SOLVED iptables/rules.v4 - concatenated two v4 addresses *.voip.ms

ostridge

ostridge

Guru
Joined
Jan 22, 2015
Messages
1,634
Reaction score
523
Incredible PBX 12.0.70 'VoIP Server'
Status Incrediblepbx 11.18.0 for RPi2 ; Asterisk 11.18.0 IncredGUI 12.0.30.

Correct me if I am missing something, but the Iptables rules.v4 line below refers to Paris, FR (paris.voip.ms) 159.8.85.180 AND to London, UK (london.voip.ms) 5.77.36.136 both on one line; - I noticed that the .180 has merged with the 5. to read 1805 there is no '&' in between.

-A INPUT -s 159.8.85.1805.77.36.136/32 -p udp -m multiport --dports 5060,5061,5062,5063,5064,5065,5066,5067,5068,5069,4569 -j ACCEPT

Also but not a big deal a search for 37.58.88.242= not found so Amsterdam, NL (amsterdam.voip.ms) 37.58.88.242 is missing.

Regards
Ozz
 
wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,202
Reaction score
5,224
ostridge: Not sure where that came from because paris.voip.ms address was not included in the default build. Where did you get the software? Did you add any IP addresses to the whitelist yourself? If so, how?

It's easy enough to add the missing entries with /root/add-ip or /root/add-fqdn, but I'm more concerned with the paris entry being there at all. Check in /etc/iptables/rules.v4.ubuntu14 and see if you find a similar entry. If not, it's something that's been added to your server since the original install (either by you or someone else). Unless you can track down where the entry came from, I would consider your server compromised and start over with a new download and a fresh install.
 
ostridge

ostridge

Guru
Joined
Jan 22, 2015
Messages
1,634
Reaction score
523
Thanks for that Ward,
I looked in rules.v4.ubuntu14 , I had wondered what that file was for and you are correct its not in there (Thanks for the useful reply) so :oops: I must have edited directly.
I have added a few add-ip add-fqdn this gives saves in /root/ as IP-provider.iptables or FQ-..... the prefix helps when looking for the add(ed) accounts and the file date identifies when added. However this munged one was in the trusted provider list.
Server behind nat router DD-WRT with only ports forwarded are to 5060:5069, iax, and 10000-20000 no tcp no http https and only ssh from a 1x.xx.xxx.x I doubt it was hacked =before any routes/trunks set. I know risk has to be managed.
Regards
 
You must log in or register to reply here.

Members online

Total: 60 (members: 5, guests: 55)

Latest Posts

Forum statistics

Threads
25,815
Messages
167,789
Members
19,245
Latest member
rahee
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top