Proxmox firewall blocking ATA to VoIP server?

Discussion in 'Proxmox VE: Installation and configuration' started by eiger3970, Nov 11, 2012.

  1. eiger3970

    eiger3970 Member

    Joined:
    Sep 9, 2012
    Messages:
    234
    Likes Received:
    1
    I updated my Elastix server's IP address.
    I then updated my ATA's proxy server to the new Elastix server's IP address.
    The ATA can't register to the extenstion and go online, it only says offline or can't connect to the login server?
    I did change my router's port fowards aswell?

    I updated Elastix's IP address from 192.168.1.160 to 192.168.1.164.
    192.168.1.160 was the IP address I set for Elastix Version 2.3.0 Release 5 which is running on my VM in Proxmox.
    I simply logged into 192.168.1.160 with the browser GUI, went to Elastix/System/Network/Device/Ethernet 0/IP Address: 192.168.1.160 and changed to 192.168.1.164/Apply Changes/OK.

    I then went to my ATA Linksys PAP2T/Line 1/Proxy and Registration/Proxy: 192.168.1.160 and changed to 192.168.1.164/Save Settings. This will send the ATA packets to the VoIP server's extension 3000 which has the same password in the ATA's extension settings and Elastix's PBX/Extensions' secret.

    I don't use a firewall.
    In fact, I have set the router to DMZ to allow all traffic in an attempt to fix the issue.

    I can ping and access via browser GUI the ATA, Proxmox, Elastix and the router.


    Yes, all the correct ifconfig details come up.

    I actually reboot the Proxmox server every night when it's turn off automatically with a cron job at 2200 and then the BIOS turns it on automatically at 0800 (watch out for the BIOS System Time which is changed by the OS' Proxmox clock to UTC(GMT)).

    Everything pings but still no ATA connecting to the server extension?
    I only changed IPs, so maybe Proxmox has a firewall?...I will need to research.
    I didn't change any passwords which is also a common resolution, but I checked this numerous times even though I shouldn't really need to.
     
  2. axion.joey

    axion.joey Member

    Joined:
    Dec 29, 2009
    Messages:
    76
    Likes Received:
    1
    Could be a firewall on proxmox or the vm. Do you see any traffic from the ata to asterisk?

    Within the vm temporarily disable iptables by running service iptables stop. Then on the asterisk cli run sip set debug ip xxx.xxx.xxx.xxx (using the ip address of the ata) and reboot the ata and see if you see any traffic.
     
  3. eiger3970

    eiger3970 Member

    Joined:
    Sep 9, 2012
    Messages:
    234
    Likes Received:
    1
    Thanks, here's what I've done and ATA still cannot connect to Elastix via Proxmox?

    I updated my Elastix server's IP address.
    I then updated my ATA's proxy server to the new Elastix server's IP address.
    The ATA can't register to the extenstion and go online, it only says offline or can't connect to the login server?
    I did change my router's port fowards aswell?


    I updated Elastix's IP address from 192.168.1.160 to 192.168.1.164.
    192.168.1.160 was the IP address I set for Elastix Version 2.3.0 Release 5 which is running on my VM in Proxmox.
    I simply logged into 192.168.1.160 with the browser GUI, went to Elastix/System/Network/Device/Ethernet 0/IP Address: 192.168.1.160 and changed to 192.168.1.164/Apply Changes/OK.

    I then went to my ATA Linksys PAP2T/Line 1/Proxy and Registration/Proxy: 192.168.1.160 and changed to 192.168.1.164/Save Settings. This will send the ATA packets to the VoIP server's extension 3000 which has the same password in the ATA's extension settings and Elastix's PBX/Extensions' secret.

    I don't use a firewall.
    In fact, I have set the router to DMZ to allow all traffic in an attempt to fix the issue.

    I can ping and access via browser GUI the ATA, Proxmox, Elastix and the router.



    all the correct ifconfig details come up.

