Periodic freePBX

Hap · August 10, 2020, 2:33pm

I have a System 40 appliance that I setup this last week, except for some minor quibbles - it’s been working fine with one exception. After 24-48 hours it starts complaining it cannot connect to the internet. I can access it over the local LAN no issues and log in, but nothing on the system appears to be able to reach the internet. Sipstation says no internet connection, yum errors out, etc. Rebooting the system restores internet for 24-48 hours, then it goes away again.

Static IP address, pfsense firewall, wired network. There have been no issues with my ISP, so I’m at a loss why external networking seems to die on the System 40. I only know the rudiments of Unix SysAdmin, but I can do the basics.

Any ideas where to start figuring this out?

comtech · August 10, 2020, 2:42pm

What does the router say about the box? Is there anything in the log?

Hap · August 10, 2020, 2:47pm

It only shows up in the firewall log after I reboot the appliance and shows it passing connection requests during a call. I haven’t pulled the entire log and the GUI log only shows the last 500 entries. There is a firewall rule in place to permit 5060/5061 from the appropriate trunk FQDNs.

Stewart1 · August 10, 2020, 3:14pm

I am guessing one of four things are happening; find out which one and we can investigate further.

Routing table corrupted. Can you ping the pfsense but not 8.8.8.8? What does
netstat -nr
show?
DNS lookups failing. Can you ping 8.8.8.8. but not google.com? What’s in /etc/resolv.conf?
FreePBX firewall or Intrusion Detection blocking traffic. Does disabling these allow traffic to pass?
pfSense blocking it. If you capture traffic on the pfSense LAN interface, can you see e.g. ping requests coming in but the replies not going out?

Hap · August 10, 2020, 3:21pm

I’ll check next time it goes down. Right now everything is working as I just rebooted the appliance.

I have local DNS hosted on pfsense and use Cloudflare as primary external DNS (1.1.1.1). I don’t have SSH setup on the PBX box yet, so currently have to use the console to test with and that’s a right PITA. I’ll see if I can get that setup when I get a break from teleconferences.

Thanks for the pointers.

Hap · August 10, 2020, 3:31pm

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.0.1.254      0.0.0.0         UG        0 0          0 eth0
10.0.0.0        0.0.0.0         255.255.254.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0

# ping google.com
PING google.com (142.250.64.238) 56(84) bytes of data.
64 bytes from mia07s57-in-f14.1e100.net (142.250.64.238): icmp_seq=1 ttl=109 time=22.4 ms
64 bytes from mia07s57-in-f14.1e100.net (142.250.64.238): icmp_seq=2 ttl=109 time=22.0 ms
64 bytes from mia07s57-in-f14.1e100.net (142.250.64.238): icmp_seq=3 ttl=109 time=22.3 ms
64 bytes from mia07s57-in-f14.1e100.net (142.250.64.238): icmp_seq=4 ttl=109 time=22.4 ms
64 bytes from mia07s57-in-f14.1e100.net (142.250.64.238): icmp_seq=5 ttl=109 time=22.2 ms
64 bytes from mia07s57-in-f14.1e100.net (142.250.64.238): icmp_seq=6 ttl=109 time=22.4 ms
64 bytes from mia07s57-in-f14.1e100.net (142.250.64.238): icmp_seq=7 ttl=109 time=22.1 ms

# more resolv.conf
; generated by /usr/sbin/dhclient-script
search xxxx.net
nameserver 10.0.1.254

The rest will have to wait until it fails again I believe.

system · September 10, 2020, 3:31pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.