Score:0

Routing Issue: Cannot reach target server from local network

my flag

1. my setup:

I've got an optical fibre ZTE router from my ISP for internet and telephone.

My old analog phone is connected directly to the router using the dedicated phone port on my router.

(For illustration I draw a network diagram down below.)

2. what I want:

I want to use SIP directly to make calls from my local network, instead of my old analog phone.

For example I want to install the softphone App zoiper on my PC and then make calls using my headset.

3. the problem:

3.1 cannot reach the sip-server

The problem is that the SIP Proxy Server (10.40.0.9 and 10.40.0.41) is not reachable by any device in my LAN. Neither ping nor netcat shows any reachable IP or open port.

Only my analog phone works perfectly.

So I guess this must be a routing issue, because it's obviously a different internal vlan from my ISP, which is not publicly available.

3.2 webgui:

I logged into the routers webgui and found out, that it can perfectly reach the sip proxy server, which is saved in my routers sip config. (I used the webguis ping and traceroute utility)

Traceroute told me that there must be a gateway (10.166.32.1) in between the router and the sip server.

I tried to set some custom static routes, but I had no luck.

3.3 telnet shell:

Then I tried logging into the telnet shell of my router (no ssh available). It's a very crappy old minimalist shell with just a BusyBox v1.01 (which doesn't even have a vi or netcat utility). So its quiet challenging to work with that.

But I found out, that from here I can't ping the sip server.

3.3.1 ping from router doesn't work:

/ # ping 10.40.0.9
PING 10.40.0.9 (10.40.0.9): 56 data bytes
Request timed out.
Request timed out.
Request timed out.
Request timed out.

--- 10.40.0.9 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

This is very strange because from the webgui it works, but from the shell not.

3.3.2 ip r on the router:

/ # ip r
default via 100.104.128.1 dev ppp0 
10.28.192.0/18 dev nbif3  proto kernel  scope link  src 10.28.246.157 
10.166.32.0/19 dev nbif1  proto kernel  scope link  src 10.166.58.255 
10.254.0.0/16 via 10.28.192.1 dev nbif3 
100.104.128.1 dev ppp0  proto kernel  scope link  src 100.104.148.2 
192.168.100.0/24 dev br0  proto kernel  scope link  src 192.168.100.1 

3.3.3 ip a on the router:

/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: sit0: <NOARP> mtu 1480 qdisc noop state DOWN 
    link/sit 0.0.0.0 brd 0.0.0.0
3: ip6tnl0: <NOARP> mtu 1452 qdisc noop state DOWN 
    link/tunnel6 :: brd ::
4: pon0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
5: bcmsw: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noop state UNKNOWN qlen 100
    link/ether 00:10:18:00:00:00 brd ff:ff:ff:ff:ff:ff
6: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 100
    link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
7: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 100
    link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
8: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 100
    link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
9: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 100
    link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
10: gpon0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/ether 00:10:18:00:00:01 brd ff:ff:ff:ff:ff:ff
11: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 100
    link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global br0
    inet6 fe80::1/64 scope link 
       valid_lft forever preferred_lft forever
13: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
    link/ether 72:3f:bc:f3:19:b7 brd ff:ff:ff:ff:ff:ff
14: wlan2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
    link/ether 72:3f:bc:f3:19:b4 brd ff:ff:ff:ff:ff:ff
15: wlan3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
    link/ether 72:3f:bc:f3:19:b5 brd ff:ff:ff:ff:ff:ff
16: nbif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 100
    link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
17: nbif1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/ether 08:3f:bc:f3:19:b7 brd ff:ff:ff:ff:ff:ff
    inet 10.166.58.255/19 brd 10.166.63.255 scope global nbif1
18: nbif2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
19: nbif3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/ether 08:3f:bc:f3:19:ba brd ff:ff:ff:ff:ff:ff
    inet 10.28.246.157/18 brd 10.28.255.255 scope global nbif3
20: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp 
    inet 100.104.148.2 peer 100.104.128.1/32 scope global ppp0

3.3.4 add new route on the router:

Next I found out that I could add a route like this:

/ # ip route add 10.40.0.0/24 via 10.166.32.1 dev nbif1

3.3.5 now ping works from the router:

