Firewall Yast2 shows ports open, nmap shows them closed

English Network/Internet
1

Hi,

as this is my first post to the forum you should know that I am quite a newbee into Linux in general.

I’m encountering a strange problem. I need to open and forward all UDP and TCP ports related to VoIP telephony (5000:32000) in the Suse 11.1 server that’s acting as router/firewall in our setup. The ports must redirect to a Asterisk server in the local network. (This server has the IP adress 192.168.0.3)

I’ve opened ports in Yast (Firewall>Ports>Advanced) and putted in some masquerading rules (Firewall>Masquerading):

0/0,192.168.0.3,tcp,5000:31000,5000:31000
0/0,192.168.0.3,udp,5000:31000,5000:31000

when I do a nmap localhost I get:

Starting Nmap 4.75 at 2010-01-08 16:52 CET
Interesting ports on localhost (127.0.0.1):
Not shown: 991 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
548/tcp open afp
631/tcp open ipp
3306/tcp open mysql

so the ports are closed…

if I do nmap -p5060 localhost

I see

Starting Nmap 4.75 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2010-01-08 16:52 CET
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE
5060/tcp closed sip

Am I overlooking something or just ‘to newbee’ to do this kind of stuff? Any help would be really appreciated as I am googling and reading all I can find for the last 5 days without any result…

Kind regards from Belgium

Pedro

2

I don’t use Yast firewall, so someone else can help you on that.

You don’t need to forward all those ports for Asterisk. TCP 5060 is needed for SIP. Depending up on what port range you use for RTP (usually 20000:30000), you need to forward the UDP range.

A simple check to see if 5060 port is actually opened/re-directed or not:

telnet localhost 5060
3

when I do # telnet localhost 5060

I get:

Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

(I know that I don’t need the whole range. I’ll go deeper in the cleanup later if it ever works)

4

My output from # SuSEfirewall2 status can be seen here

5

Running a scan on localhost is a pointless exercise. You need to run a nmap on the public address. Services and firewall rules generally treat localhost different from public addresses since it’s only accessible from the same host and generally regarded as a secure destination address.

6

On 01/08/10 18:56, pedro vde wrote:
>
> Hi,
>
> as this is my first post to the forum you should know that I am quite a
> newbee into Linux in general.
>
> I’m encountering a strange problem. I need to open and forward all UDP
> and TCP ports related to VoIP telephony (5000:32000) in the Suse 11.1
> server that’s acting as router/firewall in our setup. The ports must
> redirect to a Asterisk server in the local network. (This server has the
> IP adress 192.168.0.3)
>
> I’ve opened ports in Yast (Firewall>Ports>Advanced) and putted in some
> masquerading rules (Firewall>Masquerading):

You probably want FW_FORWARD, not FW_MASQ

/etc/sysconfig//SuSEfirewall2:
…]

13.)

Which services or networks are allowed to be routed through the

firewall, no matter which zone they are in?

Requires: FW_ROUTE

With this option you may allow access to e.g. your mailserver. The

machines must have valid, non-private, IP addresses which were

assigned to you by your ISP. This opens a direct link to the

specified network, so please think twice befor using this option!

Format: space separated list of

<source network>,<destination network>,protocol,port,flags]]]

If the protocol is icmp then port is interpreted as icmp type

The only flag currently supported is ‘ipsec’ which means to only

match packets that originate from an IPsec tunnel

Examples: - “1.1.1.1,2.2.2.2” allow the host 1.1.1.1 to access any

service on the host 2.2.2.2

- “0/0,0/0,udp,514” always permit udp port 514 to pass

the firewall

…]

FW_FORWARD=“0/0,192.168.0.3,udp,5060”
FW_ROUTE=“yes”

Theo

7

Theo,

Thank you for your reply (as all others). I had this in /sysconfig/SuSEfirewall2

FW_FORWARD="0/0,192.168.0.3,tcp,5000:32000
0/0,192.168.0.3,udp,5000:32000"

The destination ports are not set so I’ve changed the line in 13). This is what I currently have in under 13)

FW_FORWARD="0/0,192.168.0.3,tcp,5000:32000,5000:32000
0/0,192.168.0.3,udp,5000:32000,5000:32000"

The FW_ROUTE=“yes” is not under the FW_Forward as in your post but resides under 5)… I don’t think my problem is situated here.

