I have a fresh PBX that I have configured and is live. I am trying to expose provisioning to the internet for remote phones. I am using the sysadmin pro module to add username/password. However the firewall isn’t working as I expected. I would prefer that I just whitelist all the remote IPs but in this case they are dynamic. I have the main interface set to internet, and have set the services to “Internet”. If I set my test IP as Trusted or Internet, it works as expected. I thought all traffic that came in on the interface would be marked as “Internet”. Am I wrong?
To test: If I remove my IP address from the networks list I get no response:
[root@dev ~]# curl x.x.x.x:84
If I add my IP to the networks list as trusted:
[root@dev ~]# curl x.x.x.x:84
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Interface:
Services page:
Versions:
FreePBX 16.0.40.11
iptables-1.4.21-34.el7.x86_64
firewall module: 16.0.57.6
I have tried rebooting, updating modules, etc.