1.我的设置:
我有一根光纤中兴路由器来自我的 ISP 的互联网和电话。
我的老模拟电话已连接直接连接到路由器使用路由器上的专用电话端口。
(为了说明,我画了一个网络图在下面。)
2.我想要什么:
我想直接使用 SIP 拨打电话来自我的本地网络,而不是我的旧模拟电话。
例如我想安装软件电话 App zoiper在我的电脑上,然后打电话使用我的耳机。
3.问题:
3.1 无法连接 SIP 服务器
问题是 SIP 代理服务器 (10.40.0.9和10.40.0.41)无法访问通过 LAN 中的任何设备。ping 和 netcat 均未显示任何可访问的 IP 或开放端口。
只有我的模拟电话运行正常。
所以我猜这一定是路由问题因为这显然是不同的内部的虚拟局域网来自我的 ISP,它不公开提供。
3.2 WebGUI:
我登录了路由器网页图形界面并发现它可以完美地到达 SIP 代理服务器,该服务器保存在我的路由器 SIP 配置中。(我使用了 webguis平和路由追踪公用事业)
Traceroute 告诉我一定有一个网关(10.166.32.1) 位于路由器与 SIP 服务器之间。
我尝试设置一些自定义静态路由,但我没有运气。
3.3 telnet 外壳:
然后我尝试登录远程登录外壳我的路由器(没有可用的 ssh)。这是一个非常糟糕的老式极简主义外壳,只有一个 BusyBox v1.01(甚至没有 vi 或 netcat 实用程序)。因此,解决这个问题相当有挑战性。
但我发现,从这里我无法 pingSIP 服务器。
3.3.1 从路由器 ping 不通:
/ # ping 10.40.0.9
PING 10.40.0.9 (10.40.0.9): 56 data bytes
Request timed out.
Request timed out.
Request timed out.
Request timed out.
--- 10.40.0.9 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
这很奇怪,因为从 webgui 它可以工作,但从 shell 却不行。
3.3.2 路由器上的ip r:
/ # ip r
default via 100.104.128.1 dev ppp0
10.28.192.0/18 dev nbif3 proto kernel scope link src 10.28.246.157
10.166.32.0/19 dev nbif1 proto kernel scope link src 10.166.58.255
10.254.0.0/16 via 10.28.192.1 dev nbif3
100.104.128.1 dev ppp0 proto kernel scope link src 100.104.148.2
192.168.100.0/24 dev br0 proto kernel scope link src 192.168.100.1
3.3.3 路由器上的ip a:
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
3: ip6tnl0: <NOARP> mtu 1452 qdisc noop state DOWN
link/tunnel6 :: brd ::
4: pon0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
5: bcmsw: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noop state UNKNOWN qlen 100
link/ether 00:10:18:00:00:00 brd ff:ff:ff:ff:ff:ff
6: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
7: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
8: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
9: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
10: gpon0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 00:10:18:00:00:01 brd ff:ff:ff:ff:ff:ff
11: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global br0
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
13: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
link/ether 72:3f:bc:f3:19:b7 brd ff:ff:ff:ff:ff:ff
14: wlan2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
link/ether 72:3f:bc:f3:19:b4 brd ff:ff:ff:ff:ff:ff
15: wlan3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 100
link/ether 72:3f:bc:f3:19:b5 brd ff:ff:ff:ff:ff:ff
16: nbif0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
17: nbif1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b7 brd ff:ff:ff:ff:ff:ff
inet 10.166.58.255/19 brd 10.166.63.255 scope global nbif1
18: nbif2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:b6 brd ff:ff:ff:ff:ff:ff
19: nbif3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 08:3f:bc:f3:19:ba brd ff:ff:ff:ff:ff:ff
inet 10.28.246.157/18 brd 10.28.255.255 scope global nbif3
20: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 100.104.148.2 peer 100.104.128.1/32 scope global ppp0
3.3.4在路由器上添加新路由:
接下来我发现我可以添加这样的路线:
/ # ip route add 10.40.0.0/24 via 10.166.32.1 dev nbif1
3.3.5 现在可以从路由器 ping 通:
此后,ping 操作在 shell 中也可以进行:
/ # ping 10.40.0.9
PING 10.40.0.9 (10.40.0.9): 56 data bytes
Reply from 10.40.0.9: bytes=56 ttl=253 time=6.8 ms seq=0
Reply from 10.40.0.9: bytes=56 ttl=253 time=22.3 ms seq=1
Reply from 10.40.0.9: bytes=56 ttl=253 time=28.2 ms seq=2
Reply from 10.40.0.9: bytes=56 ttl=253 time=6.2 ms seq=3
--- 10.40.0.9 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 6.2/15.8/28.2 ms
3.4 仍然无法从局域网 ping 通:
我认为如果默认网关(192.168.100.1)知道如何到达 SIP 服务器(10.40.0.9),那么我的局域网中的任何其他设备也应该知道它,对吗?