I am not behind the FW righnow so I can’t check if it works, but I’ll come back to it later today or tomorrow.

Kind regards from Belgium

Pedro

8

On 01/10/10 10:46, pedro vde wrote:
>
> Theo,
>
> Thank you for your reply (as all others). I had this in
> /sysconfig/SuSEfirewall2
>
>
> Code:
> --------------------
> FW_FORWARD=“0/0,192.168.0.3,tcp,5000:32000
> 0/0,192.168.0.3,udp,5000:32000”
> --------------------
>
>
> The destination ports are not set so I’ve changed the line in 13). This
> is what I currently have in under 13)
>
>
> Code:
> --------------------
> FW_FORWARD=“0/0,192.168.0.3,tcp,5000:32000,5000:32000
> 0/0,192.168.0.3,udp,5000:32000,5000:32000”
> --------------------

With a forward rule (DNAT), you can only use one port, not a range of ports.

> The FW_ROUTE=“yes” is not under the FW_Forward as in your post but
> resides under 5)… I don’t think my problem is situated here.

It doesn’t matter where you define a var in this config file, as it’s being
sourced anyway.
I was merely stating it there so you wouldn’t forget to include it.

Theo

9

I went for:

FW_FORWARD="0/0,192.168.0.3,tcp,5060
0/0,192.168.0.3,udp,5060"

When I do a nmap -p5060 81.82.201.12

I still get:

Starting Nmap 4.75 ( http://nmap.org ) at 2010-01-11 10:31 CET
Interesting ports on d5152C90C.static.telenet.be (81.82.201.12):
PORT     STATE  SERVICE
5060/tcp closed sip

Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds

81.82.201.12 is our fixed IP-adress. Correct me if I am wrong but nmap should show me the redirection, not?

There is still an issue as my SIP-provider can’t reach my server at 192.168.0.3. Maybe I am overlooking something like a general setting somewhere that makes the firewall able to do the forwarding.

As I tought… but thank you to confirm this.

10

On 01/11/10 10:46, pedro vde wrote:
>
> LittleRedRooster;2101727 Wrote:
>>
>> With a forward rule (DNAT), you can only use one port, not a range of
>> ports.
>>
>
> I went for:
>
>
> Code:
> --------------------
> FW_FORWARD=“0/0,192.168.0.3,tcp,5060
> 0/0,192.168.0.3,udp,5060”
> --------------------

Looks ok, as far as I can tell (I don’t use SuSEfw2 myself, I’m just trying
to follow the explanation in the config file).

Do you see any error in /var/log/messages or /var/log/firewall when you (re)start
the firewall?
Also look at the output of ‘/sbin/SuSEfirewall2 status’ and see if the forward rules
are defined correctly.

> When I do a nmap -p5060 81.82.201.12
>
> I still get:
>
>
> Code:
> --------------------
> Starting Nmap 4.75 ( http://nmap.org ) at 2010-01-11 10:31 CET
> Interesting ports on d5152C90C.static.telenet.be (81.82.201.12):
> PORT STATE SERVICE
> 5060/tcp closed sip

Yeah, but in your first post you showed that no SIP server was listening
on localhost, so most likely it’s not listening on an ethernet device either.
First you have to make sure you have your server running, and make sure
you can connect with a local softphone like e.g. Cornfedsipua.

If that’s working, you might also want to scan with -sU for UDP ports.

Theo

11

First of all Theo, I want to thank you for looking in to this!

