Asterisk no audio

anon44 · March 3, 2022, 5:41am

I’ve been trying to get things working for days without success.

Same old story: Everything worked a few months ago. In frustration, I’ve been reduced to trial and error rather than problem solving. Nothing works.

Asterisk connects to outside line but no sound in either direction. Works fine on phone extensions that are inside my network.

A firewall problem?

Thanks for any help or suggestions.

-Steve

Ports 10000-20000 are open for udp and tcp

UFW Status Output:



Status: active

To                         Action      From
--                         ------      ----
Apache Full                ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
5060/tcp                   ALLOW       Anywhere                  
10000:20000/tcp            ALLOW       Anywhere                  
520/udp                    ALLOW       Anywhere                  
143                        ALLOW       Anywhere                  
993                        ALLOW       Anywhere                  
10000:20000/udp            ALLOW       Anywhere                  
5060/udp                   ALLOW       Anywhere                  
23/tcp                     ALLOW       Anywhere                  
465                        ALLOW       Anywhere                  
2027                       ALLOW       Anywhere                  
2727                       ALLOW       Anywhere                  
4520                       ALLOW       Anywhere                  
4569                       ALLOW       Anywhere                  
5000                       ALLOW       Anywhere                  
5060                       ALLOW       192.168.1.1               
Anywhere                   ALLOW       192.168.1.1               
Anywhere                   ALLOW       67.86.108.167             
5060:5061/udp              ALLOW       Anywhere                  
10000:65000/tcp            ALLOW       Anywhere                  
10000:65000/udp            ALLOW       Anywhere                  
Apache Full (v6)           ALLOW       Anywhere (v6)             
22 (v6)                    ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
5060/tcp (v6)              ALLOW       Anywhere (v6)             
10000:20000/tcp (v6)       ALLOW       Anywhere (v6)             
520/udp (v6)               ALLOW       Anywhere (v6)             
143 (v6)                   ALLOW       Anywhere (v6)             
993 (v6)                   ALLOW       Anywhere (v6)             
10000:20000/udp (v6)       ALLOW       Anywhere (v6)             
5060/udp (v6)              ALLOW       Anywhere (v6)             
23/tcp (v6)                ALLOW       Anywhere (v6)             
465 (v6)                   ALLOW       Anywhere (v6)             
2027 (v6)                  ALLOW       Anywhere (v6)             
2727 (v6)                  ALLOW       Anywhere (v6)             
4520 (v6)                  ALLOW       Anywhere (v6)             
4569 (v6)                  ALLOW       Anywhere (v6)             
5000 (v6)                  ALLOW       Anywhere (v6)             
5060:5061/udp (v6)         ALLOW       Anywhere (v6)             
10000:65000/tcp (v6)       ALLOW       Anywhere (v6)             
10000:65000/udp (v6)       ALLOW       Anywhere (v6)             

80/tcp                     ALLOW OUT   Anywhere                  
53/udp                     ALLOW OUT   Anywhere                  
53/tcp                     ALLOW OUT   Anywhere                  
Anywhere                   ALLOW OUT   192.168.1.1               
53 (v6)                    ALLOW OUT   Anywhere (v6)             
80/tcp (v6)                ALLOW OUT   Anywhere (v6)             
53/udp (v6)                ALLOW OUT   Anywhere (v6)             
53/tcp (v6)                ALLOW OUT   Anywhere (v6)

rules.v4 file:



