SOLVED Port knocker - not allowing access

markCFU

Member
Joined
Dec 12, 2013
Messages
31
Reaction score
7
Hello,

I have just installed incredible PBX 13.13, Centos 6, on CrownCloud.

Everything is working fine except for remote access using port knocker.

in /var/log/knockd.log i can see that the knock was successful;

[2019-10-31 16:57] XX.XX.XXX.XXX: opencloseALL: Stage 1

[2019-10-31 16:57] XX.XX.XXX.XXX: opencloseALL: Stage 2

[2019-10-31 16:57] XX.XX.XXX.XXX: opencloseALL: Stage 3

[2019-10-31 16:57] XX.XX.XXX.XXX: opencloseALL: OPEN SESAME

[2019-10-31 16:57] opencloseALL: running command: /sbin/iptables -A INPUT -s XX.XX.XXX.XXX -j ACCEPT

However i can't get access, any ideas what I could be missing?

Thanks

Mark
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
Have you verified that iptables is in /sbin??
 

markCFU

Member
Joined
Dec 12, 2013
Messages
31
Reaction score
7
Hi Ward!

My apologies for the delay in responding.

I have checked the directory /sbin and i can see that there is an entry called iptables (is that what you wanted me to check?)

Thanks

Mark
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
Does iptables -nL show the IP address whitelisted after the successful port knock?
 

markCFU

Member
Joined
Dec 12, 2013
Messages
31
Reaction score
7
Hi there,

after the knock i see the following in iptables -nL, just above the "Chain FORWARD (policy DROP)"

ACCEPT all -- XXX.XX.XXX.XXX 0.0.0.0/0 (XXX...= the ip i knocked from)

Could it be something to do with the CGNAT that my cellular provider operates?

Thanks

Mark
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
What is the IP that it is opening, there could be another higher priority rule dropping you.
 

markCFU

Member
Joined
Dec 12, 2013
Messages
31
Reaction score
7
do you mean what ip address am i trying to access from?
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
Sure.
If you go to whatismyipaddress.com the IP that is displayed, is that the same IP PortKnocker is opening? We still need at least the first 2 octets to check if a different rule is blocking you.
 

Jose Casares

Member
Joined
Mar 21, 2016
Messages
37
Reaction score
2
Hi guys I just launched an incrediblePBX 2021 PBX server hosted with CrownCloud. I can't seem to access the web Gui. I tried to whitelist my ip address but I get "Sorry. Account cloud.iptables already exists. under pbx status all is up. I am trying to access server by https://xxx.xx.xxx.xxx:9001
Any advice? thank you in advance.
 

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
Delete /root/cloud.iptables and try again, or use a different name when executing ./add-ip.
 

Eliad

Active Member
Joined
Aug 13, 2017
Messages
619
Reaction score
127
Hi guys I just launched an incrediblePBX 2021 PBX server hosted with CrownCloud. I can't seem to access the web Gui. I tried to whitelist my ip address but I get "Sorry. Account cloud.iptables already exists. under pbx status all is up. I am trying to access server by https://xxx.xx.xxx.xxx:9001
Any advice? thank you in advance.
You have to run incrediblepbx installer through a SSH connection and not through the console. This way you whitelist the IP you are SSH from into the server. I would just rerun the install since now CrownCloud has an incrediblepbx template, it wont take you more than 5 min to reinstall it
 

Jose Casares

Member
Joined
Mar 21, 2016
Messages
37
Reaction score
2
You have to run incrediblepbx installer through a SSH connection and not through the console. This way you whitelist the IP you are SSH from into the server. I would just rerun the install since now CrownCloud has an incrediblepbx template, it wont take you more than 5 min to reinstall it
It worked, Thank you. Also would you happen to know how to access admin Gui via browser? I was able to access webmin, looking for admin gui. Gracias.

JC
 

Eliad

Active Member
Joined
Aug 13, 2017
Messages
619
Reaction score
127
for the PBX GUI access you will have to access it from the the same computer you did the install because that computer is whitelisted for access. then you just enter the ip address of your PBX and you will get access to the PBX GUI. you do not need to enter the port number as you enter for the webmin access
 

Members online

Forum statistics

Threads
25,782
Messages
167,513
Members
19,203
Latest member
frapu
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top