1. my setup:
I've got an optical fibre ZTE router from my ISP for internet and telephone.
My old analog phone is connected directly to the router using the dedicated phone port on my router.
(For illustration I draw a network diagram down below.)
2. what I want:
I want to use SIP directly to make calls from my local network, instead of my old analog phone.
For example I want to install the softphone App zoiper on my PC and then make calls using my headset.
3. the problem:
3.1 cannot reach the sip-server
The problem is that the SIP Proxy Server (10.40.0.9 and 10.40.0.41) is not reachable by any device in my LAN.
Neither ping nor netcat shows any reachable IP or open port.
Only my analog phone works perfectly.
So I guess this must be a routing issue, because it's obviously a different internal vlan from my ISP, which is not publicly available.
3.2 webgui:
I logged into the routers webgui and found out, that it can perfectly reach the sip proxy server, which is saved in my routers sip config. (I used the webguis ping and traceroute utility)
Traceroute told me that there must be a gateway (10.166.32.1) in between the router and the sip server.
I tried to set some custom static routes, but I had no luck.
3.3 telnet shell:
Then I tried logging into the telnet shell of my router (no ssh available). It's a very crappy old minimalist shell with just a BusyBox v1.01 (which doesn't even have a vi or netcat utility). So its quiet challenging to work with that.
But I found out, that from here I can't ping the sip server.
3.3.1 ping from router doesn't work:
/ # ping 10.40.0.9
PING 10.40.0.9 (10.40.0.9): 56 data bytes
Request timed out.
Request timed out.
Request timed out.
Request timed out.
--- 10.40.0.9 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
This is very strange because from the webgui it works, but from the shell not.
3.3.2 ip r on the router:
/ # ip r
default via 100.104.128.1 dev ppp0
10.28.192.0/18 dev nbif3 proto kernel scope link src 10.28.246.157
10.166.32.0/19 dev nbif1 proto kernel scope link src 10.166.58.255
10.254.0.0/16 via 10.28.192.1 dev nbif3
100.104.128.1 dev ppp0 proto kernel scope link src 100.104.148.2
192.168.100.0/24 dev br0 proto kernel scope link src 192.168.100.1
3.3.3 ip a on the router:
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
3: ip6tnl0: <NOARP> mtu 1452 qdisc noop state DOWN
link/tunnel6 :: brd ::
4: pon0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
5: bcmsw: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noop state UNKNOWN qlen 100
link/ether 00:10:18:00:00:00 brd ff:ff:ff:ff:ff:ff
6: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
7: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
8: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
9: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
10: gpon0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 00:10:18:00:00:01 brd ff:ff:ff:ff:ff:ff
11: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global br0
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
13: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
link/ether 72:3f:bc:f3:19:b7 brd ff:ff:ff:ff:ff:ff
14: wlan2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
link/ether 72:3f:bc:f3:19:b4 brd ff:ff:ff:ff:ff:ff
15: wlan3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
link/ether 72:3f:bc:f3:19:b5 brd ff:ff:ff:ff:ff:ff
16: nbif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
17: nbif1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b7 brd ff:ff:ff:ff:ff:ff
inet 10.166.58.255/19 brd 10.166.63.255 scope global nbif1
18: nbif2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
19: nbif3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:ba brd ff:ff:ff:ff:ff:ff
inet 10.28.246.157/18 brd 10.28.255.255 scope global nbif3
20: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 100.104.148.2 peer 100.104.128.1/32 scope global ppp0
3.3.4 add new route on the router:
Next I found out that I could add a route like this:
/ # ip route add 10.40.0.0/24 via 10.166.32.1 dev nbif1
3.3.5 now ping works from the router:
After that, ping worked also from the shell:
/ # ping 10.40.0.9
PING 10.40.0.9 (10.40.0.9): 56 data bytes
Reply from 10.40.0.9: bytes=56 ttl=253 time=6.8 ms seq=0
Reply from 10.40.0.9: bytes=56 ttl=253 time=22.3 ms seq=1
Reply from 10.40.0.9: bytes=56 ttl=253 time=28.2 ms seq=2
Reply from 10.40.0.9: bytes=56 ttl=253 time=6.2 ms seq=3
--- 10.40.0.9 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 6.2/15.8/28.2 ms
3.4 still can't ping from lan:
I thought if the default gateway (192.168.100.1) knows how to reach the sip server (10.40.0.9), then any other device in my lan should also know it, right?
But then why doesn't it work? I cannot ping 10.40.0.9 from like 192.168.100.2 or another local device.
4. My question:
Do you have any idea what route I can add in order to reach the server?
Thank you very much!
5. network diagram for illustration
Show the output of iptables-save command from the router shell. –
Anton Danilov
yesterday
Additional Information:
iptables -L
/ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp !echo-request
ACCEPT all -- anywhere anywhere destination IP range 224.0.0.0-239.255.255.255
6rd all -- anywhere anywhere
srvcntrl all -- anywhere anywhere
srvdrop all -- anywhere anywhere
fwports all -- anywhere anywhere
fwinput all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp !echo-request
ACCEPT all -- anywhere anywhere destination IP range 224.0.0.0-239.255.255.255
macfilter all -- anywhere anywhere
upnp all -- anywhere anywhere
algfilter all -- anywhere anywhere
ipfilter all -- anywhere anywhere
portmapp all -- anywhere anywhere
dmzmapp all -- anywhere anywhere
fwforward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain 6rd (1 references)
target prot opt source destination
Chain algfilter (1 references)
target prot opt source destination
Chain dmzmapp (1 references)
target prot opt source destination
Chain fwforward (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere DEVWL match:WANDEV
Chain fwinput (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request DEVWL match:WANDEV
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DEVWL match:WANDEV
ACCEPT all -- anywhere anywhere DEVWL match:WANDEV
Chain fwports (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT udp -- anywhere anywhere udp dpts:4000:4012
ACCEPT tcp -- anywhere 10.28.246.157 tcp dpt:58000
Chain ipfilter (1 references)
target prot opt source destination
Chain macfilter (1 references)
target prot opt source destination
Chain portmapp (1 references)
target prot opt source destination
Chain srvcntrl (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
DROP tcp -- anywhere anywhere tcp dpt:telnet
Chain srvdrop (1 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:http DEVWL match:WANDEV
DROP tcp -- anywhere anywhere tcp dpt:ftp DEVWL match:WANDEV
DROP tcp -- anywhere anywhere tcp dpt:telnet DEVWL match:WANDEV
DROP tcp -- anywhere anywhere tcp dpt:https DEVWL match:WANDEV
Chain upnp (1 references)
target prot opt source destination
Chain webfilter (0 references)
target prot opt source destination
Chain webpolicy (0 references)
target prot opt source destination
Chain wfmode (0 references)
target prot opt source destination
/ #