# Generated by iptables-save v1.6.0 on Sun Aug 16 00:59:07 2020
*nat
:PREROUTING ACCEPT [1751:419836]
:INPUT ACCEPT [574:346213]
:OUTPUT ACCEPT [687:60300]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp1s0 -j MASQUERADE
COMMIT
# Completed on Sun Aug 16 00:59:07 2020
# Generated by iptables-save v1.6.0 on Sun Aug 16 00:59:07 2020
*filter
:INPUT DROP [3:124]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:120]
:f2b-ASTERISK - [0:0]
:f2b-apache-overflows - [0:0]
:f2b-auth - [0:0]
:f2b-badbots - [0:0]
:f2b-noscript - [0:0]
:f2b-php-url-fopen - [0:0]
:f2b-sshd - [0:0]
:ufw-after-forward - [0:0]
:ufw-after-input - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-logging-allow - [0:0]
:ufw-logging-deny - [0:0]
:ufw-not-local - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-skip-to-policy-forward - [0:0]
:ufw-skip-to-policy-input - [0:0]
:ufw-skip-to-policy-output - [0:0]
:ufw-track-forward - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-user-input - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-output - [0:0]
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-auth
-A INPUT -j f2b-ASTERISK
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-php-url-fopen
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-overflows
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-noscript
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-badbots
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A f2b-ASTERISK -s 104.229.79.4/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-ASTERISK -s 103.145.12.217/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-ASTERISK -j RETURN
-A f2b-apache-overflows -j RETURN
-A f2b-auth -j RETURN
-A f2b-badbots -j RETURN
-A f2b-noscript -j RETURN
-A f2b-php-url-fopen -j RETURN
-A f2b-sshd -s 218.92.0.192/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 2.232.250.91/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 180.76.101.202/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 222.186.175.148/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 64.225.39.69/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 222.186.15.62/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 121.162.235.44/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 222.186.180.8/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 27.154.225.186/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 220.249.114.237/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 218.92.0.148/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 222.186.180.17/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -j RETURN
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j ACCEPT
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-forward -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-forward -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m multiport --dports 80,443 -m comment --comment "\'dapp_Apache%20Full\'" -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 443 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 5060 -j ACCEPT
-A ufw-user-input -p tcp -m multiport --dports 10000:20000 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 520 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 143 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 143 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 993 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 993 -j ACCEPT
-A ufw-user-input -p udp -m multiport --dports 10000:20000 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 5060 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 23 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 465 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 465 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
-A ufw-user-output -p tcp -m tcp --dport 80 -j ACCEPT
-A ufw-user-output -p udp -m udp --dport 53 -j ACCEPT
-A ufw-user-output -p tcp -m tcp --dport 53 -j ACCEPT
COMMIT
# Completed on Sun Aug 16 00:59:07 2020

EkFudrek · March 3, 2022, 6:03am

What happens in case you disable the firewall for a few tests?

anon44 · March 3, 2022, 6:10am

I’ve used “ufw disable” and still no audio.

Is that enough to stop the firewall or do I need to do something iptables -flush?

EkFudrek · March 3, 2022, 6:29am

If you had to additionally flush the tables, it would not be an uncomplicated firewall. Disabling it should be enough, but you could additionally check the status with ufw status verbose.

If it is not the firewall, then you need to check if it is a NAT related problem. It could be something else, but I would check that next. You need to provide your configuration and a full SIP trace. Otherwise, it’s just trial and error.

anon44 · March 3, 2022, 12:08pm

Thanks for the help. I’ll have to wait until tonight for the outside Asterisk user to test.

Uncomplicated? Nothing with computers is uncomplicated. And everything takes a lot longer than expected.

$ ufw disable
Firewall stopped and disabled on system startup

Testing firewall https://www.firewallruletest.com/ ports 5060 and 15000 fail. No difference between ufw enabled and disabled.

Even though ufw says “Firewall stopped and disabled on system startup” when I reboot ufw is active. I’ll leave that problem for another time.

I appreciate your patience.

-Steve

anon44 · March 3, 2022, 3:00pm

Still no audio after “ufw disable”

system · April 2, 2022, 3:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No audio from extension outside of firewall Asterisk SIP	16	1331	April 8, 2022
Unable to hear audio from Asterisk server Asterisk Support	7	439	March 12, 2018
One way audio issue Asterisk SIP	7	783	April 18, 2017
Asterisk Issue in Ubuntu server Asterisk Support	9	2900	November 13, 2019
Problem with audio Asterisk Support	2	268	May 16, 2008

Asterisk no audio

Related topics