但为什么它不起作用呢?我无法从 192.168.100.2 或其他本地设备 ping 10.40.0.9。
4.我的问题:
您知道我可以添加哪条路线才能到达服务器吗?
非常感谢!
5. 网络图说明
从路由器 shell 显示 iptables-save 命令的输出。 – Anton Danilov 昨天
附加信息:
iptables -L
/ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp !echo-request
ACCEPT all -- anywhere anywhere destination IP range 224.0.0.0-239.255.255.255
6rd all -- anywhere anywhere
srvcntrl all -- anywhere anywhere
srvdrop all -- anywhere anywhere
fwports all -- anywhere anywhere
fwinput all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp !echo-request
ACCEPT all -- anywhere anywhere destination IP range 224.0.0.0-239.255.255.255
macfilter all -- anywhere anywhere
upnp all -- anywhere anywhere
algfilter all -- anywhere anywhere
ipfilter all -- anywhere anywhere
portmapp all -- anywhere anywhere
dmzmapp all -- anywhere anywhere
fwforward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain 6rd (1 references)
target prot opt source destination
Chain algfilter (1 references)
target prot opt source destination
Chain dmzmapp (1 references)
target prot opt source destination
Chain fwforward (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere DEVWL match:WANDEV
Chain fwinput (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request DEVWL match:WANDEV
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DEVWL match:WANDEV
ACCEPT all -- anywhere anywhere DEVWL match:WANDEV
Chain fwports (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT udp -- anywhere anywhere udp dpts:4000:4012
ACCEPT tcp -- anywhere 10.28.246.157 tcp dpt:58000
Chain ipfilter (1 references)
target prot opt source destination
Chain macfilter (1 references)
target prot opt source destination
Chain portmapp (1 references)
target prot opt source destination
Chain srvcntrl (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
DROP tcp -- anywhere anywhere tcp dpt:telnet
Chain srvdrop (1 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:http DEVWL match:WANDEV
DROP tcp -- anywhere anywhere tcp dpt:ftp DEVWL match:WANDEV
DROP tcp -- anywhere anywhere tcp dpt:telnet DEVWL match:WANDEV
DROP tcp -- anywhere anywhere tcp dpt:https DEVWL match:WANDEV
Chain upnp (1 references)
target prot opt source destination
Chain webfilter (0 references)
target prot opt source destination
Chain webpolicy (0 references)
target prot opt source destination
Chain wfmode (0 references)
target prot opt source destination
/ #
答案1
您想使用路由器上的 SIP 客户端还是 LAN 上的 SIP 客户端(例如 zoiper 应用程序)我不认为这是路由问题。SIP 服务器也应该能够通过(正确设置的)默认路由从您的 LAN 进行访问。但这可能是您的路由器 SIP 客户端的问题。
我在公司的远程位置也遇到过类似的问题。还有一个便宜的 ISP 路由器,其中包含 SIP 客户端,该 SIP 客户端阻止了从 LAN 到互联网上任何 ISP 的所有访问,因为它仅在路由器本身上终止 SIP,而不会向 LAN 传输 SIP 数据包或从 LAN 传输 SIP 数据包。
我并没有真正解决这个问题,只是在 LAN 中使用了 IAX 客户端(也是 zoiper ;-),而不是 SIP。