Hello,
I am currently trying to use the AMI and connect using telnet. When I try to connect while I’m connected to the localhost running the asterisk server, it connects okay. When I try using telnet to connect form the host machine (I want to use Java code) it does not connect to the asterisk server using telnet. Would anyone know what I’d need to do to enable connection outside the virtual machine with the Asterisk server on it?
Thank you
Assuming manager.conf is essentially defaults, removed any firewall, blocking port 5038/TCP, between client and Asterisk.
Would this firewall blockage be on the client server or on the Asterisk server?
Anywhere there is a firewall between, and including, source and destination.
Ideally a firewall should generate an ICMP destination unreachable packet, from which you should be able to determine which bit of hardware blocked it.
If you rum tcpdump on both servers you may get a clue.
Note that tcpdump sees incoming packets before iptables and outgoing packets after iptables IIRC.
Okay thank you, I got it to work, the issue was not with the firewall but with my routing and permitting certain ip addresses. So just one extra question, when i have deny set to 0.0.0.0/0.0.0.0, do I still need to permit certain ip addresses to let them in?
0.0.0.0/0.0.0.0 selects all addresses, so, if you deny with that pattern, you will have to specify all allowed addresses.
Which is a good thing 
Fun observations from casual use of AMI:
Trailing spaces in the username are significant.
Trailing spaces in the secret are problematic.
The ‘permit’ ACL is not enforced on TCP connection, but on the login action. This may sound like a difference without a distinction since all (?) commands require authentication, but implies that there is a potential for a bug to allow an attack from any IP address – so make sure you lock down the AMI port in your firewall.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.