FreePBX | Register | Issues | Wiki | Portal | Support

Firewall Questions


(Alice Brassfield) #1

Hi, @xrobau is it still ok for me to post on this thread with some issues I am having with the firewall or is there somewhere else I should post?


FreePBX Firewall Thread! (2nd Post has status)
(Rob Thomas) #2

I’ve moved your post to a new thread, there’s a pile of messages in the old one.


(Alice Brassfield) #3

Thank you so much. I am a bit new to posting on this forum so I am sorry for any mistake

I have a FreePBX box version 14.0.1.36 wit the System FIreWall 13.0.49.2. This issue happens every second reboot. The FreePBX box is not in production and I am in the process of setting it up, every now and then I reboot it after making some changes. The second reboot gives me Firewall Rules are corrupted! in a loop.

No fpbxinterfaces in ipv6
1521767906: Wall: 'Firewall Rules corrupted! Restarting in 5 seconds
More information available in /tmp/firewall.log
’ returned 0

However, nothing on our network is giving out ipv6 address and it only has the default one.

Yesterday I had searched for that error mesasge and didn’t find anything. I did it again today and it actauly took me to this page: FREEPBX-14164 and it seems to be the same issue.


(Rob Thomas) #4

It sounds like you’ve disabled IPv6 in the kernel. You can’t do that, it causes all sorts of problems.


(Alice Brassfield) #5

Thanks, I didn’t know that.


(Alice Brassfield) #6

Hi, @xrobau

I have went ahead and re-enabled the ipv6 in the kernel but I am still getting these error messages. Do you have anything that may help me? So far I did :

  • /etc/sysconfig/network-scripts/ifcfg-eth0 has the following lines pertaining to ipv6

    • IPV6INIT=yes
    • IPV6_AUTOCONF=yes
    • IPV6_DEFROUTE=yes
    • IPV6_FAILURE_FATAL=no
    • IPV6_PEERDNS=yes
    • IPV6_PEERROUTES=yes
  • /etc/sysctl.d/99-sysctl.conf has

    • net.ipv6.conf.all.disable_ipv6 = 0
    • net.ipv6.conf.default.disable_ipv6 = 0
  • I ran sysctl -w net.ipv6.conf.all.disable_ipv6=0 and sysctl -w net.ipv6.conf.default.disable_ipv6=0

  • In /etc/default/grub I have GRUB_CMDLINE_LINUX="ipv6.disable=0 (after adding this to the existing line item I ran grub2-mkconfig -o /boot/grub2/grub.cfg and rebooted.)


(Rob Thomas) #7

Until you can type ip addr and see ipv6 link-local addresses, it will continue to error. I suggest you REMOVE everything related to your disabling of IPv6, rather than trying to set it to something.


(Alice Brassfield) #8

I have tried, I thought the above commands would re-enable it for me. Could you point me in the right direction of removing everything related to the disabled IPv6.


(Alice Brassfield) #9

Is this what I’m supposed to see image


(Rob Thomas) #10

Looks fine to me! So I’m guessing you’re getting a different error.


(Alice Brassfield) #11

This was the error message I was seeing yesterday before I posted again. I do have the same error message in my /tmp/firewall.log , but I am going to restart the box and monitor it for a few as it normally takes it a while to break. I will post an update on whether or not it is occurring again. Thanks again for all your help.


(Alice Brassfield) #12

This messaged started repeating itself:
image

And when I checked the log I saw :


(Rob Thomas) #13

Firewall requires Sysadmin. Sysadmin assumes that if you have a licence file, it hasn’t been tampered with.


(Alice Brassfield) #14

We do have Sysadmin, we recently bought it last week and I’ll look to see why it is giving that error.

It still says No fpbxinterfaces in ipv6, even though we do have it enabled, would the course of action be to destroy the VM and start over again?