Outgoing calls through IAX2 trunk don't work but incoming do

I have two asterisk servers behind two different firewalls with port forwarding of 4569 to them. They’re in different cities. Asterisk#1 has the SIP trunk to get out to regular phone numbers. Asterisk#2 has to go through an IAX2 trunk to Asterisk#1 in order to dial out.

This all worked fine until I replaced the router in front of Asterisk#2 with a linux server. I’m using iptables for the firewall. Here’s the thing, incoming calls to anyone attached to Asterisk#2 work fine. That would seem to imply to me that the new gateway ahead of Asterisk#2 is forwarding the IAX2 port fine.

What’s odd is nobody attached to Asterisk#2 can dial out. We get an all-circuits-busy message. All computers behind this new linux gateway can surf anywhere they like. The asterisk#2 machine should be just as free as they are but it appears not to be. Can anyone see anything in the log below? (I’ve replaced the telephone number I’m calling with (POTS_TEST_PHONE_NUMBER):

 == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
    -- Executing [(POTS_TEST_PHONE_NUMBER)@from-internal:1] Macro("SIP/503-0000000a", "user-callerid,LIMIT,EXTERNAL,") in new stack
    -- Executing [[email protected]llerid:1] Set("SIP/503-0000000a", "TOUCH_MONITOR=1430075999.21") in new stack
    -- Executing [[email protected]:2] Set("SIP/503-0000000a", "AMPUSER=503") in new stack
    -- Executing [[email protected]:3] GotoIf("SIP/503-0000000a", "0?report") in new stack
    -- Executing [[email protected]:4] ExecIf("SIP/503-0000000a", "1?Set(REALCALLERIDNUM=503)") in new stack
    -- Executing [[email protected]:5] Set("SIP/503-0000000a", "AMPUSER=503") in new stack
    -- Executing [[email protected]:6] GotoIf("SIP/503-0000000a", "0?limit") in new stack
    -- Executing [[email protected]:7] Set("SIP/503-0000000a", "AMPUSERCIDNAME=Matt Wireless Grandstream") in new stack
    -- Executing [[email protected]:8] GotoIf("SIP/503-0000000a", "0?report") in new stack
    -- Executing [[email protected]:9] Set("SIP/503-0000000a", "AMPUSERCID=503") in new stack
    -- Executing [[email protected]:10] Set("SIP/503-0000000a", "__DIAL_OPTIONS=Ttr") in new stack
    -- Executing [[email protected]:11] Set("SIP/503-0000000a", "CALLERID(all)="Matt Wireless Grandstream" <503>") in new stack
    -- Executing [[email protected]:12] GotoIf("SIP/503-0000000a", "0?limit") in new stack
    -- Executing [[email protected]:13] ExecIf("SIP/503-0000000a", "1?Set(GROUP(concurrency_limit)=503)") in new stack
    -- Executing [[email protected]:14] GosubIf("SIP/503-0000000a", "7?sub-ccss,s,1(from-internal,(POTS_TEST_PHONE_NUMBER))") in new stack
    -- Executing [[email protected]:1] ExecIf("SIP/503-0000000a", "0?Return()") in new stack
    -- Executing [[email protected]:2] Set("SIP/503-0000000a", "CCSS_SETUP=TRUE") in new stack
    -- Executing [[email protected]:3] GosubIf("SIP/503-0000000a", "0?monitor_config,1(from-internal,(POTS_TEST_PHONE_NUMBER)):monitor_default,1(from-internal,(POTS_TEST_PHONE_NUMBER))") in new stack
    -- Executing [[email protected]:1] GotoIf("SIP/503-0000000a", "0?is_exten") in new stack
    -- Executing [[email protected]:2] StackPop("SIP/503-0000000a", "") in new stack
    -- Executing [[email protected]:3] Return("SIP/503-0000000a", "FALSE") in new stack
    -- Executing [[email protected]:15] ExecIf("SIP/503-0000000a", "0?Set(CHANNEL(language)=)") in new stack
    -- Executing [[email protected]:16] GotoIf("SIP/503-0000000a", "1?continue") in new stack
    -- Goto (macro-user-callerid,s,30)
    -- Executing [[email protected]:30] Set("SIP/503-0000000a", "CALLERID(number)=503") in new stack
