Cannot login from an IP address is is not banned by fail2ban. It is also in the whitelist

Vietyank · April 4, 2022, 6:52am

I need to be able to log in with a certain id address at a restaurant that I frequent. I have added it to the white list and I have verified that it is not in the failed to ban list of band IPS I also checked IP tables and it is not listed there anywhere but yet I cannot get past a this site is unreachable message.

I can make calls without going through the VPN.

WIth no VPN,

I cannot SSH to the server.
I cannot HTTP/S to the freePBX admin gui

With the VPN, all the protocols work.

The IP address is whitelisted. I have checked the iptables and there are no rules denying access to this IP address.

I am working with DigitalOcean on the problem this week.

jgttgns · April 4, 2022, 8:09am

Can you ping your server from the restaurant?

There’s actually not enough information from your side to diagnose the problem.

Vietyank · April 4, 2022, 12:05pm

The server is unreachable from that IP address. I can reach it through my VPN.

The IP address is whitelisted.

It is not denied in the iptables.

What else do you need to know?u

jgttgns · April 4, 2022, 12:10pm

So you have checked that you can read the server via a tunnel. If things don’t work, then Wireshark is your next friend.

Vietyank · April 4, 2022, 7:39pm

Next time at the restaurant, I might try that out. I’m using my Android connected to the restaurant’s wifi.

dicko · April 4, 2022, 7:46pm

On Android, first install fdroid, then install termux from fdroid.

Then you will have a linux/debian shell with most everything ‘apt install-able’

Vietyank · April 5, 2022, 2:16am

Very cool, but is there any other reason that would cause this besides a network problem?

dicko · April 5, 2022, 2:20am

No, basically if the data can’t flow, there can’t be a phone-call. So 100% a network thing.

Vietyank · April 5, 2022, 6:50am

My Android is v7. Tried to install traceroute and dig but no luck. Cannot update repos either

dicko · April 5, 2022, 6:56am

I don’t have that problem , did you use fdroid as your source for termux ? playstore is broken

Vietyank · April 5, 2022, 7:04am

So where do I get fdroid

dicko · April 5, 2022, 7:07am

From fdroid perhaps , do you have google on your phone ?

Vietyank · April 5, 2022, 7:32am

Got the APK. Got it installed. Termux works fine now.

Vietyank · April 7, 2022, 5:17am

Installed wireshark-gtk on Termux but my eyesight is too poor to be able to use the vncviewer on Android. I’ll bring my laptop in next week

dicko · April 7, 2022, 10:53am

tshark is just as functional.

Vietyank · April 8, 2022, 5:30am

https://pastebin.freepbx.org/view/74c07c3e

There is no traffic coming from the restaurant’s IP address

34.223.33.56

Maybe Digitalocean has it blacklisted. I’ll raise a ticket with them

jgttgns · April 8, 2022, 12:52pm

Or it’s the restaurant’s firewall/security appliance.

Vietyank · April 8, 2022, 12:59pm

Why would they block this one address. I checked out many other addresses?

Vietyank · April 8, 2022, 1:00pm

Traceroute goes all the way to my server

jgttgns · April 9, 2022, 8:42am

I have configured routers for restaurants in the past, where I allowed only certain services. You also do not know how many NAT translations with which table timings are involved. It may work, or not.