Mobile extension blocked by firewall rate limit on cellular


(marco) #1

I’m running FreePBX 15.0.17.34 at freepbxhosting.com. Mobile extensions are running Bria Mobile 6.4.5.

Incoming calls work perfectly in various wifi and cellular environments whether the app is sleeping or not, so the push server is doing its job.

Outgoing calls also work in wifi, but not in cellular coverage. After opening the app in cellular, it displays “registering” and then “ready” almost instantly as usual, but outbound dialing produces only complete silence and a “calling…” display.

On the server, when Bria loads in cellular, “pjsip show contacts” briefly displays the phone as “NonQual” then immediately as “Unavail”, suggesting the phone is failing to qualify which is confirmed by sngrep*. The phone’s Verizon Wireless IP appears in the rate-limited list in the firewall.The condition usually clears after the rate-limit block expires unless the IP is also blocked as an attacker in the meantime. Once the firewall clears the blocks, everything works as expected while Bria stays in the foreground.

If I whitelist the phone’s IP in the firewall, registering over cellular works correctly.

I’ve tried every combination of max_contacts from 1-6 with every possible push mode on the Bria, but to no avail.

Any ideas?

  • sngrep shows that following the successful REGISTER request from phone to the pbx, the pbx is sending the phone several OPTION requests (to qualify?) every 1-4 seconds but there’s no response from the phone as long as its rate-limited by the firewall.

(Lorne Gaetz) #2

Even if the inbound response was being blocked by iptables, you work still see it in sngrep. The 200 is going astray before it hits the firewall.


(marco) #3

Thank you, Lorne. I’ll try digging deeper into the protocol.