FreePBX GUI is unreachable

helpme123 · March 1, 2019, 10:03pm

I can no longer access the FreePBX GUI, and can no longer SSH into FreePBX using Putty. I keep getting “This site can’t be reached 172.28.18.89 took too long to respond” in my browser when attempting to open the FreePBX GUI. I also get the error message “Network error: No route to host” when attempting to SSH using Putty. Windows 10 host, FreePBX Hyper-V guest virtual machine. When I start the VM, FreePBX automatically logs into the CLI and displays the ip address i can access the gui with 172.28.18.89.

These problems began immediately after I added 192.168.100.0/24 to the trusted zone using the GUI. After saving these settings and refreshing the browser, i could not open the FreePBX GUI after that.

Here is what I’ve done/checked so far:

Confirmed that the Asterisk service is running, it is (service asterisk status, service asterisk start)
Restarted FreePBX twice within 5 minutes (shutdown -r now). After the message “Firewall is currently in delayed startup mode,…” appeared, i refreshed the browser but still could not access the GUI.
Listed the trusted zones (fwconsole firewall list trusted). “All entries in zone ‘trusted’: 172.28.18.81/32 172.28.18.0/24 192.168.100.0/24”
Deleted 192.168.100.0/24 (fwconsole firewall del trusted 192.168.100.0/24)
Restarted FreePBX (fwconsole restart)
“fail2ban-client status” results in:

Number of Jail 7
Jail List apache-tcpwrapper, recidive, ssh-iptables , apache-badbots, pbx-gui , asterisk-iptables, vsftpd-iptables

Checked jail.local (vim /etc/fail2ban/jail.local):

[DEFAULT]
ignoreip = 127.0.0.1 172.28.18.89
bantime = 1800
findtime = 600
maxretry = 8
backend = auto

[asterisk-iptables]
enabled = true
filter = asterisk-security
action = iptables-allports[name=SIP, protocol=all]
logpath = /var/log/asterisk/fail2ban

[pbx-gui]
enabled = true
filter = freepbx
action = iptables-allports[name=SIP, protocol=all]
logpath = /var/log/asterisk/freepbx_security.log

[ssh-iptables]
enables = true
filter = sshd
action = iptables-multiport[name=SSH, protocol=tcp, port=ssh]
logpath = /var/log/secure

[apache-tcpwrapper]
enabled = true
filter = apache-auth
action = iptables-allports[name=apache-auth, protocol=all]
logpath = /var/log/httpd/error_log

[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables-multiport[name=FTP, protocol=tcp, port=ftp]
logpath = /var/log/vsftpd.log

When I “cat /var/log/asterisk/freepbx_security.log”, I get "Authentication failure for root from 172.28.18.81 Possible proxy detected, forwarded headers forroot set to "

When i run "cat /var/log/fail2ban.log | grep “2019-03-01” , I see a lot of lines like “Creating new jail pbx-gui…”.

How can i regain access to the FreePBX GUI?

sorvani · March 1, 2019, 10:31pm

I replied in the other community he posted in.

xrobau · March 2, 2019, 4:17am

You can start by disabling the firewall with the command fwconsole firewall stop which will remove all iptables rules.

Secondly, fail2ban is disabled (or is MEANT to be disabled) when firewall is running, as it will break your machine and lock you out of it.

I have a sneaking suspicion that you’ve tried to upgrade fail2ban, which has locked you out of your machine.

In the future, running the command iptables-save | pastebin will give you a URL that you can reference in a post, rather than trying to paste lots of text in.

system · March 9, 2019, 4:18am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.