Cisco 7940 can't reach (ping) FreePBX server and vice versa

I have a farily automated home, and I’d always wanted to add the phone line into the mix. FreePBX allows me to do that. I get

  1. to learn about PBX
  2. an intercom system
  3. better interface for phone line.

I was told that 7940 are easy phones and simple to use. That might be so, but I’m hitting a few problems. A very, very long story short: The phone can’t ping the FreePBX server. And the server can’t ping the phone.

Both server and phone can practically reach everything else, just not each other. :frowning:

I’ve purchased and installed the Endpoint Manager to avoid setting up those .cnf files required, but that won’t help if the phone can’t pull the files of the TFTP server because it can’t find it. If I set dhcp-option 66 to point to a different TFTP server, the 7940 can get the files it want, but it still can’t register the extension.

I’ve checked iptables to see if the phone ip ( was blocked, but it wasn’t (I think). I’ve reset the phone multiple times. It has now firmware P0S-8-12-00.

I’m fairly new to Linux (but willing to learn) and FreePBX. And now I’m completely lost.

Any pointers?
All help is appreciated. :slight_smile:

(I should add that all softphones work fine and both the extension line and the PSTN line on a Linksys 3102 are working great.)

I have made some progress!

It turns out that fail2ban is making problems. It’s banning IP even if I told it not to.

2014-08-16 09:17:00,400 fail2ban.actions: WARNING [recidive] Ban

I added the 192.168.0.x subnet and even specified the specific address:

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip =

I don’t know what else to do…? includes so you don’t need is the incorrect mask to ban a single host. I you wanted to allow the single host would be correct. Additionally the correct subnet mask to allow the entire block would be

Try disabling fail2ban and see what happens.

Are you configuring fail2ban from the FreePBX GUI?

It turned out it still was present in iptables somehow, I just didn’t have the experience required to know where to look. I removed it and now it works with fail2ban enabled.

And thank you for the information on IP masks! I will clean up the config file at once.

I didn’t find fail2ban in the GUI. Can you give me a pointer on where to look?
(That’s one of my problems with this Asterisk/FreePBX setup. What I want is surely possible, I just have no clue where to click;)).

It should be noted that I also had to reduce the password length set by FreePBX when I created the extensions by one char. I don’t know why, but it registered after that.

You did not provide any version info but since you purchased the End Point Manager I will assume you are running one of the Distros. On the Distro look at Admin | System Admin | Intrusion Detection.

Aha! There it is!

Alan, thank you so very much for your help. :slight_smile:
I’ve been knocking my head against the wall for a week now…

(And for the record I’m running a 64 bit FreePBX Distro with firmware 5.211.65-14)