I am using the Freepbx distro Stable-3.211.63-10.
I have 2 NIC’s on the box namely:
Interface eth0 IP: 192.168.1.123 (Internal)
Interface eth1 IP: 192.168.245.250 (via fiber to Voip provider)
All the phones in my office are Snom m9r SIP phones. All these phones have extension numbers 200 - 210. They all work fine and can call out. My eth0 nic at the office is connected to an IPcop firewall. I have 3 other servers at the office that I can remote ssh into just fine. I can not do the following:
- I can not ssh to freepbx box from home (port 22 is forwarded to the box on the firewall)
- I have one sip phone at home that I want to register via the internet to my office and it fails even with the NAT feature enabled (port 5060 and 10000-20000 is forwarded to 192.168.1.123 on the firewall)
- I know that opening port 80 is a bad idea. But I want to do this just to configure the box remotely and then switch it off again once all is setup.
Thanx for your help in advance if anyone can point me in the right direction. I have a feeling this is being blocked somewhere on the freepbx box.
Hi, thank you for your response. This looks interesting and looks more like where my problem lies. When I type route this is what I get:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.245.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth1
default 192.168.245.10 0.0.0.0 UG 0 0 0 eth1
I see the last default route goes to 192.168.245.10 which is the IP of my sip provider over fiber connection. This looks wrong…how would I change this?
Hi thank you for your time, I really appreciate it. I have two gateways. One to the sip provider and one to my firewall. I took the gateway and dns entries out of my eth1 and only set it up on eth0. I cant now access the outside world and do the updates and update my modules. I tried the remote phone and it registered fine. So all in all it seems to be working now.
Thank you very much SkykingOH for your help.
I just dont have any audio if I call out and no one can hear me…probably audio codec.
You have two networks, which one do you want gateway?
edit /etc/sysconfig/network-scripts/ifcfg-ethx where x is either 0 or 1
add line GATEWAY=x.x.x.x where x.x.x.x is your Internet router.
Save file and enter “service network restart”
You don’t have to open port 80 to remote administer. Just SSH in with putty, click on the SSH/tunnel tab and setup a proxy. Go to your browser, set the proxy to the port you just picked in putty and use the loopback address of your PC (127.0.0.1) and you can connect to anything attached to the local network interface on the remote machine.
As far as your port forwards not working, no idea. You didn’t give us much to go on. It’s going to be something simple. Gateway, subnet mask, router/firewall setup etc.
Do these four things:
1- run 'service fail2ban stop’
2- run 'service iptables stop’
3- type command ‘route’ and make sure you have one and only one route of last resort (0.0.0.0/0.0.0.0)
4- Once you have identified issue via steps 1-3 change the port of the ssh server in /etc/ssh/sshd.conf, run a service sshd restart, change your firewall to forward your newer more secure port then use the putty proxy method to remote administer the system.
Following these steps will result in stress reduction and an elimination of teeth mashing.
My vote is that this is a network issue. If you fix your network you will have access.
Hi, thank you for the reply. I dont see how this can be a firewall problem as I took the same pbx box and loaded ubuntu 12.04 server on it with the same host name and IP’s and I can access it from outside (public IP). I am convinced this is the freepbx distro as I reloaded freepbx distro from the cd on the same server and cant access it. I have noticed fail2ban running which might cause the issue, I might be wrong. I cant do any yum updates either. I disabled fail2ban and flushed iptables with ACCEPT on all chains…still cant access it or get out…might this be a NAT entry somewhere in FPD?