2 NIC issues

I have just installed freePBX Distro 1.816.210.58

I have 2 NIC in the server, one face outside with real IP 173.167.xx.xx, the other faces inside with 192.168.xx.xx.

My trunks are registering with my sip trunk provider through the inside NIC with the 192.168.xx.xx address. This inside NIC is behind a firewall and will not allow traffic in. As a result all calls coming in will receive “This number is not in service…” message. While all outgoing calls are fine.

How can I make sure that all my trunks goes through the NIC with the real public address of 173.167.xx.xx ?

Please help.

Are you running NAT and all traffic routing on the server, or do you have another public IP and router running somewhere else on the 192.168.x.x network?

If you’re doing NAT on the server, then you’ll still have to check your firewall settings to make sure that the 173.167.x.x interface doesn’t have any blocking that’s affecting your SIP traffic. If you’re running a router on the 192.168.x.x network then you’ll want to double check your server and make sure that it’s not using 192.168.x.x as the default route…

More info about your setup/topology would help

for the 192.168.x.x (eth0)network, it goes from the NIC (eth0) to a switch then to the firewall then to the cable modem then goes outside. The firewall does the NAT. The WAN side of the firewall has static IP of 173.167.x.x. (different from the 173.167.x.x of eth2) The cable modem does not do any NAT or DHCP.

for the 173.167.X.X (eth2) network, it goes from the NIC (eth2) to the cable modem then to the outside. The cable modem does not do any NAT or DHCP. eth2 is on static IP.

How do I control which NIC my trunk uses to register to the SIP trunk provider? In my case it is voicepulse.

You need to either set the default route to be eth2 (this will mean that any traffic that is not for 192.168.x.x will use eth2), or setup a static route to your SIP trunk provider using eth2 (this will mean that only traffic to your SIP trunk provider will use eth2, everything else will go out eth0).

I suspect the 2nd option is what you want. Not sure if the freePBX distro has a webmin GUI or anything like that, but you can test things out first by connecting via ssh/console to your server and running a simple route command. You’ll need to be root, and issue the following:
route add xxx.xxx.xxx.xxx eth2

where xxx.xxx.xxx.xxx is the IP address of the SIP provider’s server that you’re trying to connect to.

You might try swapping eth0 and I believe you are meaning eth1 (not eth2). In any event, linux almost always defaults to eth0 as your main ‘gateway’.

SWAP eth0 with eth1

In /etc/sysconfig/network-scripts
Ifcfg-eth0
Ifcfg-eth1

Swap/change HWADDR=MAC Address

This will help in the WAN portion of your setup.

jolouis, I took your 2nd option, I went to my profile page at the trunk provider and set my 17.167.xx.xx address as a static IP to use to register my trunks and that solved the problem for now.

johnjces, it is good to know that linux uses eth0 as the main gateway, I will definitely swap the 2 eths, my server came with dual NIC eth0 and eth1, but eth1 is dead so I had to add a third NIC eth2 inorder to have 2 NICs that’s why I’m using eth0 and eht2.

I’m going to see if swapping the 2 eht will get my trunks to register from the right NIC everytime I restart.

Thanks for all your advices.

Huh??? This makes no sense at all.

No operating system defaults to an interface. You define the default gateway when you set the IP address. You must specify a default gateway to a connected interface. If the connected interface to the network your gateway is in happens to be eth5, tun742 or ppp69 then that’s what the route will bind to.

SkykingOH, you are right, I tried swapping the 2 NICs settings so that eth0 face the public and eth2 faces the inside network and my trunks didn’t go throught eth0 to register with my trunk providers automatically. I waited and restarted the network service and asterisks.

I seems that asterisks try to connect to my sip providers without any preference as to which NIC to use. The only way for me to make sure it used the NIC that faces the public to register the trunks is to set that up at my sip provider side by only allowing my 173.167.xx.xx address to register.

So, SKYkingOH, are you saying that ther is no way to bind asterisks to a specific NIC at all?

Asterisk is not bound to any NIC at all. It simple creates IP packets (either tcp or UDP) that are routed via the Linux IP stack.

Please don’t take this the wrong way but it sure sounds like you are missing fundamental concepts of how IP networking operates.

Let’s take the simplest concept, if I had a whiteboard this would be easier:

1 - If you have two interfaces connected to two networks and no routes “not a default route or anything I mean no routes”

In this scenario the IP stack would route packets to the connected networks only. Any packets destined to other networks would be unroutable

2 - In the next scenario a default gateway is added, the IP stack will use the network interface that connects to the network the gateway is attached to forward all traffic for non connected networks (is this getting confusing all ready)

I think someone mentioned about adding a static route to your provider, they care correct, however that might not give relied.

A static route explicitly sends the networks in the route to the gateway specified. For this to work you must have multiple gateways.

You can also works this the converse. Make the default route the one you want for voice on your Asterisk box then use static routes for any other networks you need to reach.

It also may be simpler if you have an Enterprise class firewall that allows source based routing or route maps to do this downstream of the Asterisk box.

The more specific you are the more I can help.

One other comment, you may not understand the concept of adjancencies or connected networks.

A network is defined via the address and subnet mask. It is a function of boolean algebra. You may want to spend some time with a subnet calculator or subnet mask cheat sheat (found online, use those keywords) to fully understand the base 16 arithmetic involved.

Scott,

I used the word ‘gateway’ seeking the correct word. It just seems that any Linux distro I have set up with multiple NICS always sets a default WAN route through eth0. Am I nuts here? I might be because in hindsight you wouldn’t assign a gateway ip to a LAN address, therefore the default route.

Getting old… maybe time to lurk.

John

The OS doesn’t assign a route to any interface.

The route is obtained two ways.

[list]
[] Via DHCP (assuming the next hop gateway is defined in the DHCP server
[
] Via static assignment
[/list]

What I am trying to quiet is the concept that the OS makes any decisions in the process. The default gateway is more properly called the route of last resort, when all routes for smaller networks (than 32 bits, the IP address space) are exhausted the packet is sent to the route of last resort.

Does this make sense?

Yes it does and thanks.

BTW John, are you going to be at Astricon since it’s in your back yard? If so make sure you stop by the booth and say hello!

I’d love to go but I am in AZ and GA just too far to go. In the Portland area now and so travel is out for awhile. I am hoping some of this stuff makes it to PHX one of these days. I’d like to take the OTTS class again if ever closer.

Sorry, thought you were in ATL.

Thank you John and Skyking, thanks for all the explanations.