FOOD FOR THOUGHT Managing External IP Address

geopeterwc

Guru
Joined
Aug 17, 2010
Messages
254
Reaction score
57
Location
SF Bay Area - Go Giants!
After more than a year with the same external IP address from Comcast, the address changed earlier today. The result, of course, was my iPBX13-13 balked at making connections. Simply accessing "Settings|Asterisk SIP Settings" and clicking the "Detect Network Settings" button resolved this problem. Efficient!

But a couple of cloud servers (on HostedSimply) weren't so simply resolved, as the new address from Comcast was promptly banned by Fail2Ban and IPTABLES! Using Add-IP with the new local address and rebooting the servers restored local service from the cloud servers. Easy enough!

But, I don't want to depend on having to use add-ip and to unban the IP address if a typo or incorrect password on a local device is used to configure a phone or to access the Admin services of the cloud iPBXs.

Reference to the old local IP address is in the /etc/sysconfig/iptables file. Is it enough to just change the old external address to the new address in this file and rebooting the server? Then, all is well until Comcast changes thing again? Are multiple IP addresses permitted in this file, beyond the three that are referenced (server, user, and public)?

/Pete./
 

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
644
Reaction score
234
Comcast awarrds dynamic IP addresses in a lacalized fashion, locate your current one in one of these networks


And allow the whole underlying network, ideal?not so much, effective? That would be a pudding and proof thing.
 

geopeterwc

Guru
Joined
Aug 17, 2010
Messages
254
Reaction score
57
Location
SF Bay Area - Go Giants!
Thanks for the info, @dicko ... interesting: neither my original IP address (73.223.1nn.nnn) nor the new one (76.126.1nn.nnn) are in the dynamic IP ranges in the list. I'm not paying for a fixed IP address, so I would have expected either/both of my external addresses to be listed; I would have expected more frequent address changes if they were. They're not. (The last time there was a change was about 2 years ago!)

But, my OP was addressing the possibility of removing the IP address used to build the cloud server that appears in the iptables file - and if editing the /etc/sysconfig/iptables file to substitute the new address for the old address would create/cause any down-the-road issues.

Thanks,
/Pete./
 

geopeterwc

Guru
Joined
Aug 17, 2010
Messages
254
Reaction score
57
Location
SF Bay Area - Go Giants!
@dicko ... um ... I didn't think about the /8 designation ... which provides 16,777,214 working addresses, beginning at 73.223.nnn.nnn. So, my addresses are well within that range.

Still ... what 'damage' would be done by editing the /etc/sysconfig/iptables file? (Guess I could just edit it and see what happens?!?)

/Pete./
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,083
Reaction score
2,602
That's what dynamic DNS management is all about. Set yourself up an FQDN with a service such as dyndns and use add-fqdn to add it to all of your servers. ipchecker will keep your servers running smoothly thereafter. :idea:
 

atsak

Guru
Joined
Sep 7, 2009
Messages
1,784
Reaction score
171
That's what dynamic DNS management is all about. Set yourself up an FQDN with a service such as dyndns and use add-fqdn to add it to all of your servers. ipchecker will keep your servers running smoothly thereafter. :idea:
As far as I've been told (by Oracle) the Dyn DNS services are going away . . . not sure yet on timing.
 

randy7376

Guru
Joined
Sep 29, 2010
Messages
807
Reaction score
91
Location
Fort Worth, Texas
No moving to DynDNS services. :(

Once again, Oracle ruins everything they come in contact with. :001 9898:

Here's what I received from them regarding my dynamic DNS account that was originally set-up under DynDNS a few years ago:
We are pleased to announce that since Oracle acquired Dyn in 2016 (and the subsequent acquisition of Zenedge) the engineering teams have been working diligently to integrate Dyn’s products and network into the Oracle Cloud Infrastructure. The Oracle Cloud Infrastructure platform is specifically architected to provide the industry-leading performance, predictability, security, and governance required for mission-critical enterprise workloads.

Now that this integration work is complete, Oracle is announcing the end-of-life of the Standard DNS service in favor of our upgraded version on the Oracle Cloud Infrastructure platform. On May 31, 2020, the “EOL Date”, the Standard DNS will be retired and will no longer be available. The upgrade to Oracle Cloud Infrastructure will require some actions on your part and must be completed on or before the EOL Date.
That service has worked great for me. Time to find another provider. Suggestions welcome!
 
  • Like
Reactions: ostridge

kenn10

A lesser geek
Joined
Dec 16, 2007
Messages
926
Reaction score
167
used no-ip a couple times successfully.
Me too. DynDNS looks like it will be $55/year. NoIP is $25 for 30 domain names. Looks like I'll be switching in 2020 when my DynDNS account is up for renewal. Its a shame that Oracle ruins (and exploits) everything they assimilate.
 
  • Like
Reactions: randy7376

jerrm

Guru
Joined
Sep 23, 2015
Messages
505
Reaction score
209
Google domains are $12/yr for com/net/org and support dynamic dns. No limit to the number of dynamic hosts that I know of (could be wrong).
 

smarks

Guru
Joined
Jan 7, 2015
Messages
110
Reaction score
25
I am sure this is an unpopular opinion but I have found that fail2ban causes more problems than it prevents and almost not worth the effort. I prefer to use public blacklists and my own honeypots now. All you are really doing with fail2ban or blacklists is reducing the background noise a little. It's not going to stop a lot of stuff even if you constantly monitor it and update filters. Regardless of what you do, stuff will still get through.

I pretty much just use it for SSH now with just the default settings from yum install. I still ban myself with that sometimes, trying to log in repeatedly with the wrong ssh password or whatever. It's just one more thing to deal with.
 
Last edited:

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,320
Messages
137,026
Members
14,550
Latest member
treimers