    I actually reboot the Proxmox server every night when it's turn off automatically with a cron job at 2200 and then the BIOS turns it on automatically at 0800 (watch out for the BIOS System Time which is changed by the OS' Proxmox clock to UTC(GMT)).

    Everything pings but still no ATA connecting to the server extension?
    I only changed IPs, so maybe Proxmox has a firewall?...I will need to research.
    I didn't change any passwords which is also a common resolution, but I checked this numerous times even though I shouldn't really need to.



    I went to Proxmox and the IP address wasn't updated.
    So, updated Promox's IP address, default gateway and DNS.
    However, I can't find a way to change the 'container's inside Proxmox. The VMs.

    I have accessed the VMs via their old IP addresses from a browser and changed the IPs which I thought would be enough, however the ATA still won't connect to the Elastix?

    ATA: 192.168.1.10
    ATA's proxy server set to connect to extension 3000: 192.168.1.164
    Extension 3000's password is set to the same password as in Elastix's PBX Extension 3000.

    Proxmox: 192.168.1.160, 255.255.255.0, 192.168.1.180. DNS 192.168.1.180
    VM Elastix in Proxmox: 192.168.1.164
    VM Website as a hobby: 192.168.120, want to change to 192.168.1.167.

    Router: 192.168.1.180



    Well, after much time I have found an old IP address for the hobby website at 192.168.1.120:10000.

    I am pointing this out as this may be what's needed for the Elastix VM container aswell?

    Open browser/type in IP address of 192.168.1.120:10000/Webmin/Servers/BIND DNS Server/Type/All...
    ...Name/xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/ftp.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/m.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/localhost.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/admin.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/mail.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/xxxx.com/Additional allowed sender IP addresses/networks, I changed from 192.168.1.120 to 192.168.1.167/Save.

    However, this only changed the IP address in Webmin. Access to this container is still on the old 192.168.120, which I think I need to change in Proxmox's Virtualmin.
    I find no option to change the IP address in Virtualmin?
     
  4. eiger3970

    eiger3970 Member

    Joined:
    Sep 9, 2012
    Messages:
    234
    Likes Received:
    1
    I updated my Elastix server's IP address.
    I then updated my ATA's proxy server to the new Elastix server's IP address.
    The ATA can't register to the extenstion and go online, it only says offline or can't connect to the login server?
    I did change my router's port fowards aswell?


    I updated Elastix's IP address from 192.168.1.160 to 192.168.1.164.
    192.168.1.160 was the IP address I set for Elastix Version 2.3.0 Release 5 which is running on my VM in Proxmox.
    I simply logged into 192.168.1.160 with the browser GUI, went to Elastix/System/Network/Device/Ethernet 0/IP Address: 192.168.1.160 and changed to 192.168.1.164/Apply Changes/OK.

    I then went to my ATA Linksys PAP2T/Line 1/Proxy and Registration/Proxy: 192.168.1.160 and changed to 192.168.1.164/Save Settings. This will send the ATA packets to the VoIP server's extension 3000 which has the same password in the ATA's extension settings and Elastix's PBX/Extensions' secret.

    I don't use a firewall.
    In fact, I have set the router to DMZ to allow all traffic in an attempt to fix the issue.

    I can ping and access via browser GUI the ATA, Proxmox, Elastix and the router.



    Yes, all the correct ifconfig details come up.

    I actually reboot the Proxmox server every night when it's turn off automatically with a cron job at 2200 and then the BIOS turns it on automatically at 0800 (watch out for the BIOS System Time which is changed by the OS' Proxmox clock to UTC(GMT)).

    Everything pings but still no ATA connecting to the server extension?
    I only changed IPs, so maybe Proxmox has a firewall?...I will need to research.
    I didn't change any passwords which is also a common resolution, but I checked this numerous times even though I shouldn't really need to.


    I went to Proxmox and the IP address wasn't updated.
    So, updated Promox's IP address, default gateway and DNS.
    However, I can't find a way to change the 'container's inside Proxmox. The VMs.

