UCP not resolving after change in Firewall Interface Zone to Internet

Changed Firewall Interface Zone from Trusted to Internet and now the UCP no longer resolves on ivp4 ( It does resolve on ipv6, but same old node issues as outlined here: "Unable to connect to the UCP Node Server"


You can’t logically have an Internet zone address that starts with 10.

You are blocking almost all traffic to your machine now. Set your Internal address to one of the less restrictive zones (Internal should work)

Can you explain what you mean by “you can’t logically have an Internet zone address that starts with 10”? My gateway is, and the PBX server is set static to Is this controversial?

Also, I don’t have an option for “internal”. I tried local and it didn’t resolve either. Suggestions?

Unless eth0 has 100% trusted internal traffic, then it is appropriate to set it to the Internet zone. [Before the latest round of interface changes, this was called the ‘external’ zone]. With this setting, all inbound traffic coming to eth0 is classified as Internet, so unless the IP you are browsing from is white listed as trusted, you won’t be able to access any services that are not specifically open to the Internet zone. Instead of browsing to port 80, you want the UCP port(s) which is whatever you have it set to in System Admin, Port Management.

Problem with terminology.

The 192.168.x.x, 172.16.x.x, and the 10.x.x.x addresses are normally considered trusted, non-routable, non-interneted addresses. These are addresses that live behind a NAT firewall and are therefore not typically considered Internet addresses.

With the recent changes to the way the FreePBX classifies the interfaces, it is reasonable to set the system’s primary interface up as an “Internet” interface. As @lgaetz points out, this means that every address you want to have unfettered access to your system will have to be white-listed. I would suspect that this could make your system more secure (as you have seen) but also make your system a lot harder to use or manage (as you have also seen). Setting your Internal address (your eth0 interface) to use the Local interface would make sense to me and would give you access to all of the services and devices on your local network. That might help you get to where you want to go.