TIPS why my pbxinaflash server cannot be pinged

gzpxyj

Member
Joined
Oct 19, 2009
Messages
106
Reaction score
0
My pbxinaflash server phone works. But I could not ping my server from the lan. What is the reason for that. I just build the pbxinaflash server using the google voice version. Any idea?
 

madberry

New Member
Joined
Oct 25, 2009
Messages
31
Reaction score
0
Is there any other server or router or switch or maybe hardware firewall on the network that might be prefenting you from pinging?

Remember to forward the sip ports to your PiaF box.
 

jroper

Guru
Joined
Oct 20, 2007
Messages
3,832
Reaction score
71
IPTables prevents pings on Piaf, as the type of server can be identified by the ping reply, and hence the potential hacker knows which toolbox to reach for.

if you type service iptables stop, then you will be able to ping, and service iptables start with start them up again, and they will come back up on reboot.

Joe
 

madberry

New Member
Joined
Oct 25, 2009
Messages
31
Reaction score
0
IPTables prevents pings on Piaf, as the type of server can be identified by the ping reply, and hence the potential hacker knows which toolbox to reach for.

if you type service iptables stop, then you will be able to ping, and service iptables start with start them up again, and they will come back up on reboot.

Joe

That makes sence.
 

gzpxyj

Member
Joined
Oct 19, 2009
Messages
106
Reaction score
0
That is OK. But I have the ftp connection no route to host. Is that associated with IPTables with this too? I am unable to use the ftp to store my mondo backup on another server. It complains the no route to host. I believe it is due to my pbxinaflash server iptables issue. I have been looking for solution for days and could not figure out. Can you share with me your solution how I can get the mondo backup to be saved to another server?
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Follow jroper's advice above and temporarily turn off IPtables. Then try your FTP request. That will tell you whether it's an IPtables problem... It isn't, by the way.
 

gzpxyj

Member
Joined
Oct 19, 2009
Messages
106
Reaction score
0
So you know what is the problem, right? Any idea how to solve it?
I did the test and the ftp still shows no route to host. So it is not the iptables issue. Have no idea where to look for now.
 

jroper

Guru
Joined
Oct 20, 2007
Messages
3,832
Reaction score
71
ftp still shows no route to host......

almost certainly a network configuration of a DNS issue, normal rules apply to debugging that one.

Joe
 

gzpxyj

Member
Joined
Oct 19, 2009
Messages
106
Reaction score
0
Just let you know that I have two servers on the same lan. The pbx server is 192.168.1.150 while another linux server is 192.168.1.2. I really do not understand why on the same lan that my pbx server is not being able to use the ftp to put file on my other server. The reason for the no route to host I guess is with the pbx server, not the other server. First, if I use the sftp instead of ftp, it works both ways. But if I use the ftp, I can login from pbx to other server with ftp, but could not upload the file because no data connection, showing no route to host. If I from other server to ftp to my pbx server, it got refused. So I could not start ftp at all.
Is it possible for mondo backup to use the sftp instead of ftp? Where is the command specified. I looked at the configuration file for the weekly backup, there is no way for me to specify the ftp command.
Also, under the same lan, I have not specify any domain name to associate with IP address. So DNS name translation should not be an issue. And I only use IP address for the ftp.
Greatly appreciate your help.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Put your backups in a safe place... off site! If you want to use FTP, you'll have to set the server up yourself and add the necessary exception to the firewalls.
 

gzpxyj

Member
Joined
Oct 19, 2009
Messages
106
Reaction score
0
I know that. At least I have to get something working before I put those to somewhere else. My office lan and home lan are bridged through vpn in two routers so if I can get this working, I can put the pbx backup at home within the same lan. But I need to understand why my pbxinaflash server was refusing to connect with other server through ftp.
 

gzpxyj

Member
Joined
Oct 19, 2009
Messages
106
Reaction score
0
I don't know what you mean. Do you suggest me to give up setting up the ftp server for the mondo backup?
 

darmock

PIAF Developer
Joined
Oct 18, 2007
Messages
2,892
Reaction score
98
The clue is " My office lan and home lan are bridged through vpn in two routers" so the next logical question is are you trying to access a ftp server across your vpn routers?

From piaf - cli type

ping ipaddress of ftp server
^^^^^^^^^^^^^^
{replace with proper ip address of server}

What happens

if it asks for a username you can connect to the ftp server. If you get no route to host try

tracert ipaddress of ftp server

This should show you if you can even get to the ip address of the ftp server


If you cant get to it I bet it stops at the vpn-routers. If it does get thru to the ftp server and no login then there is something wrong with your ftp server.