    -- Executing [[email protected]:31] Set("SIP/503-0000000a", "CALLERID(name)=Matt Wireless Grandstream") in new stack
    -- Executing [[email protected]:32] Set("SIP/503-0000000a", "CDR(cnum)=503") in new stack
    -- Executing [[email protected]:33] Set("SIP/503-0000000a", "CDR(cnam)=Matt Wireless Grandstream") in new stack
    -- Executing [[email protected]:34] Set("SIP/503-0000000a", "CHANNEL(language)=en") in new stack
    -- Executing [(POTS_TEST_PHONE_NUMBER)@from-internal:2] Gosub("SIP/503-0000000a", "sub-record-check,s,1(out,(POTS_TEST_PHONE_NUMBER),dontcare)") in new stack
    -- Executing [[email protected]:1] GotoIf("SIP/503-0000000a", "0?initialized") in new stack
    -- Executing [[email protected]:2] Set("SIP/503-0000000a", "__REC_STATUS=INITIALIZED") in new stack
    -- Executing [[email protected]:3] Set("SIP/503-0000000a", "NOW=1430075999") in new stack
    -- Executing [[email protected]:4] Set("SIP/503-0000000a", "__DAY=26") in new stack
    -- Executing [[email protected]:5] Set("SIP/503-0000000a", "__MONTH=04") in new stack
    -- Executing [[email protected]:6] Set("SIP/503-0000000a", "__YEAR=2015") in new stack
    -- Executing [[email protected]:7] Set("SIP/503-0000000a", "__TIMESTR=20150426-121959") in new stack
    -- Executing [[email protected]:8] Set("SIP/503-0000000a", "__FROMEXTEN=503") in new stack
    -- Executing [[email protected]:9] Set("SIP/503-0000000a", "__MON_FMT=wav") in new stack
    -- Executing [[email protected]:10] NoOp("SIP/503-0000000a", "Recordings initialized") in new stack
    -- Executing [[email protected]:11] ExecIf("SIP/503-0000000a", "0?Set(ARG3=dontcare)") in new stack
    -- Executing [[email protected]:12] Set("SIP/503-0000000a", "REC_POLICY_MODE_SAVE=") in new stack
    -- Executing [[email protected]:13] ExecIf("SIP/503-0000000a", "0?Set(REC_STATUS=NO)") in new stack
    -- Executing [[email protected]:14] GotoIf("SIP/503-0000000a", "3?checkaction") in new stack
    -- Goto (sub-record-check,s,17)
    -- Executing [[email protected]:17] GotoIf("SIP/503-0000000a", "1?sub-record-check,out,1") in new stack
    -- Goto (sub-record-check,out,1)
    -- Executing [[email protected]:1] NoOp("SIP/503-0000000a", "Outbound Recording Check from 503 to (POTS_TEST_PHONE_NUMBER)") in new stack
    -- Executing [[email protected]:2] Set("SIP/503-0000000a", "RECMODE=dontcare") in new stack
    -- Executing [[email protected]:3] ExecIf("SIP/503-0000000a", "1?Goto(routewins)") in new stack
    -- Goto (sub-record-check,out,7)
    -- Executing [[email protected]:7] Gosub("SIP/503-0000000a", "recordcheck,1(dontcare,out,(POTS_TEST_PHONE_NUMBER))") in new stack
    -- Executing [[email protected]:1] NoOp("SIP/503-0000000a", "Starting recording check against dontcare") in new stack
    -- Executing [[email protected]:2] Goto("SIP/503-0000000a", "dontcare") in new stack
    -- Goto (sub-record-check,recordcheck,3)
    -- Executing [[email protected]:3] Return("SIP/503-0000000a", "") in new stack
    -- Executing [[email protected]:8] Return("SIP/503-0000000a", "") in new stack
    -- Executing [(POTS_TEST_PHONE_NUMBER)@from-internal:3] ExecIf("SIP/503-0000000a", "0 ?Set(CDR(accountcode)=)") in new stack
    -- Executing [(POTS_TEST_PHONE_NUMBER)@from-internal:4] Set("SIP/503-0000000a", "MOHCLASS=default") in new stack
    -- Executing [(POTS_TEST_PHONE_NUMBER)@from-internal:5] Set("SIP/503-0000000a", "_NODEST=") in new stack
    -- Executing [(POTS_TEST_PHONE_NUMBER)@from-internal:6] Macro("SIP/503-0000000a", "dialout-trunk,1,(POTS_TEST_PHONE_NUMBER),,off") in new stack
    -- Executing [[email protected]:1] Set("SIP/503-0000000a", "DIAL_TRUNK=1") in new stack
    -- Executing [[email protected]:2] GosubIf("SIP/503-0000000a", "0?sub-pincheck,s,1()") in new stack
