just as the title suggests i can only acces freepbx after running from console fwconsole firewall stop, the same thing happens with accessing the ssh, till yesterday i could access everything normally but now i cant, is there smth i have config wrong or should check?
Thank you in advance
Yea, make sure that the IP or subnet that you are trying to access the system from is in the Trusted or Local zones in the firewall config.
Connectivity -> Firewall -> Networks
You could also go one step further and add the IP or subnet to the White List on the Intrusion Detection tab as well.
i have added the ip into the whitelist on the intrusion detection tab and i have added the ip into the trusted but it still blocks my access i noticed that my ip has a /32 behind is that normal?
/32 means “It’s just this IP and not a full subnet that contains this IP.”
Are you able to go to the CLI and list the iptables rules to verify that your IP is in the rules?
Thanks for the info on /32, so i went to the cli and ran “iptables --list-rules” i got this output: -P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-BadBots
-N fail2ban-FTP
-N fail2ban-PBX-GUI
-N fail2ban-SIP
-N fail2ban-SSH
-N fail2ban-apache-auth
-N fail2ban-api
-N fail2ban-openvpn
-N fail2ban-recidive
-A INPUT -j fail2ban-PBX-GUI
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-SSH
-A INPUT -j fail2ban-apache-auth
-A INPUT -p tcp -m multiport --dports 21 -j fail2ban-FTP
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-BadBots
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-api
-A INPUT -p udp -m multiport --dports 1194 -j fail2ban-openvpn
-A INPUT -j fail2ban-recidive
-A INPUT -j fail2ban-SIP
-A fail2ban-BadBots -j RETURN
-A fail2ban-FTP -j RETURN
-A fail2ban-PBX-GUI -j RETURN
-A fail2ban-SIP -s 45...*/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SIP -j RETURN
-A fail2ban-SSH -j RETURN
-A fail2ban-apache-auth -j RETURN
-A fail2ban-api -j RETURN
-A fail2ban-openvpn -j RETURN
-A fail2ban-recidive -j RETURN
but my ip was not listed anywhere and the ip given is not mine
That’s just the rules, post
iptables --list
I see, thank you.
Here is the output: Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SIP all – anywhere anywhere
fail2ban-PBX-GUI all – anywhere anywhere
fail2ban-SSH tcp – anywhere anywhere multiport dports ssh
fail2ban-apache-auth all – anywhere anywhere
fail2ban-FTP tcp – anywhere anywhere multiport dports ftp
fail2ban-BadBots tcp – anywhere anywhere multiport dports http,https
fail2ban-api tcp – anywhere anywhere multiport dports http,https
fail2ban-openvpn udp – anywhere anywhere multiport dports openvpn
fail2ban-recidive all – anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-BadBots (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
Chain fail2ban-FTP (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
Chain fail2ban-PBX-GUI (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
Chain fail2ban-SIP (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
RETURN all – anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
Chain fail2ban-apache-auth (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
Chain fail2ban-api (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
Chain fail2ban-openvpn (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
Chain fail2ban-recidive (1 references)
target prot opt source destination
RETURN all – anywhere anywhere
The only chains you have are fail2ban jails, you do not have any other firewall rules that could be banning anything, you would need to start the culprit software set of rules to see who bans what and when. Adding your LAN to fail2ban’s ‘ignoreip’ list would prempt any fail2ban jails kicking in but if the ‘firewall’ rules are inserted before f2ban’s then all bets are off
I just fixed i hadnt configurated my ip correctly as trusted
Thank you for the reply
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.