The only SuSEfirewall2 errors I see are related to two settings I putted into ‘Yes’ while fiddling to find a solution:

for /var/log/messages

Jan 11 23:05:21 image-sound SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: FW_ALLOW_INCOMING_HIGHPORTS_TCP is deprecated and will likely be removed in the future.
Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: If you think it should be kept please report your use case at
Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: http://forge.novell.com/modules/xfmod/project/?susefirewall2
Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: FW_ALLOW_INCOMING_HIGHPORTS_UDP is deprecated and will likely be removed in the future.
Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: If you think it should be kept please report your use case at
Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: http://forge.novell.com/modules/xfmod/project/?susefirewall2
Jan 11 23:05:21 image-sound SuSEfirewall2: batch committing...
Jan 11 23:05:21 image-sound SuSEfirewall2: Firewall rules successfully set

As far as I can see they are. You can check the output of my current status here

I don’t know if I understand you on this one… my Asterisk server is located on eth0 (Internal) on 192.168.0.3 and working as it should on the internal level (I have a few SIP phones and a few soft-phones configured and I am able to call them from within the internal network. I am also able to make outbound calls using my SIP provider… but the problem I have is that the provider’s computer is not ‘seeing’ my server behind the NAT formed by the Suse-loaded router/firewall/webserver. So I can’t receive inbound calls… I’m trying to get this up since last november …pfff…

I also tried nmap -sU 81.82.201.12


Starting Nmap 4.75 ( http://nmap.org ) at 2010-01-12 00:02 CET
Interesting ports on d5152C90C.static.telenet.be (81.82.201.12):
Not shown: 995 closed ports
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
111/udp  open|filtered rpcbind
631/udp  open|filtered ipp
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 1.31 seconds
12

On 01/12/10 00:16, pedro vde wrote:
>
> First of all Theo, I want to thank you for looking in to this!

My pleasure.

> LittleRedRooster;2102567 Wrote:
>>
>> Do you see any error in /var/log/messages or /var/log/firewall when you
>> (re)start
>> the firewall?
>>
>
> The only SuSEfirewall2 errors I see are related to two settings I
> putted into ‘Yes’ while fiddling to find a solution:
>
> for /var/log/messages
>
>
> Code:
> --------------------
> Jan 11 23:05:21 image-sound SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 …
> Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: FW_ALLOW_INCOMING_HIGHPORTS_TCP is deprecated and will likely be removed in the future.
> Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: If you think it should be kept please report your use case at
> Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: http://forge.novell.com/modules/xfmod/project/?susefirewall2
> Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: FW_ALLOW_INCOMING_HIGHPORTS_UDP is deprecated and will likely be removed in the future.
> Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: If you think it should be kept please report your use case at
> Jan 11 23:05:21 image-sound SuSEfirewall2: Warning: http://forge.novell.com/modules/xfmod/project/?susefirewall2
> Jan 11 23:05:21 image-sound SuSEfirewall2: batch committing…
> Jan 11 23:05:21 image-sound SuSEfirewall2: Firewall rules successfully set
> --------------------

Ok, so no serious syntax violations

> LittleRedRooster;2102567 Wrote:
>>
>> Also look at the output of ‘/sbin/SuSEfirewall2 status’ and see if the
>> forward rules are defined correctly.
>
> As far as I can see they are. You can check the output of my ‘current
> status here’
> (http://www.image-sound.com/tech/misc/100111-susefirewallStatus.htm)

The SIP port does appear to be accepted and forwarded correctly. Looks ok me.
How about the modem/router in front of your server? Does it have filtering rules
or does it forward absolutely everything to your server?

> LittleRedRooster;2102567 Wrote:
>>
>> Yeah, but in your first post you showed that no SIP server was
>> listening
>> on localhost, so most likely it’s not listening on an ethernet device
>> either.

> I don’t know if I understand you on this one… my Asterisk server is
> located on eth0 (Internal) on 192.168.0.3 and working as it should on
> the internal level (I have a few SIP phones and a few soft-phones
> configured and I am able to call them from within the internal network.

Is the Asterisk server bound to the WAN ethernet device too? Otherwise it’ll
never work.

