how can I enable 60 port for incoming call route

[alamin]

Hello,

My provider use two port 5060 and 60 port for SIP, but when down 5060 then I want to connect 60 port, but my server not reach 60 port. when I try to telnet connection refuse from my server.

Where I enable 60 port and which file location.? Please any idea.

Thanks.

 

[Adrian Fretwell]

You will need to create another External SIP profile to listen on port 60, you will also need to change your firewall/fail2ban rules to allow connections on port 60. Also be mindful of the current QOS setting implemented in the firewall for the standard SIP ports.

 

[alamin]

Thank you for your response!....

1.
I am setup like below
/etc/iptables/rules.v4
-A INPUT -p tcp -m tcp --dport 60 -j ACCEPT
-A INPUT -p udp -m udp --dport 60 -j ACCEPT

2.
/etc/fail2ban# cat jail.local

[voip]
enabled = true
port = 60
logpath = /var/log/60.log
action = iptables-allports[name=voip, protocol=all]
maxretry = 10
findtime = 60
bantime = 3600

3.
root@pbx:/etc/fail2ban/filter.d# cat voip.conf

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'.*\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'.*\' for \[.*\] from ip <HOST>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =


Then try to telnet error

telnet: Unable to connect to remote host: Connection refused

I mean firewall not configure properly.

Thanks.

 

[hfoster]

Interestingly enough, I read a blog about what I think your problem might be yesterday.

Applications that aren't root can't listen on ports under 1024 on most Linux distros. There's 2 fixes:

1. Make the freeswitch process privileged enough to use the port: sudo setcap cap_net_bind_service=ep /usr/bin/freeswitch
2. Modify the sysctl param by adding: net.ipv4.ip_unprivileged_port_start=60 to /etc/sysctl.d/99-reduce-unprivileged-port-start-to-60.conf then reboot.