Icmp error - destination unreachable (port unreachable) - when SIP request is routed to freePBX

Hi there - I’m having trouble connecting to FreePBX running inside VMware on XP - i am new to this so i’m rapidly getting lost
FreePBX is not in a DMZ of any kind.

I have a linksys router which has issued an IP address of 192.168.1.104 to centos linux
I can ping centos from XP machine whose has IP of 192.168.1.100

I am trying to connect a SIP client on my mobile phone to my home linksys gateway which has been assigned IP of 83.345.235.123
The external sip request is not getting into freepbx running inside the vmware instance

I can see the SIP request come in and get picked up by my router @ 192.168.1.1 and attempted to be forwarded to freepbx

26 4.220435 192.168.1.1 192.168.1.104 SIP Request: REGISTER sip:83.345.235.123:5062

as I have set up a port forward rule on the router to forward this request to the centos freepbx server @ 192.168.1.104

the request does not get through to the freepbx server as (i think) the linux firewall has not opened up the appropriate port 5060 or 5062 - can’t work this out from src port and dst below - i have my freepbx server listening on port 5062 and phone is sending on 5063 as well… where is port 5060 coming from??!

27 4.220685 192.168.1.104 192.168.1.1 ICMP Destination unreachable (Port unreachable)
User Datagram Protocol, Src Port: sip (5060), Dst Port: 5062 (5062)
REGISTER sip:83.345.235.123:5062 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.101;rport;branch=z9hG4bK6UNDp764agNUH
Max-Forwards: 70
From: sip:[email protected];tag=6e8pD5ctrD4Qr
To: sip:[email protected]
Call-ID: 55d9a2b2-2e92-122c-32ab-4d2b4fac67e8
CSeq: 107305518 REGISTER
Contact: sip:192.168.1.101
User-Agent: iPhone Truphone
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE
Supported: timer, 100rel, path
Content-Length: 0

also, i’m not sure whether this is important -> Via: SIP/2.0/UDP 192.168.1.101;rport;branch=z9hG4bK6UNDp764agNUH

would expect it (SIP request) to go VIA 92.168.1.104?

I have tried to change my iptables on the centos side, but still can’t see any ports open which would provide a route for this SIP request to get to freepbx server.
since freepbx server is running, would you expect to see the 5062 sip port open when i run nmap -sT -O locahost?

i’m finding difficult to understand whether it is a firewall issue as even if i addd a rule to open port 5062 in iptables and restart, i still do not see the SIP request traffic getting through…

help! if anyone has 10 mins to help us out on this i would be enteranlly grateful. it would be fantastic if i could get my phone working with the freepbx system.

oh, one other thing i’ll mention is if i connect with a softphone from my 192.168.1.100 xp IP (using the SIP server as 83.345.235.123) evertyhing works fine and i can connect to my external voip provider and have amazing quality calls.

when i took the wireshark trace for this scenario, i noticed the the incoming sip request does not reference the 5062 port - in this case, the SIP request is correectly routed through to freepbx and the handshaking is completed and call is established.

14 4.591821 192.168.1.100 83.345.235.123 SIP Request: REGISTER sip:83.345.235.123 <- note no port seen here, thoguh specified on softphone as 5062

results in handshaking continuing (i can see freepbx responds to the softphone as opposed to replying with ICMP error) 18 4.600950 192.168.1.104 192.168.1.1 SIP Status: 100 Trying (1 bindings)

Any ideas anyone. Sorry to bore

Cheers, Jon

I think the 192.168.1.101 is a red herring? Maybe that is the private IP your softphone client has wherever you were running it? What I see: the port unreachable tells me that the centos virtual machine is NOT listening on UDP port 5062, so check your config? In a centos shell, do:

netstat -anp -p udp

and post the results?

thanks danswartz - appreciate you reading that long story of mine!

here is the results of my port check

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:32768 0.0.0.0:* 2459/avahi-daemon:
udp 0 0 0.0.0.0:4520 0.0.0.0:* 2591/asterisk
udp 0 0 0.0.0.0:9001 0.0.0.0:* 2692/perl
udp 0 0 0.0.0.0:5060 0.0.0.0:* 2591/asterisk
udp 0 0 0.0.0.0:68 0.0.0.0:* 1811/dhclient
udp 0 0 0.0.0.0:69 0.0.0.0:* 2146/xinetd
udp 0 0 0.0.0.0:4569 0.0.0.0:* 2591/asterisk
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2459/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 1953/portmap
udp 0 0 192.168.1.104:123 0.0.0.0:* 2164/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 2164/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 2164/ntpd
udp 0 0 :::32769 :::* 2459/avahi-daemon:
udp 0 0 :::5353 :::* 2459/avahi-daemon:
udp 0 0 fe80::20c:29ff:fe93:123 :::* 2164/ntpd
udp 0 0 ::1:123 :::* 2164/ntpd
udp 0 0 :::123 :::* 2164/ntpd

yes, you’re right - no udp port 5062 open - though 5060 is open??

how do i change port 5060 to ne 5062 or open up port 5062 - is this done at iptables level?

i have been trying to play about with iptables to add in these ports to no avail.

even stopped the iptables service

is there some other config/firewall rules i need to update - if so could you give us pointer on how to update this?

i’m very new to linux and the iptables are a bit baffling to us at the moment.

thank you very much!

p.s. sorry for posting twice, i didnlt realise the forums were all linked to a single view

thanks danswartz - got this working thanks to your nugget of information re. how to display the listening ports in centos.

turns out i needed to change sip.conf and add explicit config for bindport=5062

the shipped sip.conf that comes with freepbx doesn’t have this entry - this is all fine, but under covers the default is to listen on 5060 if the bindport param is not explicitly specified.

appreciate your time big time.

you got me going - yey! 3 cheers for cheap calls from my iphone (courtesy of truphone client).

i’m amazed at the sound quality of freepbx - and latency is actually less than my normal cellular network!

glad it’s working…

Do not edit sip.conf, as freepbx can overwrite it. Put your change in sip_general_custom.conf.