    -- Executing [[email protected]:3] GotoIf("SIP/503-0000000a", "0?disabletrunk,1") in new stack
    -- Executing [[email protected]:4] Set("SIP/503-0000000a", "DIAL_NUMBER=(POTS_TEST_PHONE_NUMBER)") in new stack
    -- Executing [[email protected]:5] Set("SIP/503-0000000a", "DIAL_TRUNK_OPTIONS=Ttr") in new stack
    -- Executing [[email protected]:6] Set("SIP/503-0000000a", "OUTBOUND_GROUP=OUT_1") in new stack
    -- Executing [[email protected]:7] GotoIf("SIP/503-0000000a", "1?nomax") in new stack
    -- Goto (macro-dialout-trunk,s,9)
    -- Executing [[email protected]:9] GotoIf("SIP/503-0000000a", "0?skipoutcid") in new stack
    -- Executing [[email protected]:10] Set("SIP/503-0000000a", "DIAL_TRUNK_OPTIONS=Tt") in new stack
    -- Executing [[email protected]:11] Macro("SIP/503-0000000a", "outbound-callerid,1") in new stack
    -- Executing [[email protected]:1] ExecIf("SIP/503-0000000a", "0?Set(CALLERPRES()=)") in new stack
    -- Executing [[email protected]:2] ExecIf("SIP/503-0000000a", "0?Set(REALCALLERIDNUM=503)") in new stack
    -- Executing [[email protected]:3] GotoIf("SIP/503-0000000a", "1?normcid") in new stack
    -- Goto (macro-outbound-callerid,s,6)
    -- Executing [[email protected]:6] Set("SIP/503-0000000a", "USEROUTCID=") in new stack
    -- Executing [[email protected]:7] Set("SIP/503-0000000a", "EMERGENCYCID=") in new stack
    -- Executing [[email protected]:8] Set("SIP/503-0000000a", "TRUNKOUTCID=5106382000") in new stack
    -- Executing [[email protected]:9] GotoIf("SIP/503-0000000a", "1?trunkcid") in new stack
    -- Goto (macro-outbound-callerid,s,14)
    -- Executing [[email protected]:14] ExecIf("SIP/503-0000000a", "1?Set(CALLERID(all)=5106382000)") in new stack
    -- Executing [[email protected]:15] ExecIf("SIP/503-0000000a", "0?Set(CALLERID(all)=)") in new stack
    -- Executing [[email protected]:16] ExecIf("SIP/503-0000000a", "0?Set(CALLERID(all)=)") in new stack
    -- Executing [[email protected]:17] ExecIf("SIP/503-0000000a", "0?Set(CALLERPRES()=prohib_passed_screen)") in new stack
    -- Executing [[email protected]:18] Set("SIP/503-0000000a", "CDR(outbound_cnum)=5106382000") in new stack
    -- Executing [[email protected]:19] Set("SIP/503-0000000a", "CDR(outbound_cnam)=") in new stack
    -- Executing [[email protected]:12] GosubIf("SIP/503-0000000a", "0?sub-flp-1,s,1()") in new stack
    -- Executing [[email protected]:13] Set("SIP/503-0000000a", "OUTNUM=(POTS_TEST_PHONE_NUMBER)") in new stack
    -- Executing [[email protected]:14] Set("SIP/503-0000000a", "custom=IAX2/pbxlink") in new stack
    -- Executing [[email protected]:15] ExecIf("SIP/503-0000000a", "0?Set(DIAL_TRUNK_OPTIONS=M(setmusic^default)Tt)") in new stack
    -- Executing [[email protected]:16] ExecIf("SIP/503-0000000a", "0?Set(DIAL_TRUNK_OPTIONS=TtM(confirm))") in new stack
    -- Executing [[email protected]:17] Macro("SIP/503-0000000a", "dialout-trunk-predial-hook,") in new stack
    -- Executing [[email protected]:1] MacroExit("SIP/503-0000000a", "") in new stack
    -- Executing [[email protected]:18] GotoIf("SIP/503-0000000a", "0?bypass,1") in new stack
    -- Executing [[email protected]:19] ExecIf("SIP/503-0000000a", "1?Set(CONNECTEDLINE(num,i)=(POTS_TEST_PHONE_NUMBER))") in new stack
    -- Executing [[email protected]:20] ExecIf("SIP/503-0000000a", "1?Set(CONNECTEDLINE(name,i)=CID:5106382000)") in new stack
    -- Executing [[email protected]:21] GotoIf("SIP/503-0000000a", "0?customtrunk") in new stack
    -- Executing [[email protected]:22] Dial("SIP/503-0000000a", "IAX2/pbxlink/(POTS_TEST_PHONE_NUMBER),300,Tt") in new stack
    -- Called IAX2/pbxlink/(POTS_TEST_PHONE_NUMBER)
