Firewall blocking registration of single phone and fop2 on 'whitelisted' IP



The firewall seems to be intermittently blocking a single user from registering and 100% from using the FOP. I can however ping the machine from the users IP with no issues…

I have whitelisted the IP and it still does not work. If I disable the firewall it works fine. No other users are experiencing this issue.

There is no reference of the IP in question via iptables
There is no reference of the IP in any fail2ban jails
The IP is not listed in the ‘blocked hosts’ section
There is no reference to the IP in the ‘banned’ section in the GUI.
There are no IP’s listed on the ‘blacklist’

As soon as I disable the firewall it works fine.

(Tom Ray) #2

Fop2 uses ports that need to be added to the firewall. They will be blocked otherwise.


I have whitelisted the IP’s that are accessing it though.


This is still an issue, does anyone have any ideas of what else to look at?



iptables -L -n

and see if the host is caught or re-directed directly or via it’s subnet, If so, identify the chain and fix it


It is listed in zone-trusted.

The odd thing is that the phone is connected, the machine can ping the server, but the fop will not connect until I disable the firewall. All other 60+ users are using it with zero issues at the moment from IP’s all over the place.


phones don’t use ping, it is an inappropriate tool, try netcat but examine traffic with sngrep firsr


I meant I can ping the server from a machine on the same WAN IP that is being blocked for the FOP. Basically everything else works from the persons home other than the fop. Intermittently the phone will disconnect (maybe once every few weeks) and I will need to disable the firewall and re-enable (then it works for a few more weeks).

I thought maybe there was some malware or a virus that may be trying to connect via the users computer, but also found nothing.


Did you try sngrep? it can drill all the way down in a gooey fashion.


Yes, looking at it now, however I believe the issue will be tcp, specifically port 4445 (fop2). The phone is working (SIP) just fine atm. Does that sound right?


It does, 4445 would need to be forwarded , perhaps both end. Sounds suspiciously like a sip helper on the phone’s home router for the occasional reset needed


Not sure what you mean by that, I have looked at the router (ATT). Did not see anything, sip alg is disabled.


Another point would be that she travels and this is happening at 2 locations (same equipment different internet and routers).


her “phone” is ?


both issues arise from either location with separate network equipment. Phone and computer are the same.


and it is ONLY her that is having the issue. Currently her phone is working fine, but she cannot login to the fop. It DOES show the login page, but just says ‘attempt 1’, ‘attempt 2’, ‘attempt 3’. So she CAN access the fop page, but the error shows 4445 is blocked. I can fine nothing in iptables, fail2ban, etc with her IP. But when I turn off the FW she connects instantly.


Actually it is HER, HER Computer and HER phone, you can’t replace HER, but how about the other two ? :slight_smile:


hah, the phone and the computer. I DID try having her connect with a laptop and with her mobile phone, same difference.


The login page is over http (or preferable https if you add the certs to fop2 and you should check which she is using ) fop2 is over 4445 by default, so tcpdump port 4445 would show all fop2 traffic and include here phone if the server is getting it which would then show fop2 replying to it.

If it’s not getting it, its between the phone and the server, if its not replying its either fop2 or the internal routing.


both http and https work for the http/s. Dumping 4445 would not work if the error in the browser shows ‘cannont connect to 4445’ in the bottom right corner. right?

My understanding is the only way to connect to the fop is through the browser (that’s how we use it).

Remember though, as soon as the firewall is down it works fine and will continue working for a few days even after the firewall has been re-enabled. This would indicate the issue is on the server no?