> I am also able to make outbound calls using my SIP provider… but the
> problem I have is that the provider’s computer is not ‘seeing’ my server
> behind the NAT formed by the Suse-loaded router/firewall/webserver. So I
> can’t receive inbound calls… I’m trying to get this up since last
> november …pfff…

In your first post you said:
<quote>
when I do a nmap localhost I get:

Starting Nmap 4.75 at 2010-01-08 16:52 CET
Interesting ports on localhost (127.0.0.1):
Not shown: 991 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
548/tcp open afp
631/tcp open ipp
3306/tcp open mysql
</quote>

No port 5060 listening, so that’s why I made this remark about the SIP server.

> I also tried nmap -sU 81.82.201.12
>
> Code:
> --------------------
>
> Starting Nmap 4.75 ( http://nmap.org ) at 2010-01-12 00:02 CET
> Interesting ports on d5152C90C.static.telenet.be (81.82.201.12):
> Not shown: 995 closed ports
> PORT STATE SERVICE
> 53/udp open|filtered domain
> 67/udp open|filtered dhcps
> 111/udp open|filtered rpcbind
> 631/udp open|filtered ipp
> 5353/udp open|filtered zeroconf
>
> Nmap done: 1 IP address (1 host up) scanned in 1.31 seconds
> --------------------

No surprises there either.
It is possible for you to use a (linux) notebook or PC, configured with an IP adres of
81.82.201.1/24 (default gateway 81.82.201.12), and connect that directly to the WAN side
of this server? That way you can rule out any possible issue with the ADSL/Cable router
or provider filtering.

Theo

13

My internet provider (over Cable) assures me that there is no filtering at all in the cable modem. I had a double confirmation on this from the support tech at my SIP-provider. He told me he never had any issues with that cable-provider and there modems/routers.

The current setup on eth1 (external network on the suse fw/router/dhcp-server/web-server)is:

copper cable > modem > suse server

The Asterisk server is connected to the internal network by a gigabit-switch. This switch is also connected to the Suse-server on eth0.

Ahah! I did a nmap on 192.168.0.3 (the Asterisk server) using the suse server as the nmap command is not recognised by the CentOS install that came with AsteriskNow. That gave me:

# nmap 192.168.0.3

Starting Nmap 4.75 (http:/nmap.org) at 2010-01-16 15:40 CET
Interesting ports on 192.168.0.3:
Not shown: 995 closed ports
PORT      STATE   SERVICE
22/tcp    open    ssh
80/tcp    open    http
111/tcp   open    rcp bind
3306/tcp  open    mysql
4445/tcp  open    unknown
MAC Address 00:15:17:90:78:46 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds

so you are right. the Asterisk server is not listening to port 5060.

on the Asterisk server I did:

rpm -q iptables
iptables-1.3.5-4.el5

to check is iptables was installed.

i did:

[root@localhost ~]# lsmod | grep ip_tables
ip_tables              55201  1 iptable_filter
x_tables               50505  1 ip_tables

to check if iptables was running. Than I did this to check the current configuration:

[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

As far as my knowledge goes this means there are no rules defined so I’ll have to add them. I’ll start with opening the UDP/TCP ports 5060.

I’ll be back when I’ve figured out how to do this and i’ll post the progression here. I’m not sure if it is right as I suppose I’ll have to move to a CentOS forum…

Anyway Theo thanks allready for the new insights…

kind regards

Pedro

14

If there are no rules and the default policy is ACCEPT, it’s as if there is no firewall, so there is nothing to “open”.

You know about using netstat with the -p option to see if a port has a listener and the process listening on it?

Also lsof with -i can display the ports a process has open.

Also remember it’s 5060 UDP, not TCP that asterisk listens to. I would suspect your asterisk config files.

15

this is the netstat output on the Asterisk server:

#netstat -vp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 localhost.localdomain:46798 localhost.localdomain:5038  ESTABLISHED 3445/perl           
tcp        0      0 localhost.localdomain:5038  localhost.localdomain:46798 ESTABLISHED 3398/asterisk       
tcp        0      0 ::ffff:192.168.0.3:ssh      ::ffff:192.168.0.12:51350   ESTABLISHED 8826/0              
netstat: no support for `AF INET (sctp)' on this system.
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2       ]         DGRAM                    1574   536/udevd           @/org/kernel/udev/udevd
unix  14      ]         DGRAM                    7291   2645/syslogd        /dev/log
unix  2       ]         DGRAM                    8689   3300/hald           @/org/freedesktop/hal/udev_event
unix  3       ]         STREAM     CONNECTED     210812 3120/mysqld         /var/lib/mysql/mysql.sock
unix  3       ]         STREAM     CONNECTED     210811 3398/asterisk       
unix  2       ]         DGRAM                    210308 8826/0              
unix  3       ]         STREAM     CONNECTED     33812  2790/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3       ]         STREAM     CONNECTED     33811  3018/cupsd          
unix  2       ]         DGRAM                    13446  2539/dhclient       
unix  3       ]         STREAM     CONNECTED     10221  2790/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3       ]         STREAM     CONNECTED     10220  3300/hald           
unix  3       ]         STREAM     CONNECTED     10214  3329/gam_server     @/tmp/fam-root-
unix  3       ]         STREAM     CONNECTED     10213  3327/python         
unix  3       ]         STREAM     CONNECTED     10203  2790/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3       ]         STREAM     CONNECTED     10202  3327/python         
unix  3       ]         STREAM     CONNECTED     9967   3300/hald           @/var/run/hald/dbus-yHvrZ8IcEl
unix  3       ]         STREAM     CONNECTED     9965   3314/event0         
unix  3       ]         STREAM     CONNECTED     9905   2948/acpid          /var/run/acpid.socket
unix  3       ]         STREAM     CONNECTED     9904   3308/acpid.socket   
unix  3       ]         STREAM     CONNECTED     9896   3300/hald           @/var/run/hald/dbus-yHvrZ8IcEl
unix  3       ]         STREAM     CONNECTED     9895   3308/acpid.socket   
unix  3       ]         STREAM     CONNECTED     8684   3300/hald           @/var/run/hald/dbus-ogDhnWs6yk
unix  3       ]         STREAM     CONNECTED     8683   3301/hald-runner    
unix  3       ]         STREAM     CONNECTED     8642   2790/dbus-daemon    /var/run/dbus/system_bus_socket
unix  3       ]         STREAM     CONNECTED     8641   3284/avahi-daemon:  
unix  3       ]         STREAM     CONNECTED     8636   3285/avahi-daemon:  
unix  3       ]         STREAM     CONNECTED     8635   3284/avahi-daemon:  
unix  2       ]         DGRAM                    8633   3284/avahi-daemon:  
unix  2       ]         DGRAM                    8483   3217/crond          
unix  2       ]         DGRAM                    8401   3186/gpm            
unix  2       ]         DGRAM                    8370   3170/clientmqueue   
unix  2       ]         DGRAM                    8341   3162/sendmail: acce 
unix  2       ]         DGRAM                    8154   3034/xinetd         
unix  2       ]         DGRAM                    7917   2923/automount      
unix  2       ]         DGRAM                    7786   2837/pcscd          
unix  3       ]         STREAM     CONNECTED     7694   2790/dbus-daemon    
unix  3       ]         STREAM     CONNECTED     7693   2790/dbus-daemon    
unix  3       ]         STREAM     CONNECTED     7634   2763/rpc.idmapd     
unix  3       ]         STREAM     CONNECTED     7633   2763/rpc.idmapd     
unix  2       ]         DGRAM                    7510   2727/rpc.statd      
unix  2       ]         DGRAM                    7299   2648/klogd          
unix  3       ]         STREAM     CONNECTED     7222   2610/auditd         
unix  3       ]         STREAM     CONNECTED     7221   2612/audispd        
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
16

this is the lsof -i output:

# lsof -i
COMMAND     PID     USER   FD   TYPE DEVICE SIZE NODE NAME
dhclient   2539     root    4u  IPv4   7049       UDP *:bootpc 
portmap    2686      rpc    3u  IPv4   7380       UDP *:sunrpc 
portmap    2686      rpc    4u  IPv4   7381       TCP *:sunrpc (LISTEN)
rpc.statd  2727  rpcuser    3u  IPv4   7520       UDP *:786 
rpc.statd  2727  rpcuser    6u  IPv4   7511       UDP *:783 
rpc.statd  2727  rpcuser    7u  IPv4   7528       TCP *:789 (LISTEN)
sshd       2981     root    3u  IPv6   8045       TCP *:ssh (LISTEN)
cupsd      3018     root    4u  IPv4   8106       TCP localhost.localdomain:ipp (LISTEN)
cupsd      3018     root    6u  IPv4   8109       UDP *:ipp 
mysqld     3120    mysql   10u  IPv4   8254       TCP *:mysql (LISTEN)
sendmail   3162     root    4u  IPv4   8342       TCP localhost.localdomain:smtp (LISTEN)
httpd      3202     root    3u  IPv6   8438       TCP *:http (LISTEN)
avahi-dae  3284    avahi   13u  IPv4   8643       UDP *:mdns 
avahi-dae  3284    avahi   14u  IPv6   8644       UDP *:mdns 
avahi-dae  3284    avahi   15u  IPv4   8645       UDP *:57439 
avahi-dae  3284    avahi   16u  IPv6   8646       UDP *:41716 
asterisk   3398 asterisk    7u  IPv4  10512       TCP *:5038 (LISTEN)
asterisk   3398 asterisk    9u  IPv4  10515       UDP *:iax 
asterisk   3398 asterisk   10u  IPv4  10535       UDP *:sip 
asterisk   3398 asterisk   23u  IPv4  10641       TCP localhost.localdomain:5038->localhost.localdomain:46798 (ESTABLISHED)
op_server  3445 asterisk    4u  IPv4  10639       TCP *:upnotifyp (LISTEN)
op_server  3445 asterisk    5u  IPv4  10640       TCP localhost.localdomain:46798->localhost.localdomain:5038 (ESTABLISHED)
sshd       8826     root    3u  IPv6 210271       TCP 192.168.0.3:ssh->192.168.0.12:51350 (ESTABLISHED)
httpd     17358 asterisk    3u  IPv6   8438       TCP *:http (LISTEN)
httpd     17359 asterisk    3u  IPv6   8438       TCP *:http (LISTEN)
httpd     17360 asterisk    3u  IPv6   8438       TCP *:http (LISTEN)
httpd     17361 asterisk    3u  IPv6   8438       TCP *:http (LISTEN)
httpd     17362 asterisk    3u  IPv6   8438       TCP *:http (LISTEN)
httpd     17365 asterisk    3u  IPv6   8438       TCP *:http (LISTEN)
httpd     17366 asterisk    3u  IPv6   8438       TCP *:http (LISTEN)
httpd     17367 asterisk    3u  IPv6   8438       TCP *:http (LISTEN)
17

I’ve run lsof -i:5060 and I get:

COMMAND   PID     USER   FD   TYPE DEVICE SIZE NODE NAME
asterisk 3398 asterisk   10u  IPv4  10535       UDP *:sip

this means that the server is listening to this port not?

18

-vp was a poor choice of flags. You need the -a flag to show server sockets. Better still is adding -u to restrict it to UDP ports. So netstat -aup is what you want.

You can also add -n to show addresses and ports as numbers, allowing you to grep for 5060.

When in doubt, read the man page.

19

Yes, it is.

And the fact that it’s a UDP port explains why nmap didn’t find it, because the default scan of nmap is for a SYN scan for TCP ports. Again, the man page for nmap would have explained this, though it’s forgivable one would be frightened by the numerous options. Still, it’s always worth questioning one’s assumptions about what a tool is doing.

20

Thanks…

So right now I’ll have to check the Asterisk configuration… I think I was to happy when outbound calling worked as it should.

I’m looking to redo the whole sip.conf to be sure all is set as it should.

Just let me know if I annoy you when I keep posting to this forum as I know that I am back in to Asterisk en not Suse anymore…

I’m just glad that some people want to take the time to help this newbee in this wonderfull and intriguing world of linux and command line.

kind regards

Pedro