SOLVED Portknock required every day

[kengetz]

I installed IncrediblePBX 13-12.3 on Ubuntu, on Vultr. All was working great. Then I moved my home. I ran add-fqdn to add home.mydomain.com (which is set up through a DDNS service to update to point to my local IP address regularly, and that works). I look in iptables and I see my current IP address listed. Yet, every single day, the phones don't work until I run the portknock utility on my iPhone. Once I do that, all is well. I just need to repeat the running of PortKnock to open the firewall to my IP address every single day.

Does anyone have any suggestions? This is frustrating. I guess I could just create a new instance and copy over all my settings, but I'd prefer not to do that. Thanks!

 

[wardmundy]

Is there an ipchecker file in /root/ Is it being run in /etc/crontab?

 

[kengetz]

ipchecker is there, and crontab contains the following. I don't know how crontab works: Does this look appropriate?

======

SHELL=/bin/sh

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )

*/10 5-22 * * * root /root/ipchecker > /dev/null 2>&1
2 0 * * * root rm /tmp/*.sln >/dev/null 2>&1

 

[dallas]

*/10 5-22 * * * root /root/ipchecker > /dev/null 2>&1

If I'm reading it correctly, this translates to every 6 seconds between 0500 and 2200
you should be seeing entries in the log each time the job runs.

 

[Aaron Outhier]

Look at the comment on line 3:
# m h dom mon dow user command

First column is minutes, not seconds.

 

[dallas]

Look at the comment on line 3:
# m h dom mon dow user command

First column is minutes, not seconds.

The first column is "*/10" which is 6 seconds.

 

[Aaron Outhier]

From the Linux Manpage:
Step values can be used in conjunction with ranges. Following a
range with "/<number>" specifies skips of the number's value through
the range. For example, "0-23/2" can be used in the 'hours' field to
specify command execution for every other hour (the alternative in
the V7 standard is "0,2,4,6,8,10,12,14,16,18,20,22"). Step values
are also permitted after an asterisk, so if specifying a job to be
run every two hours, you can use "*/2".

 

[Aaron Outhier]

Thus, we have “if the current hour is divisible by 2, run this entry” for the Manpage.
Likewise, */10 in the Minutes column, means:
if the current number of minutes is divisible by 10, run crontab entry.

 

[dallas]

I stand corrected.. So it's every 10 minutes between 0500 and 2200.

 

[Eliad]

check this thread, it might help

https://pbxinaflash.com/community/threads/vultr-install-blocks-whitelisted-ip.23662/#post-141632

 

[kengetz]

Thanks to all for suggestions. It appears to be fixed (at least, the PBX worked yesterday and then again today and I didn't have to PortKnock today!). I don't even know what I did--I fiddled around with add-fqdn and add-ip, and now my new home IP address is in iptables and it appears to be correctly handled. If it fails again, I'll just build a new server on Vultr. Thanks!