Enjoy

tom
 

gzpxyj

Member
Joined
Oct 19, 2009
Messages
106
Reaction score
0
No, my pbx server and ftp server are all located in my office. I bridged office and home lan together with WRT54GL routers with DD-WRT installed so I can work at home and at office without any issue. So my IP phones at home and office are all on the same local lan- 192.168.1.x and are all working fine.
As I said, there is no issue ping my ftp server. The tracert is working without problem too for my ftp server.
The problem is my pbx server. I cannot ping it from my ftp server or from any PC on the net. I can use sftp to access both ftp server and pbx server without issue. Transfer files are OK with sftp. I can initiate ftp login from my pbx server to my ftp server successfully but cannot establish the data connection and showed no route to host. But from my ftp server, I cannot even establish connection from my ftp server to my pbx server - connection refused. So my suspicion is the problem of my pbx server, not my ftp server.
 

darmock

PIAF Developer
Joined
Oct 18, 2007
Messages
2,892
Reaction score
98
So Have you done the following in order?

1. ran update-scripts
2. ran update-fixes
3. ran disable-fail2ban
4. ran disable-iptables

This should enable ping responses from PIAF to whatever you are using to ping it. A quick check in the development lab confirmed that this works on both 1.4 and 1.6 asterisk based versions of PIAF V1.2 to 1.5B (Yes I tested them all that is why the PIAF dev team has a lab)

Also do you have webmin installed on your PIAF box? if so go into System-Bootup and Shutdown and scroll down and find vsftpd and ensure that it is running if not start it up then try to log into your piaf box from another system via standard ftp and see what happens

welcome to linux

Tom
 

jmullinix

Guru
Joined
Oct 21, 2007
Messages
1,263
Reaction score
7
As I understand it, Mondo creates a disk image, which is probably a very large file. You are going to have trouble transferring this over a WAN connection due to the file size.

I would contend that you would want to look at Rsync to accomplish this. Rsync only moves the changed portions of a file and not the whole thing. I proved this to some folks at Fonality one day. I downloaded their current version of green to my web server. I renamed my local copy of an older version to the current version's name. I then ran rsync to update my local file to the new version. Instead of downloading a 650 meg ISO, I only moved about 195 meg of data.

It will take some work, but I think you would be happier moving your mondo backup file using rsync.
 
Joined
Feb 18, 2008
Messages
98
Reaction score
0
Is there any other server or router or switch or maybe hardware firewall on the network that might be prefenting you from pinging?

Remember to forward the sip ports to your PiaF box.

All I need is an ip address and I can tell you an amazing amount about your system without access to ping.
http://www.nessus.org/nessus/

Only reason to prevent pings now a days is to reduce ping traffic IMHO which is probably reason enough for VoIP.
 

jroper

Guru
Joined
Oct 20, 2007
Messages
3,832
Reaction score
71
Hi

I would agree with you to a degree.

I believe that the main threat is from script kiddies, and people wanting to set up Spam servers. I imagine that the way that potential targets are located is by pinging one IP address after another.

The idea of stopping pings is so that hopefully the attacker passes quickly over our servers, not realising there is one there, and moves on to the next one.

But ... once having found your server, then tools such as the one you link to then become useful, and then Fail2Ban, (or OSSEC) IPTables, passwords, and the robustness of the underlying OS then come into play.

However, it would be interesting to see how effective this is by putting up two servers, one which can be pinged, and one which cannot be, and see which one gets the more attacks.

If the results are broadly similar then my supposition is incorrect, and we can debate whether to allow Pings.

Joe
 

Giovanni

New Member
Joined
Sep 27, 2013
Messages
8
Reaction score
1
Sorry to bump an old thread but thought I may help. If all you want is to allow your INTERNAL network to be able to ping your ipbx box (not from the outside). You can use my example below and add it to your /etc/sysconfig/iptables file

Code:
iptables -A INPUT -p icmp --icmp-type 8 -s 192.168.64.0/18 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -d 192.168.64.0/18 -m state --state ESTABLISHED,RELATED -j ACCEPT

Basically anything in the 192.168.64.0/18 block will allow RECEIVING and RESPONDING to imcp/ping requests. Hope it helps :)
 

Members online

No members online now.

Forum statistics

Threads
25,781
Messages
167,507
Members
19,201
Latest member
troutpocket
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top