We have two Trixbox/FreePBX boxes that were working fine and were connected via IAX. We lost the motherboard on one of the machines and bought one that was said to be a “direct” replacement.
I have one network card connected to my internal network for endpoints and another card connected to the wan with a static public IP address for the IAX connections and GUI control.
I replaced the motherboard and used the existing drive with the PBX operating system already loaded. When booting I had to find some drivers for the “new” network cards and everything seemed to work fine. Except, I cannot connect to the Gui from outside my wan segment even though I can ping and trace route to it from the location of the other box or anywhere else for that matter. I can trunk calls from the rebuilt box to the other box but it cannot trunk calls back to the rebuilt box. It appears as if the rebuilt box is somehow rejecting connections from the “outside” world even though I don’t think I changed anything. This may be more of a linux networking issue but I’m not sure and don’t have that much linux experience. I cannot SSH into the rebuilt box either unless I am in the same network. no firewall is in place on the WAN side.
Thanks in advance for any thoughts and help.
Jeff Montgomery
Palestine, Texas
It definitely sounds like a networking issue, and since this is a linux box, you’ll have to troubleshoot using linux.
Your network configuration will definitely be specific to your network, so it’s hard to help you, especially as you didn’t give much detail.
First, regarding your trunk one-way but not the other way issue, any call requires communications both ways for a conversation to be happening. You don’t say whether this IAX trunk is inside your lan or over a public network, so it’s not clear whether this is related to any of your other network issues.
Second, regarding your outside access, it’s often a good idea to lock down public access to a machine as important as something that controls your phones. Do you know whether this is a new situation, or do you think you were always able to reach your web gui and ssh from outside?
You probably need to talk to your network admins about how the network is designed, unless, of course, you are the network admin.
Sorry for the lack of information I’ll try and give all I know:
“First, regarding your trunk one-way but not the other way issue, any call requires communications both ways for a conversation to be happening. You don’t say whether this IAX trunk is inside your lan or over a public network, so it’s not clear whether this is related to any of your other network issues.”
This IAX trunk is over the public network, and was working before we replaced the motherboard. I’ll call this machine “Box A” Box B is at the other end on another public IP. Both boxes have 2 network cards, one to the public internet and one to an internal “192.x.x.x” network where the phones reside. We can forward phones from Box A to Box B but not the other way around. We had been able to forward both ways. I can access the FreePBX gui and SSH into Box B and from the public internet via it’s outside IP. I could also do this with Box A. Now I can only get into Box A from within the local wan or from the wan side if I am on a computer with the same segment but not from
the Box B location or other outside IP’s where I used to be able to before. I can ping Box A and I can TraceRT Box A but I cannot access the Gui or SSH to it. So what seems to be happening is that Box B or anyone else for that matter can’t get into A. A and B use a sip outbound long distance provider and this is working fine
To reiterate, all I did was change out a motherboard, redid the network card drivers (CentOS found these when first booting) and set the IP’s on each card. The hard drive was the same one out of the old machine and it worked fine.
Some ISP’s use the NIC’s mac address to assign an IP address. If this happened, you have a new external IP address. Do an ifconfig from the command line and it should show your IP address.
a firewall issue. Possibly an ARP table that hasn’t refreshed or is corrupt… Or that you forgot that you entered a route on the box with the new nic that was wiped on rebuild…
What is the exact network path? ( no sensitive data!)
i.e.BOX A: NIC #2 with Asterisk Public Ip --> Linksys WRT54GL --> 2WIRE DSL Modem --> Internet…
BOX B: …Internet --> T-1 -->CSU/DSU --> Cisco 2501 Router --> Managed Switch --> NIC #1 with Asterisk Public IP
I have not followed trixbox as closely as I used to. I switched to PBX in a Flash and one of the reasons is that they took the time to configure and have on by default a working set of IPTables rules.
Some ISP’s use the NIC’s mac address to assign an IP address. If this happened, you have a new external IP address. Do an ifconfig from the command line and it should show your IP address.
Thanks for the suggestion. Our ISP (another branch of our company)has given us a static IP
that goes straight to the internet through AT&T. I will see if there may be a routing table issue at the router.
FOUND THE PROBLEM…THANKS TO ALL WHO MADE SUGGESTIONS!
I found the problem and fixed it and it was self inflicted. Not being a Linux whiz, I did not realize
that when you have two nic cards, one on a 192.168.0.x network and one on a wan with a public
ip, you only put a gateway on the outside card. i had the internal network gateway on the internal card
as: