I’ve been noticing a couple communication problem with Asterisk relating to FirewallD in Centos 7
When my FirewallD is OFF, I don’t have issues
I track rejected request to my server via tail -f /var/log/messages
I notice when calling with FirewallD ON I get alot of rejected request from multiple IP
Using Whois I notice these IP request are coming from centurylink and other communication providers which I’m most likely communicating via their network route through my VOIP provider
How can I keep my Asterisk server protected with FirewallD and not have issues with Asterisk?
Current Call Flow Test
AMI --> Call Outbound with Provider --> T-Mobile Personal Cell Phone
When my FirewallD is ON and using my Provider, when calling outbound I would get the following…
- One way audio
- Call Incomplete
- Call wouldn’t come through but I can see via ConsoleOutput its going through Extensions.
- Call would come through for 1 second then stop then 1 seconds later call would come through
- PJSIP would try to call multiple time on the console output like
PJSIP/default_endpoint-0000000e is making progress
PJSIP/default_endpoint-0000000e is making progress
PJSIP/default_endpoint-0000000e is making progress
PJSIP/default_endpoint-0000000e is making progress
Firewall Settings: Reject ALL Others
(Accept Softphone from Internal network) (TCP/UDP:5060 UDP:10000-20000)
rule family=“ipv4” source address=“192.168.1.1/24” service name=“asterisk” accept
(Accept AMI Commands from Internal Network) (TCP:5038)
rule family=“ipv4” source address=“192.168.1.1/24” service name=“AMI-asterisk” accept
(Stop Annoying Message from Broadcast IP)
rule family=“ipv4” destination address=“192.168.1.255” drop
(SIP.US for incoming Calls and Different Providers for Outgoing)
rule family=“ipv4” source address=“65.254.44.194/32” service name=“asterisk” accept
rule family=“ipv4” source address=“74.81.71.18/32” service name=“asterisk” accept
Example tail -f /var/log/messages:
IP:72.165.118.12 = CenturyLink
Jul 26 20:20:32 ASTERISKFR kernel: FINAL_REJECT: IN=enp0s3 OUT= MAC=08:00:27:42:93:bc:34:97:f6:07:97:18:08:00 SRC=72.165.118.12 DST=192.168.1.190 LEN=200 TOS=0x18 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=59288 DPT=10650 LEN=180
Jul 26 20:20:32 ASTERISKFR kernel: FINAL_REJECT: IN=enp0s3 OUT= MAC=08:00:27:42:93:bc:34:97:f6:07:97:18:08:00 SRC=72.165.118.12 DST=192.168.1.190 LEN=200 TOS=0x18 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=59288 DPT=10650 LEN=180
Jul 26 20:20:32 ASTERISKFR kernel: FINAL_REJECT: IN=enp0s3 OUT= MAC=08:00:27:42:93:bc:34:97:f6:07:97:18:08:00 SRC=72.165.118.12 DST=192.168.1.190 LEN=200 TOS=0x18 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=59288 DPT=10650 LEN=180
Jul 26 20:20:32 ASTERISKFR kernel: FINAL_REJECT: IN=enp0s3 OUT= MAC=08:00:27:42:93:bc:34:97:f6:07:97:18:08:00 SRC=72.165.118.12 DST=192.168.1.190 LEN=200 TOS=0x18 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=59288 DPT=10650 LEN=180