WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Inbound sip not detected by asterisk in Xen domU

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Inbound sip not detected by asterisk in Xen domU
From: "Christopher Isip" <cmisip@xxxxxxxxx>
Date: Mon, 12 May 2008 22:59:33 -0400
Delivery-date: Mon, 12 May 2008 20:00:06 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=6Rd3O9xRic69mQ2lO0DhgY8NLCVNzb5kDd1Nlg5yRdo=; b=w0oBnjeku5Mz3niBSkkn+mGNfF5iohY3MRQ+V5C9Z9klppty0iG2P1Ve1vXu4pv1K2bzszGyohIB6F/yomJtYo1e13NonAOmS8PxaoZkM6O0WSlefM6HcL92JfvW5cAlI2p/LpsSooyFcSG3L1QMPdua/uE42kGU8pCvgQb7WBs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=E1dhLg6cvQ8L3KzyibCg2GJPvD3uOxrkTqcTKtY8IF1BjHuiNIUEcc7DDVWaDqYL4LvQrnrueDrbbn3tIS+nkbuMYHN0FQUBarmmO299BsFTxIbypWJb0xnvQwFIW+/N6s8A+HslNvMiXVUpc+3FeuvOdngQGPGeSy5Q49R7L6o=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
I realize that this might not be at all a xen issue but I want to be sure because the setup "should" work.  I have a xen Asterisk DomU to which I assigned a physical nic (pciback) and this connects to the ISP.  The xen DomU also has a vif that is connected to the bridge in dom0.  The xen  Asterisk domU is firewalled with shorewall and is doing IP masq for the rest of the domU's and lan computers:

/etc/shorewall/interfaces  
net eth0 detect routefilter,norfc1918,tcpflags
loc eth1 detect tcpflags

/etc/shorewall/zones
fw      firewall
loc     ipv4
net     ipv4

/etc/shorwall masq
eth0 eth1

/etc/shorewall/policy
fw all ACCEPT
loc fw ACCEPT
loc net ACCEPT
all all DROP

/etc/shorewall/rules
ACCEPT     net    fw    udp    4569,5060:5061,10000:20000
ACCEPT     net    fw    tcp    4569,5060:5061,10000:20000

#/sbin/ifconfig

eth0      Link encap:Ethernet  HWaddr 00:12:3F:B4:98:EA
          inet addr:12.XX.XX.XX  Bcast:255.255.255.255  Mask:255.255.252.0
          inet6 addr: fe80::212:3fff:feb4:98ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2053062 errors:0 dropped:0 overruns:0 frame:0
          TX packets:648311 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1037207261 (989.1 MiB)  TX bytes:43878683 (41.8 MiB)

eth1      Link encap:Ethernet  HWaddr 00:16:3E:70:21:02
          inet addr:192.168.0.4  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::216:3eff:fe70:2102/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:776173 errors:0 dropped:0 overruns:0 frame:0
          TX packets:713553 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:70910867 (67.6 MiB)  TX bytes:947947605 (904.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:165207 errors:0 dropped:0 overruns:0 frame:0
          TX packets:165207 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:17730765 (16.9 MiB)  TX bytes:17730765 (16.9 MiB)


Everything works fine as far as browsing the net, downloading etc.  I can even
use my SIP phone to call out.  However sip calls originating outside the firewall cannot get in. 
The ISP hasn't blocked the port cause an old non xen box I have ( its dying, thats why I am migrating to a new xenified box.)

The old box (non xen) had the same exact configuration (to the best of my knowledge although the new one is asterisk 1.4 while the old one is 1.2). 

Is there any peculiar way that xen handles incoming packets that might cause this?
This xen asterisk domU used to have only one nic with the dom0doing the natting but I had one way audio problems, although incoming and outgoing calls were both possible.  I hoped that by configuring the asterisk domU to be the firewall and nat server as well, I could avoid the nat  related issue of one way audio.  And then this problem crept in.

The DomU is Centos Plus.  

Thanks for any advice or insight you can give

Chris

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>