The firewall seems to be intermittently blocking a single user from registering and 100% from using the FOP. I can however ping the machine from the users IP with no issues…
I have whitelisted the IP and it still does not work. If I disable the firewall it works fine. No other users are experiencing this issue.
There is no reference of the IP in question via iptables
There is no reference of the IP in any fail2ban jails
The IP is not listed in the ‘blocked hosts’ section
There is no reference to the IP in the ‘banned’ section in the GUI.
There are no IP’s listed on the ‘blacklist’
The odd thing is that the phone is connected, the machine can ping the server, but the fop will not connect until I disable the firewall. All other 60+ users are using it with zero issues at the moment from IP’s all over the place.
I meant I can ping the server from a machine on the same WAN IP that is being blocked for the FOP. Basically everything else works from the persons home other than the fop. Intermittently the phone will disconnect (maybe once every few weeks) and I will need to disable the firewall and re-enable (then it works for a few more weeks).
I thought maybe there was some malware or a virus that may be trying to connect via the users computer, but also found nothing.
Yes, looking at it now, however I believe the issue will be tcp, specifically port 4445 (fop2). The phone is working (SIP) just fine atm. Does that sound right?
It does, 4445 would need to be forwarded , perhaps both end. Sounds suspiciously like a sip helper on the phone’s home router for the occasional reset needed
and it is ONLY her that is having the issue. Currently her phone is working fine, but she cannot login to the fop. It DOES show the login page, but just says ‘attempt 1’, ‘attempt 2’, ‘attempt 3’. So she CAN access the fop page, but the error shows 4445 is blocked. I can fine nothing in iptables, fail2ban, etc with her IP. But when I turn off the FW she connects instantly.
The login page is over http (or preferable https if you add the certs to fop2 and you should check which she is using ) fop2 is over 4445 by default, so tcpdump port 4445 would show all fop2 traffic and include here phone if the server is getting it which would then show fop2 replying to it.
If it’s not getting it, its between the phone and the server, if its not replying its either fop2 or the internal routing.
both http and https work for the http/s. Dumping 4445 would not work if the error in the browser shows ‘cannont connect to 4445’ in the bottom right corner. right?
My understanding is the only way to connect to the fop is through the browser (that’s how we use it).
Remember though, as soon as the firewall is down it works fine and will continue working for a few days even after the firewall has been re-enabled. This would indicate the issue is on the server no?