After that, ping worked also from the shell:

/ # ping 10.40.0.9
PING 10.40.0.9 (10.40.0.9): 56 data bytes
Reply from 10.40.0.9: bytes=56 ttl=253 time=6.8 ms seq=0
Reply from 10.40.0.9: bytes=56 ttl=253 time=22.3 ms seq=1
Reply from 10.40.0.9: bytes=56 ttl=253 time=28.2 ms seq=2
Reply from 10.40.0.9: bytes=56 ttl=253 time=6.2 ms seq=3

--- 10.40.0.9 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 6.2/15.8/28.2 ms

3.4 still can't ping from lan:

I thought if the default gateway (192.168.100.1) knows how to reach the sip server (10.40.0.9), then any other device in my lan should also know it, right?

But then why doesn't it work? I cannot ping 10.40.0.9 from like 192.168.100.2 or another local device.

4. My question:

Do you have any idea what route I can add in order to reach the server?

Thank you very much!

5. network diagram for illustration

enter image description here


Show the output of iptables-save command from the router shell. – Anton Danilov yesterday

Additional Information:

iptables -L

/ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere             icmp !echo-request
ACCEPT     all  --  anywhere             anywhere             destination IP range 224.0.0.0-239.255.255.255
6rd        all  --  anywhere             anywhere            
srvcntrl   all  --  anywhere             anywhere            
srvdrop    all  --  anywhere             anywhere            
fwports    all  --  anywhere             anywhere            
fwinput    all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere             icmp !echo-request
ACCEPT     all  --  anywhere             anywhere             destination IP range 224.0.0.0-239.255.255.255
macfilter  all  --  anywhere             anywhere            
upnp       all  --  anywhere             anywhere            
algfilter  all  --  anywhere             anywhere            
ipfilter   all  --  anywhere             anywhere            
portmapp   all  --  anywhere             anywhere            
dmzmapp    all  --  anywhere             anywhere            
fwforward  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain 6rd (1 references)
target     prot opt source               destination         

Chain algfilter (1 references)
target     prot opt source               destination         

Chain dmzmapp (1 references)
target     prot opt source               destination         

Chain fwforward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             DEVWL match:WANDEV


Chain fwinput (1 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request DEVWL match:WANDEV

ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED DEVWL match:WANDEV

ACCEPT     all  --  anywhere             anywhere             DEVWL match:WANDEV


Chain fwports (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:5060
ACCEPT     udp  --  anywhere             anywhere             udp dpts:4000:4012
ACCEPT     tcp  --  anywhere             10.28.246.157        tcp dpt:58000

Chain ipfilter (1 references)
target     prot opt source               destination         

Chain macfilter (1 references)
target     prot opt source               destination         

Chain portmapp (1 references)
target     prot opt source               destination         

Chain srvcntrl (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:telnet
DROP       tcp  --  anywhere             anywhere             tcp dpt:telnet

Chain srvdrop (1 references)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere             tcp dpt:http DEVWL match:WANDEV

DROP       tcp  --  anywhere             anywhere             tcp dpt:ftp DEVWL match:WANDEV

DROP       tcp  --  anywhere             anywhere             tcp dpt:telnet DEVWL match:WANDEV

DROP       tcp  --  anywhere             anywhere             tcp dpt:https DEVWL match:WANDEV


Chain upnp (1 references)
target     prot opt source               destination         

Chain webfilter (0 references)
target     prot opt source               destination         

Chain webpolicy (0 references)
target     prot opt source               destination         

Chain wfmode (0 references)
target     prot opt source               destination         
/ # 
Score:0
id flag

Do you want to use the SIP-client on you router or one on the LAN (e.g. zoiper app) I don't think it's a routing problem. The SIP-server should be able to reach via (correctly set) default route from your LAN also. But it's maybe a problem with your router SIP-client.

I had a similar problem in my company's remote location. There was also a cheap ISP-router with included SIP-client and this SIP clients blocked all access from the LAN to any ISP in the internet cause it terminates SIP only at the router itself and does not transmit SIP packets to/from the LAN.

I have not really solved that problem but just used not a SIP, but a IAX-client (also zoiper ;-) in the LAN.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.