httpd
tcp6 0 0 [::]:pop3 [::]:* LISTEN 2513/cyrus-master
tcp6 0 0 [::]:imap [::]:* LISTEN 2513/cyrus-master
tcp6 0 0 [::]:http [::]:* LISTEN 919/httpd
udp 0 0 0.0.0.0:tftp 0.0.0.0:* 928/xinetd
udp 0 0 localhost:323 0.0.0.0:* 2674/chronyd
udp 0 0 0.0.0.0:mgcp-callagent 0.0.0.0:* 22598/asterisk
udp 0 0 0.0.0.0:4520 0.0.0.0:* 22598/asterisk
udp 0 0 0.0.0.0:iax 0.0.0.0:* 22598/asterisk
udp 0 0 0.0.0.0:commplex-main 0.0.0.0:* 22598/asterisk
udp 0 0 0.0.0.0:sip 0.0.0.0:* 22598/asterisk
udp 0 0 0.0.0.0:mdns 0.0.0.0:* 578/avahi-daemon: r
udp 0 0 0.0.0.0:39653 0.0.0.0:* 578/avahi-daemon: r
udp6 0 0 localhost:323 [::]:* 2674/chronyd
I have also tried this
iptables -A INPUT -p tcp --dport 5039 -j ACCEPT
telnet localhost 5039 or telnet <asterisk_system_ip> 5039
works inside the asterisk system
but telnet <asterisk_system_ip> 5039 does not work from outside the asterisk system
I would use tcpdump (and possibly wireshark) to see if the machine is being reached, and how the connection is being rejected.
Note that you should not use permit without deny, but that causes excessive permissiveness, not unexpected denial.
On Tuesday 17 September 2024 at 13:58:07, tjdibbs via Asterisk Community
wrote:
I changed the port to 5039 to check if it will connect, but it didnâtâŚ
tcp 0 0 0.0.0.0:5039 0.0.0.0:* LISTEN 22598/asterisk
That clearly shows that Asterisk is listening on port 5039 for connections
from anyway (âinsideâ, âoutsideâ, whatever you want to call them).
I have also tried this
iptables -A INPUT -p tcp --dport 5039 -j ACCEPT
What do you get from âiptables -L INPUT | grep 5039â?
telnet localhost 5039ortelnet <asterisk_system_ip> 5039
works inside the asterisk systembut
telnet <asterisk_system_ip> 5039does not work from outside the
asterisk system
Give us a better idea of what you mean by âoutside the Asterisk systemâ.
Are you trying to connect from a machine on the same local network as
Asterisk, with no router or firewall in between, or are you trying to connect
from further away?
Antony.
â
The Linux Operating System kernel was first released on this day in 1991.
https://www.kernel.org/
Please reply to the list;
please *don't* CC me.
What do you get from âiptables -L INPUT | grep 5039â?
to allow connection to the port, based on what I found online and AI
telnet localhost 5039ortelnet <asterisk_system_ip> 5039
works inside the asterisk systembut
telnet <asterisk_system_ip> 5039does not work from outside the
asterisk system
Okay, so I want to connect to asterisk system with ip address of (102.216.110.27) from my laptop (MACBOOK) using terminal command
tjdibbs@Timis-Macbook luli_chat_backend % telnet 102.216.110.27 5039
Trying 102.216.110.27...
telnet: connect to address 102.216.110.27: Connection refused
telnet: Unable to connect to remote host
When I tried inside the asterisk system
[root@issabel ~]# telnet 102.216.110.27 5039
Trying 102.216.110.27...
Connected to 102.216.180.27.
Escape character is '^]'.
Asterisk Call Manager/1.3
on localhost inside asterisk system
[root@issabel ~]# telnet localhost 5039
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Asterisk Call Manager/1.3
Are you trying to connect from a machine on the same local network as
Asterisk, with no router or firewall in between, or are you trying to connect
from further away?
They are not the same network I guess, and I am not sure if there is a firewall betweenâŚ
You were being asked for the console output, to make sure that the accept rule had actually been added. Most postings here mentioning AI have, at least, one hallucination.