    I have accessed the VMs via their old IP addresses from a browser and changed the IPs which I thought would be enough, however the ATA still won't connect to the Elastix?

    ATA: 192.168.1.10
    ATA's proxy server set to connect to extension 3000: 192.168.1.164
    Extension 3000's password is set to the same password as in Elastix's PBX Extension 3000.

    Proxmox: 192.168.1.160, 255.255.255.0, 192.168.1.180. DNS 192.168.1.180
    VM Elastix in Proxmox: 192.168.1.164
    VM Website as a hobby: 192.168.120, want to change to 192.168.1.167.

    Router: 192.168.1.180



    Well, after much time I have found an old IP address for the hobby website at 192.168.1.120:10000.

    I am pointing this out as this may be what's needed for the Elastix VM container aswell?

    Open browser/type in IP address of 192.168.1.120:10000/Webmin/Servers/BIND DNS Server/Type/All...
    ...Name/xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/ftp.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/m.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/localhost.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/admin.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/mail.xxxx.com/Address: change from 192.168.1.120 to 192.168.1.167/Save.
    ...Name/xxxx.com/Additional allowed sender IP addresses/networks, I changed from 192.168.1.120 to 192.168.1.167/Save.

    However, this only changed the IP address in Webmin. Access to this container is still on the old 192.168.120, which I think I need to change in Proxmox's Virtualmin.
    I find no option to change the IP address in Virtualmin?
     
  5. eiger3970

    eiger3970 Member

    Joined:
    Sep 9, 2012
    Messages:
    234
    Likes Received:
    1
    Thanks for the reply.
    As I'm new, I don't find an option to disable the iptables in the GUI of Proxmox (the node) or the VMs.
    It might be in the root@proxmox folders, but I'm not sure where to look?

    I then SSHed into Elastix's new IP address I gave (which doesn't seem to have updated in Proxmox, but I can reach the new IP address).
    Typed: asterisk -r to enter asterisk commands.
    Typed: sip set debug ip 192.168.1.10 (the ATA's new IP address) and the debug seemed to run, but ATA still says: Can't connect to login server.
     
  6. udo

    udo Well-Known Member
    Proxmox Subscriber

    Joined:
    Apr 22, 2009
    Messages:
    5,845
    Likes Received:
    159
    Hi,
    you can try to find the issue with tcpdump on the pvehost (btw. normal there are no firewall-settings which control VM-traffic), like
    Code:
    tcpdump -i vmbr0 host 192.168.1.10
    
    Udo
     
  7. eiger3970

    eiger3970 Member

    Joined:
    Sep 9, 2012
    Messages:
    234
    Likes Received:
    1
    Thank you for your reply.
    I think the Proxmox node and ATA are connecting, however the Elastix server which is the Proxmox's Node's VM may not.

    The results in the Proxmox node 192.168.1.160 of tcpdump -i vmbr0 host 192.168.1.10 give:
    20:36:53.090236 IP 192.168.1.164.sip > 192.168.1.10.sip: SIP, length: 470
    20:36:58.110481 ARP, Request who-has 192.168.1.10 tell 192.168.1.164, length 28
    20:36:58.111027 ARP, Reply 192.168.1.10 is-at 00:le:e5:30:43:4e (oui Unknown), length 46
    20:37:11.626222 IP 192.168.1.10.sip > 192.168.1.164.sip: SIP, length: 470
    20:37:11.636172 IP 192.168.1.10.sip > 192.168.1.164.sip: SIP, length: 470
    20:37:12.125389 IP 192.168.1.10.sip > 192.168.1.164.sip: SIP, length: 470
    20:37:12.135388 IP 192.168.1.10.sip > 192.168.1.164.sip: SIP, length: 470
    20:37:13.125326 IP 192.168.1.10.sip > 192.168.1.164.sip: SIP, length: 470
     
  8. mmenaz

    mmenaz Member

    Joined:
    Jun 25, 2009
    Messages:
    736
    Likes Received:
    5
    I suggest a
    Code:
    # grep -r 192.168.1.160 /etc
    
    inside elastix VM to see if you have left out some IP setting that is not automatically managed by elastix.
    As far as I know, Proxmox does no have any firewall enabled, and your VM is KVM so determines the IP address itself (vmbr0 acts only as a "switch" where your vm eth0 is connected).
     
