This may be a simple problem, but when we dial out to an external number we get a strange pattern of dialling. If I dial a number I get 3 different things happening in a round robin fashion:
1.- The number dials correctly with the proper CID
2.- The number dials properly but the CID is "GUS ZYLSTRA"
3.- Extension 1900 is dialed
The pattern is consistent so it seems like a setup problem. Could someone give some advice,
I tried to do that. One of the files was too big - I can solve that, but the other said it has to many non text characters. I have zipped files - is there a better format?
For now the only log we need are the (sanitized) entries that occur in /var/log/asterisk/full and ONLY those lines that occur during a βstrangeβ outbound call, not the entire log and certainly nothing with non-text characters.
Here it is. It is amazing how large the files get even though I was the only one on the phone (at least in the office) I called from extension 1012 to external number 613-686-5487 at least 6 times. full10.tgz (19.5 KB)
hiοΌ
Could you check this log, please reset the limitation in trunk and have a try:
β Got SIP response 480 βTrunk Concurrency Limit Reachedβ back from 192.159.66.3:5060
[2015-11-26 12:49:06] VERBOSE[19651][C-00001209] app_dial.c: β SIP/fpbx-1-W7qTJLasDxCa-000005c5 is circuit-busy
[2015-11-26 12:49:06] VERBOSE[19651][C-00001209] app_dial.c: == Everyone is busy/congested at this time (1:0/1/0)
This is an attempt to register from IP number 89.163.148.203, which is from Germany. I need to firewall off these attempts. Can someone tell me what has to be left open for SIPStation to work, but firewall everything else off?
I donβt know what this is. The IP numbers are from Wisconsin (162.253.134.142, 192.159.66.3) so they may be SIPStationβs IPs. Does anyone know what this error message actually means.
Here is another 3 minutes of log files. I have turned off time conditions and it is a smaller snap. I still need to secure the server a little more to avoid people trying to log in from outside. I again called the number 613-686-5487 six times and the same thing happens: 1st time works OK, 2nd time call is ok but the caller ID is wrong, and the 3rd time it calls extension 1900. Then it repeats the pattern.
Several things:
1.- Regarding the /tmp directory I see jetty-0.0.0.0 directories, hsperfdata_asterisk and hsperfdata_root directories. Are they safe?
2.- I have set the dial patterns that all long distance call go out the VOIP line from sipstation. Now the long distance calls all work. The local numbers go through a dahdi connection to a land line and they still act up. We have two dahdi external lines, and they act the same. But when I use the VOIP connection for calls, it works fine. Iβm sure there is a dahdi configuration problem!
3.- Could I have some pointers on how to tighten the firewall. I have forwarded port 5060 and ports 10000-20000 to the SIP server. We go through two routers from the Internet to our dedicated voip subnet. Otherwise there is no other connection. We have no external SIP phones other that our VOIP provider which is SIP Station. What I need to know is what range of IP addresses to allow, and otherwise no other IP addresses allowed. I suppose iptables would be the way to do this once I know what IP addresses to allow.
James
I would be suspicious of jetty it appears to be a standalone web server.
There are many posts here on securing your server with a firewall and fail2ban, the βDistroβ now comes with a firewall for ease of use. PIAF has had one for a while.
But IF you have been compromised, the only SAFE thing to do is start from scratch as it might well be too late to secure it.
Thanks for that. I am wondering whether the ports numbers on the card and the channels in the dahdi setup are the same. Iβm thinking that a wrong dahdi DID setup could be the problem.
I have the Freepbx distro. Is a firewall module included? I canβt find any, but it would be a little handier than coding at the command line.
Just to be sure, jetty is not used in Freepbx? Does someone know?
full12.tgz (2.0 KB)
Here is a blip from the full log. I just called an external number 613-332-3256, and the internal extension 1900 rang. I canβt see anything wrong in the log file.