    -- Hungup 'IAX2/pbxlink-19289'
  == Everyone is busy/congested at this time (1:0/0/1)
    -- Executing [[email protected]:23] NoOp("SIP/503-0000000a", "Dial failed for some reason with DIALSTATUS = CHANUNAVAIL and HANGUPCAUSE = 50") in new stack
    -- Executing [[email protected]:24] GotoIf("SIP/503-0000000a", "0?continue,1:s-CHANUNAVAIL,1") in new stack
    -- Goto (macro-dialout-trunk,s-CHANUNAVAIL,1)
    -- Executing [[email protected]:1] Set("SIP/503-0000000a", "RC=50") in new stack
    -- Executing [[email protected]:2] Goto("SIP/503-0000000a", "50,1") in new stack
    -- Goto (macro-dialout-trunk,50,1)
    -- Executing [[email protected]:1] Goto("SIP/503-0000000a", "continue,1") in new stack
    -- Goto (macro-dialout-trunk,continue,1)
    -- Executing [[email protected]:1] NoOp("SIP/503-0000000a", "TRUNK Dial failed due to CHANUNAVAIL HANGUPCAUSE: 50 - failing through to other trunks") in new stack
    -- Executing [[email protected]:2] Set("SIP/503-0000000a", "CALLERID(number)=503") in new stack
    -- Executing [(POTS_TEST_PHONE_NUMBER)@from-internal:7] Macro("SIP/503-0000000a", "outisbusy,") in new stack
    -- Executing [[email protected]:1] Progress("SIP/503-0000000a", "") in new stack
    -- Executing [[email protected]:2] GotoIf("SIP/503-0000000a", "0?emergency,1") in new stack
    -- Executing [[email protected]:3] GotoIf("SIP/503-0000000a", "0?intracompany,1") in new stack
    -- Executing [[email protected]:4] Playback("SIP/503-0000000a", "all-circuits-busy-now&pls-try-call-later, noanswer") in new stack
    -- <SIP/503-0000000a> Playing 'all-circuits-busy-now.ulaw' (language 'en')
       > 0x7fbf840020b0 -- Probation passed - setting RTP source address to 192.168.1.18:5004
    -- <SIP/503-0000000a> Playing 'pls-try-call-later.ulaw' (language 'en')
    -- Executing [[email protected]:5] Congestion("SIP/503-0000000a", "20") in new stack
[2015-04-26 12:20:04] WARNING[15469][C-0000000c]: channel.c:4860 ast_prod: Prodding channel 'SIP/503-0000000a' failed
  == Spawn extension (macro-outisbusy, s, 5) exited non-zero on 'SIP/503-0000000a' in macro 'outisbusy'
  == Spawn extension (from-internal, (POTS_TEST_PHONE_NUMBER), 7) exited non-zero on 'SIP/503-0000000a'
    -- Executing [[email protected]:1] Hangup("SIP/503-0000000a", "") in new stack
  == Spawn extension (from-internal, h, 1) exited non-zero on 'SIP/503-0000000a'

Post the output of

iptables -L -n

on your Linux router box.

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
DROP all – 127.0.0.0/8 0.0.0.0/0
DROP all – 0.0.0.0/0 0.0.0.0/0 state INVALID
DROP tcp – 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
DROP tcp – 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
DROP tcp – 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
DROP tcp – 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
DROP tcp – 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
DROP tcp – 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:24872
ACCEPT tcp – 0.0.0.0/0 (PUBLICIP1) tcp dpt:1723
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT udp – (REMOTEIP) 0.0.0.0/0 udp dpt:4569
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0
ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all – 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all – 0.0.0.0/0 0.0.0.0/0 state INVALID

You problably would be better off configuring iptables with something better, your tables are really ineffective as a firewall . I would suggest csf.

What happens when you open IPTables completely (for testing purposes)? Do the incoming calls work then?

Rebooting the asterisk server fixed the issue. Not sure what the problem was there but packets are going through and back fine now.