  9. eiger3970

    eiger3970 Member

    Joined:
    Sep 9, 2012
    Messages:
    234
    Likes Received:
    1
    Thank you for the reply.
    Well in the VM Elastix on 192.168.1.64, grep -r 192.168.1.160 gives:
    grep: /etc/wanpipe/api/libstelephony/ltmain.sh: No such file or directory
    grep: /etc/wanpipe/api/libsangoma/ltmain.sh: No such file or directory
    /etc/httpd/logs/ssl_error_log.2:[Wed Nov 07 12:54:59 2012] [error] client 192.168.1.109] Wed, 07 Nov 2012 12:54:59 +1000 - Got event.. fullybooted, referer: https://192.168.1.160/index.php?menu=network
    Then lots more code but I can't copy and paste from Linux Mint Putty at the moment ;-(

    Well, also I tested my hobby website which I changed from 192.168.1.120 to 192.168.1.167 and it is still only accessible by browser GUI on 192.168.1.120:10000?

    So, I fee like the VoIP server's IP address may not really have chnaged either, even though I logged into the VoIP server and it shows it's updated to 192.168.1.164?
     
  10. mmenaz

    mmenaz Member

    Joined:
    Jun 25, 2009
    Messages:
    736
    Likes Received:
    5
    Find what files can be relevant in the grep output. First check the content of /etc/hosts, and also grep all the /etc/asterisk (I've not access to my elastix server at the moment, but as far as I remember the asterisk config parts are there). If you are able to log with ssh into 192.168.1.164 it has this IP for sure, but maybe dns, asterisk config etc. have not been updated, so you have an "half broken" system. Or you have created a virtual ethernet by mistake, and you have both the IP ;P
     
  11. eiger3970

    eiger3970 Member

    Joined:
    Sep 9, 2012
    Messages:
    234
    Likes Received:
    1
    Thanks for the reply.

    Not sure if this is part of the problem, but when I SSH into my Elastix VM machine on 192.168.1.164 the root folder only has 3 files?
    I type: ls and the result is:
    anaconda-ks.cfg install.log install.log.syslog

    Then again, the same thing happens SSHing into 192.168.1.160, the Promox node.
    Only result from ls is:
    link-name which is a file with no data in it?

    Same with 192.168.1.167 which is supposed to be my website's new IP address.

    I suspect Promox may be faulty as the VMs have not had their IP changed correctly.
    Can someone help me backup my data so I can reinstall Proxmox?
     
    #11 eiger3970, Nov 13, 2012
    Last edited: Nov 13, 2012
  12. mmenaz

    mmenaz Member

    Joined:
    Jun 25, 2009
    Messages:
    736
    Likes Received:
    5
    What do you mean with "root folder"? The folder of the root user ('/root') or the root of the file system ('/')? In the later case I just can say "impossible" :)
    With KVM machine, your network, from Proxmox point of view, is a bridge (vmbr0), so you don't have to change any IP address from the proxmox web interface or whatever, Proxmox is just a "switch", if vmbr0 has an IP is the IP to reach Proxmox server itself, is not related at all with the IP in the KVM VM.
    Inside the kvm vm you change the IP of eth0, and is nothing different from what you would do on a physical machine.
    Type
    Code:
    hostname -f
    
    to see the hostname you are into. Also, check if when you created the VM you, by mistake, forced manually the mac address of the virtual nic and put the same mac (or the same of proxmox host, or whatever not unique).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice