ATA not connecting to asterisk on port 5070

HI all,

I have being using iinet’s Budii modem for several years now, with not to much problem I have just build a new asterisk phone server.

I can connect a phone via budii’s ata port via port 5060 to the asterisk server but due to other issues, i needed to change the port to 5070. I have opened port 5070 in my firewall and changed the ports in my freepbx data.

The phone doesnt even attempt to register. I also use zoiper as a softphone (on android mobile device using 4G and wifi) using the same settings and that connects to the asterisk server with out a problem and in my opinion removes any suggestion that it is a firewall problem.

IPTABLES

# Generated by iptables-save v1.4.7 on Thu Apr 27 14:00:14 2017
*nat
:PREROUTING ACCEPT [1107:156697]
:POSTROUTING ACCEPT [125:9889]
:OUTPUT ACCEPT [125:9889]
COMMIT
# Completed on Thu Apr 27 14:00:14 2017
# Generated by iptables-save v1.4.7 on Thu Apr 27 14:00:14 2017
*mangle
:PREROUTING ACCEPT [3484:397047]
:INPUT ACCEPT [3484:397047]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3092:973148]
:POSTROUTING ACCEPT [3092:973148]
COMMIT
# Completed on Thu Apr 27 14:00:14 2017
# Generated by iptables-save v1.4.7 on Thu Apr 27 14:00:14 2017
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [60:20405]
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5091 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5090 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -s 27.54.80.207/32 -p tcp -m tcp --dport 6556 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 5091 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 5090 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 143 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 993 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 110 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 995 -m conntrack --ctstate ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Apr 27 14:00:14 2017

Asterisk sip_additional.conf

[101]
deny=0.0.0.0/0.0.0.0
secret=******
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
defaultuser=101
trustrpid=yes
sendrpid=pai
type=peer
session-timers=accept
nat=force_rport,comedia
port=5070
qualify=yes
qualifyfreq=60
transport=udp,tcp
avpf=no
force_avp=no
icesupport=no
encryption=no
namedcallgroup=
namedpickupgroup=
dial=SIP/101
permit=0.0.0.0/0.0.0.0
callerid=Office <101>
callcounter=yes
faxdetect=no

As for my voip ata/modem, the only details i have changed is:

Proxy port: 5070 (was 5060)
Registrar port: 5071 (was 5061)

If more details are required, please let me know.

Does any one have any other suggestions that i have missed?

Have you changed to port on your softphone?

the ATA?? yes… to 5070

ok, the port you are forwarding is UDP, not TCP? Did you somehow ban your IP in testing?

Just thinking of issues I’ve had in the past…

Sounds like it’s time for some old fashioned tcpdump action:

tcpdump -I eth0 host <IP of ATA>

Watch the port numbers on the addresses - if they are all 5070, you should be good to go. I’m going to guess that the 5060 port is hard-coded in the system somewhere and is jamming you up.

Sorry for the delay all, nothing has worked.the only thing i can think of, is as cynjut sugegsted, even though the ATA gives an option for port number, i think it may be harcoded as well… so i will change ATA’s today to see…

Thanks all for your help