Unifi gateway USG unable to update freepbx


(Ralph) #21

sorry typos in command my fault, redid result below

{“status”:false}[root@Grahome ~]#


#22

So outbound port 80 works.

Inbound port 80 is not being properly forwarded or is otherwise blocked.


(Ralph) #23

port rule as below
Grahomepbx * 80 192.168.1.71:80 WAN

rule order for WAN in

||2000||webserver|Accept|All||* Groups:

https

3001 allow established/related sessions Accept All

3002 drop invalid state Drop All

3003 PortForward [Teredo] Accept TCP and UDP

3004 PortForward [Grahomepbx] Accept TCP and UDP

the order seems fixed, do I need any similar rule on LAN in or out?


(Ralph) #24

Further research, I have checked that my modem is also port fowarding 80 to the USG. The firewall on the modem (it is a UK BT Hub) is off but port forwarding has to be utilised anyway. I think port 80 is not blocked by the modem with this setting


#25

Below is assuming the admin interface is set up for port 80 in SysAdmin.

If you temporarily disable the FreePBX firewall:

fwconsole firewall stop

Can you access the admin interface via http from outside the LAN?


(Ralph) #26

admin interface is set to port 8080, only letsencrypt on 80.
I think I have stumbled on the problem. On a unifi help page it says port forward does not work if USG does not have public ip address. Mine does not because Bridging mode on my modem did not work.
I know a great deal more now so I will try to set up Bridging mode which will mean the ip address of the USG will be public.
If this crashes everything I will get back tomorrow with the outcome.
Thanks for your help and suggestions, much obliged.


#27

If using the LE service, create a test file to facilitate further testing:

echo testfile > /var/www/html/.freepbx-known/testfile

If the modem/gateway forwarding is working then the file should be available outside the lan via http://your.fqdn.org/.freepbx-known/testfile when the FreePBX firewall is stopped.

You may want to edit the output above to obfuscate the domain and IP now.