[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Configuration asterisk

NoSpam a écrit :
> Ton problème: error 503 Service Unavailable
> 
> Es tu sûr que le service est fonctionnel ?! Es tu sûr de la qualité de
> ton lien ? Peux tu basculer en UDP pour tester ?

	Le serveur en face ne répond pas en UDP. La réponse est donc non.

	Un point me chagrine. À la requête du serveur de l'opérateur :
2023/07/03 11:00:47.087935 37.97.65.186:5070 -> 192.168.15.18:40055
OPTIONS sip:s@62.212.98.88:5060;transport=TCP SIP/2.0
Via: SIP/2.0/TCP 37.97.65.186:5070;branch=z9hG4bKZ67rt8U6937aK
Route: <sip:s@62.212.98.88:40055>;transport=TCP
Max-Forwards: 70
From: <sip:mod_sofia@37.97.65.186:5070>;tag=7Xp87eDtae20H
To: <sip:trunk-sip@systella2.buroticstore.eu>
Call-ID:
64f20903-cd7d-4d95-bbee-bac3e99029e2_4747c3c2-355c-4604-be14-d88ac29d89
48
CSeq: 348219426 OPTIONS
Contact: <sip:mod_sofia@37.97.65.186:5070>
User-Agent: Sewan_TRUNKFSC15
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
REGISTER, NOTIF
Y
Supported: path, replaces
Allow-Events: talk, hold, conference, refer
Content-Length: 0

mpon asterisk répond :
2023/07/03 11:00:47.088564 192.168.15.18:40055 -> 37.97.65.186:5070
SIP/2.0 404 Not Found
Via: SIP/2.0/TCP
37.97.65.186:5070;rport=5070;received=37.97.65.186;branch=z9hG4
bKZ67rt8U6937aK
Call-ID:
64f20903-cd7d-4d95-bbee-bac3e99029e2_4747c3c2-355c-4604-be14-d88ac29d89
48
From: <sip:mod_sofia@37.97.65.186>;tag=7Xp87eDtae20H
To: <sip:trunk-sip@systella2.buroticstore.eu>;tag=z9hG4bKZ67rt8U6937aK
CSeq: 348219426 OPTIONS
Accept: application/sdp, application/xpidf+xml,
application/cpim-pidf+xml, appli
cation/simple-message-summary, application/pidf+xml,
application/dialog-info+xml
, application/pidf+xml, application/dialog-info+xml,
application/simple-message-
summary, message/sipfrag;version=2.0
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE,
CANCEL,
UPDATE, PRACK, REFER, MESSAGE
Supported: 100rel, timer, replaces, norefersub
Accept-Encoding: identity
Accept-Language: en
Server: Asterisk PBX 20.3.0~dfsg+~cs6.13.40431413-1
Content-Length:  0


> Il faudrait voir avec Sewan le pourquoi de la réponse. Lié au problème
> d'UTF8 car ton prénom est devenu Jool ... ?

	Je vais voir avec eux.

	Petite question connexe sur sngrep. Je trouve des choses comme ça :
[ ] 29   OPTIONS    100@1.1.1.1             100@1.1.1.1               1
[ ] 45   OPTIONS    censysinspect@censys.io test.echo@sip5060.net     1

	Quand je vais voir dedans, je peux trouver :

2023/07/03 10:30:06.796424 116.12.47.142:5102 -> 192.168.15.18:5060
OPTIONS sip:100@62.212.98.88 SIP/2.0
Via: SIP/2.0/UDP 116.12.47.142:5102;branch=z9hG4bK-1203353867;rport
Max-Forwards: 70
To: "sipvicious"<sip:100@1.1.1.1>
From:
"sipvicious"<sip:100@1.1.1.1>;tag=3365643436323538313363340132313430303536
303634
User-Agent: friendly-scanner
Call-ID: 681857140004342012871496
Contact: sip:100@116.12.47.142:5102
CSeq: 1 OPTIONS
Accept: application/sdp
Content-Length: 0

	Je ne saisis pas comment ces paquets arrivent à passer le firewall. Par
défaut, tout est fermé et je n'ouvre que le nécessaire. En particulier,
le 5060/UDP est censé être fermé.

Chain INPUT (policy DROP 18 packets, 1941 bytes)
 pkts bytes target     prot opt in     out     source
destination
  889 99011 f2b-recidive  tcp  --  any    any     anywhere
anywhere
  736  144K ACCEPT     all  --  lo     any     anywhere
anywhere
  739 50821 ACCEPT     all  --  lan0   any     anywhere
anywhere
   12  1872 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:ssh
   56  5214 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:smtp
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:domain
    1    72 ACCEPT     udp  --  wan0   any     anywhere
anywhere             udp dpt:domain
   33  4407 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:http
    0     0 ACCEPT     udp  --  wan0   any     anywhere
anywhere             udp dpt:ntp
   19  3508 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:https
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:submissions
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:submission
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:imaps
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:pop3s
    0     0 ACCEPT     udp  --  wan0   any     anywhere
anywhere             udp dpt:openvpn
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:openvpn
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:cvspserver
    0     0 ACCEPT     udp  --  wan0   any     anywhere
anywhere             udp dpt:2401
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:xmpp-client
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:git
    0     0 ACCEPT     icmp --  wan0   any     anywhere
anywhere
    0     0 ACCEPT     udp  --  wan0   any     anywhere
anywhere             udp dpt:10000
    0     0 ACCEPT     tcp  --  wan0   any     anywhere
anywhere             tcp dpt:4443
    0     0 ACCEPT     udp  --  wan0   any     37.97.65.0/24
anywhere             udp
    0     0 ACCEPT     all  --  wan0   any     ns6-axfr.gandi.net
anywhere
    9  3399 ACCEPT     all  --  any    any     anywhere
anywhere             state RELATED,ESTABLISHED
    0     0 DROP       all  --  any    any     anywhere
anywhere             state INVALID

	Bien cordialement,

	JB
Reply to: