LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-09-2016, 11:11 PM   #1
Jore
LQ Newbie
 
Registered: Jun 2016
Location: The third rock from The Heater.
Distribution: any.
Posts: 7

Rep: Reputation: 0
Thumbs up Asterisk: Port forward / tunneling from eth0 to tun0?


Hi everyone!

The idea is to make as lean as possible remote VOIP GSM -gateway to route calls to other continent. Bought one cheap-o Chinese Goip1 gateway, rasberry pi 3 and screwed these together. It works just fine when connected via openWRT -box routed to VPN. OpenWRT -box is quite expensive, and Raspberry should be more than able to all that WRT does.

In this new trial, from raspberry there is a rj45 LAN cable going to Goip1 rj45 LAN -port. Currently rasp 3 is connected to internet over WLAN, from where it gets IP with DHCP. Later it will use 3G to make internet connection.

To anyone whom might wonder why to use Goip1, the answer is remotely changeable SIM.

Raspberry open OpenVPN -connection to server and gets ip 192.168.88.90, and rasp is accessible via this tunnel from the server.

So far so good.

Check the image of hardware:
http://www.pil.fi/j/raspgoip_general.jpg

We have these old rotary phones seen in picture to serve as internal phone network, and Asterisk has been doing the job for years.

Network is like this:

GOIP1 -asterisk compatible box
LAN: 192.168.1.16 <-- connected to raspberry

RaspberryPi
eth0: 192.168.1.2 <-- Goip1 LAN
tun0: 192.168.88.90 <-- VPN to asterisk server

Asterisk server:
192.168.88.10 sip 5060, ports 10000:20000

WLAN has what ever network it gets via DHCP, and VPN is built after boot automatically.

This is what i got to work so far:

Goip1 spills out configuration page when i browse with Firefox to 192.168.88.90:80.

..but..

Trying to get asterisk to see Goip1 seems to be something quite different?

I made this, not fully understanding what happens:

Code:
iptables -t nat -A PREROUTING -p tcp -i tun0 --dport 80 -j DNAT --to-destination 192.168.1.16:80
iptables -A FORWARD -p tcp -d 192.168.1.16 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A PREROUTING -p udp -i tun0 --dport 5060 -j DNAT --to-destination 192.168.1.16:5060
iptables -A FORWARD -p udp -d 192.168.1.16 --dport 5061 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A PREROUTING -p udp -i tun0 --dport 10000:20000 -j DNAT --to-destination 192.168.1.16:10000-20000
iptables -A FORWARD -p udp -d 192.168.1.16 --dport 10000:20000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Asterisk does not see Goip1. I can ping from 192.168.88.10 to .90 and vice versa, but i should be able to route all traffic from 192.168.1.16 at 192.168.88.90 to 192.168.88.10.

Last edited by Jore; 06-12-2016 at 02:44 AM.
 
Old 06-11-2016, 12:03 AM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
You don't need to add the ports to the ip address on the J statement.

What is the output for the following command?

Code:
route -n
Please use [ code ] tags.
 
Old 06-11-2016, 12:38 AM   #3
Jore
LQ Newbie
 
Registered: Jun 2016
Location: The third rock from The Heater.
Distribution: any.
Posts: 7

Original Poster
Rep: Reputation: 0
route -n

Code:
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.110.254 0.0.0.0         UG    303    0        0 wlan0
192.168.88.0    192.168.88.89   255.255.255.0   UG    0      0        0 tun0
192.168.88.89   0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.110.0   0.0.0.0         255.255.255.0   U     303    0        0 wlan0
 
Old 06-11-2016, 07:37 PM   #4
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Which interface should traffic go out to reach 192.168.1.x?

If it is through tun0 then you have to add the route like so;

Code:
ip route add 192.168.1.0/24 dev tun0
 
Old 06-12-2016, 11:48 AM   #5
Jore
LQ Newbie
 
Registered: Jun 2016
Location: The third rock from The Heater.
Distribution: any.
Posts: 7

Original Poster
Rep: Reputation: 0
route -n

Code:
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.110.254 0.0.0.0         UG    303    0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0
192.168.88.0    192.168.88.89   255.255.255.0   UG    0      0        0 tun0
192.168.88.89   0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.110.0   0.0.0.0         255.255.255.0   U     303    0        0 wlan0
This causes the connection drop. No port 80 or response to ping.

This restores the situation:
Code:
ip route delete 192.168.1.0/24 dev tun0
The routing table is now:

Code:
root@goip1:/home/miika# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             192.168.1.16         tcp dpt:http state NEW,RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             192.168.1.16         udp dpt:sip state NEW,RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             192.168.1.16         udp dpts:10000:20000 state NEW,RELATED,ESTABLISHED

Last edited by Jore; 06-12-2016 at 11:49 AM.
 
Old 06-18-2016, 02:05 AM   #6
Jore
LQ Newbie
 
Registered: Jun 2016
Location: The third rock from The Heater.
Distribution: any.
Posts: 7

Original Poster
Rep: Reputation: 0
Routing works

What misled me was the very delay with operations. Following arrangement was left to device day before, and this morning i noticed it works.

Code:
# cat /usr/bin/routing
echo "1" > /proc/sys/net/ipv4/conf/eth0/forwarding
echo "1" > /proc/sys/net/ipv4/conf/tun0/forwarding

iptables -t nat -A PREROUTING -p tcp -i tun0 --dport 8002 -j DNAT --to-destination 192.168.1.16:80
iptables -t nat -A PREROUTING -p udp -i tun0 --dport 5060 -j DNAT --to-destination 192.168.1.16:5060
iptables -t nat -A PREROUTING -p udp -i tun0 --dport 10000:20000 -j DNAT --to-destination 192.168.1.16

iptables -A FORWARD -p tcp -d 192.168.1.16 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.1.16 --dport 5060 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p udp -d 192.168.1.16 --dport 10000:20000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A POSTROUTING -j MASQUERADE
Postrouting masquerade was the key, suppose.

Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             192.168.1.16         tcp dpt:http state NEW,RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             192.168.1.16         udp dpt:sip state NEW,RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             192.168.1.16         udp dpts:10000:20000 state NEW,RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Code:
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    303    0        0 wlan0
192.168.1.0     *               255.255.255.0   U     202    0        0 eth0
192.168.1.0     *               255.255.255.0   U     303    0        0 wlan0
192.168.88.0    192.168.88.89   255.255.255.0   UG    0      0        0 tun0
192.168.88.89   *               255.255.255.255 UH    0      0        0 tun0
Voice goes through and dialling works.

Next step is adding 3G.
 
Old 06-18-2016, 08:21 PM   #7
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Look at your route table. You will see that you have two routes for 192.168.1.0. This is confusing and one of the routes needs to be removed.
 
Old 06-19-2016, 02:54 AM   #8
sbabuv
LQ Newbie
 
Registered: Jun 2016
Posts: 3

Rep: Reputation: Disabled
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.252.0 U 1 0 0 eth0
126.190.156.0 0.0.0.0 255.255.252.0 U 1 0 0 eth1
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0


-- It gives above output
eth0 > 10.0.0.0 0.0.0.0 255.255.252.0
eth1 > 126.190.156.0 0.0.0.0 255.255.252.0
 
Old 06-19-2016, 04:51 AM   #9
Jore
LQ Newbie
 
Registered: Jun 2016
Location: The third rock from The Heater.
Distribution: any.
Posts: 7

Original Poster
Rep: Reputation: 0
Power shortage

I have now tested the arrangement with three different 3G -modems, and only one seems to work. Power for Raspberry has been fed via micro USB -connector with chinese cheap-o 5V 3A power supply, but that is not sufficient. Pi 3 consumes 2.5A, and USB 3G easily heaps another 1 - 1.5A. Power shortage icon flashes on screen every time modem starts, and within seconds Pi reboots.

Either the power supply is not what it claims to, or USB does not get enough power through.

Might be that power shortage creates other problems too. I changed the supply to pins 2 for 5V and 6 for GND, and use regulated 5V 5A supply, and at least 3G is now stable with all three tested USB modems (only one connected at a time).

http://www.pil.fi/j/goip1_pwr.jpg

Removed the other default gw.

Goip1 seems to have problems to establish connection. I had port 5060 for asterisk sip connection, but changed it several times between 5060-5065 and pushing "save changes" on goip1 web interface it registered to asterisk server. So it seems it might not been route problem in the first place.

Code:
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    303    0        0 wlan0
192.168.1.0     *               255.255.255.0   U     202    0        0 eth0
192.168.88.0    192.168.88.89   255.255.255.0   UG    0      0        0 tun0
192.168.88.89   *               255.255.255.255 UH    0      0        0 tun0

sbabuv, what is that? I do not understand?

Last edited by Jore; 06-20-2016 at 07:08 AM.
 
Old 06-20-2016, 11:06 AM   #10
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Routing was part of the problem. When you changed the ports did you do the same with the firewall?
Are you running a firewall on all the devices or just the one? Can you post the firewall config and I don't mean the iptables -L one either I'm talking about the one that iptables is loaded from.
 
Old 06-20-2016, 11:23 AM   #11
Jore
LQ Newbie
 
Registered: Jun 2016
Location: The third rock from The Heater.
Distribution: any.
Posts: 7

Original Poster
Rep: Reputation: 0
There is no firewall, the whole thing is operated via VPN, tun0. Network operator from 3G side gives address like this

Code:
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.215.16.47  P-t-P:10.64.64.64  Mask:255.255.255.255
and it comes out from public IP that is addressed for 3G pool. So no need for FW.

Like mentioned earlier modem problems were just lack of power. Now the device works over 3G and is stable even the signal is not so good. To make it connect over 3G when power is connected WLAN had to be disabled by commenting it from /etc/network/interfaces. Then added wvdial& to start at boottime like this:

Code:
sleep 20;
/usr/bin/wvdial&

exit 0
Good thing with wvdial is it tries to reconnect when it drops the connection, so it does not need watchdog.

To save current working settings;

Code:
apt-get install iptables-persistent
It asked while installation "do you like to save current settings" and nodding resulted this:

Code:
# Generated by iptables-save v1.4.21 on Mon Jun 20 14:55:12 2016
*filter
:INPUT ACCEPT [8256:3377358]
:FORWARD ACCEPT [5392:2800063]
:OUTPUT ACCEPT [7806:3058004]
-A FORWARD -d 192.168.1.16/32 -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.16/32 -p udp -m udp --dport 5065 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.16/32 -p udp -m udp --dport 10000:49000 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon Jun 20 14:55:12 2016
# Generated by iptables-save v1.4.21 on Mon Jun 20 14:55:12 2016
*nat
:PREROUTING ACCEPT [74:5856]
:INPUT ACCEPT [10:400]
:OUTPUT ACCEPT [194:14654]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i tun0 -p tcp -m tcp --dport 8002 -j DNAT --to-destination 192.168.1.16:80
-A PREROUTING -i tun0 -p udp -m udp --dport 5065 -j DNAT --to-destination 192.168.1.16:5065
-A PREROUTING -i tun0 -p udp -m udp --dport 10000:20000 -j DNAT --to-destination 192.168.1.16
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Mon Jun 20 14:55:12 2016

Last edited by Jore; 06-20-2016 at 11:30 AM.
 
Old 06-20-2016, 11:26 AM   #12
Jore
LQ Newbie
 
Registered: Jun 2016
Location: The third rock from The Heater.
Distribution: any.
Posts: 7

Original Poster
Rep: Reputation: 0
Double

Quote:
Originally Posted by lazydog View Post
Look at your route table. You will see that you have two routes for 192.168.1.0. This is confusing and one of the routes needs to be removed.
I wondered this one quite a while before noticing my LAN had same network as rasp lan, 192.168.1.0/24. Taking the device to different LAN took away this problem.
 
Old 06-20-2016, 12:56 PM   #13
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Please excuse me as I'm running 4 different projects at once. Yours not included.

Why are you NATing anything to begin with? Where is your traffic coming from? Internal(LAN) or external(internet)?
If everything is local you should not have to nat anything.

The only thing I am aware of at this point is as follows:

Logically it looks like this to me
<GOIP> <-> <RaspPI> <-> <Asterisks>

What does it look like Physically?

Is GOIP the internet and calls are coming in to there?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
eth0 tun0 ip forwarding riodda Linux - Networking 1 06-28-2012 02:38 PM
iptables + openvpn + eth0 and tun0 shadyabhi Linux - Networking 3 01-18-2011 03:44 AM
Forward Port 80 from eth0 to eth1 emjga Linux - Networking 1 02-04-2009 11:57 AM
Asterisk 1.4x Do Not Disturb to Forward? & Can you push a call to FXS port via ext? Lantzvillian Linux - Server 1 04-12-2008 10:55 AM
port forward from eth0 to eth1 ryanzietlow Linux - Networking 8 03-01-2005 10:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration