External telnet to AMI


#1

I am setting up an Asterisk inside a Kubernetes cluster and so far everything is working like a charm but the AMI interface. This is the manager.conf:

[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0
webenabled = no

[bookline]
secret = ***
permit = 0.0.0.0/0.0.0.0
read = all,system,call,log,verbose,command,agent,user,config,originate
write = all,system,call,log,verbose,command,agent,user,config,originate

I am aware that permit is not restrictive at all but I want to make sure that everything is working before I set any restrictions. With this setup I am actually able to telnet to localhost atport 5038 and everything is working as expected but… when I try to access the same socket through its external IP by any other node in the cluster, the connection gets rejected.

Is there something wrong with my configuration? Or should I be looking into something else that’s not Asterisk?

Thanks!


#2

Your problem is not Asterisk, it’s external.


#3

In the same server where Asterisk is running, I have deployed a simple HTTP Server to debug any networking issues and I have been able to connect without problems at all.

/ # wget asterisk:5030
Connecting to asterisk:5030 (10.3.245.157:5030)
index.html 100% |*************************************************************************************************************| 814 0:00:00 ETA

/ # wget asterisk:5038
Connecting to asterisk:5038 (10.3.245.157:5038)
wget: can’t connect to remote host (10.3.245.157): Connection refused

Connecting to the port using telnet results in an automatic fail of “can’t connect”.

/ # telnet asterisk 5038
telnet: can’t connect to remote host (10.3.245.157): Connection refused

but with the HTTP Server it doesn’t.

/ # telnet asterisk 5030

And I have made sure that the service is running

root@asterisk-6c456c4df4-bjkjh:/# netstat -antup | grep 5038
tcp 0 0 127.0.0.1:5038 0.0.0.0:* LISTEN 1/asterisk

What else could I try to completely discard Asterisk?


#4

In the configuration provided it was bound to “0.0.0.0” but in your netstat it shows 127.0.0.1. Are you sure the configuration you have provided is actually the correct one? What does the CLI output to show the manager configuration show?


#5

asterisk-6c456c4df4-2cw7j*CLI> manager show settings

Global Settings:

Manager (AMI): Yes
Web Manager (AMI/HTTP): No
TCP Bindaddress: 127.0.0.1:5038
HTTP Timeout (minutes): 60
TLS Enable: No
TLS Bindaddress: Disabled
TLS Certfile: asterisk.pem
TLS Privatekey:
TLS Cipher:
Allow multiple login: Yes
Display connects: Yes
Timestamp events: No
Channel vars:
Debug: No

root@asterisk-6c456c4df4-2cw7j:/# cat /etc/asterisk/manager.d/manager.conf

[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0
webenabled = no

[bookline]
secret = ***
permit = 0.0.0.0/0.0.0.0
read = all,system,call,log,verbose,command,agent,user,config,originate
write = all,system,call,log,verbose,command,agent,user,config,originate


#6

That is not a normal location AMI would look to for its configuration. It is normally at /etc/asterisk/manager.conf, which may be overriding what you state.


#7

You are completely right! That was the root cause of all the problems.

root@asterisk-6c456c4df4-2cw7j:/# cat /etc/asterisk/manager.conf
#include manager_custom.conf
#include manager.d/*.conf

root@asterisk-6c456c4df4-2cw7j:/# cat /etc/asterisk/manager_custom.conf
[general]
enabled = yes
port = 5038
bindaddr = 127.0.0.1
webenabled = no

Thank you very much.