After update-scripta update-fixes freepbx is not accessible

[johnny2000]

I just run the update-scripts then update fixes, then it ask me to setup password for ARI, after setting up everything, the asterisk restart, however after restarting I can not access the freepbx anymore. Anyone have encountered the same problem? Thank you.

 

[darmock]

why what happens when you try to access it?

Have you tried to reboot the system prior to accessing freepbx

what is the exact error that shows up in your browser after trying to access freepbx

can you get to the kennonsoft main menu from your browser

 

[johnny2000]

why what happens when you try to access it?

Actually I just found what causing it, it's the fail2ban, it bans my desktop that I used to access. Now I'm not sure why it bans my desktop ip address in accessing it. Hmmm,

 

[darmock]

bad logins will do that!


Tom

 

[johnny2000]

why what happens when you try to access it?

Have you tried to reboot the system prior to accessing freepbx

what is the exact error that shows up in your browser after trying to access freepbx

can you get to the kennonsoft main menu from your browser

I could get to main menu but after that if i go to let say extensions then it will time out, i will try to use a different local ip address if i could access the freepbx while the fail2ban is running.

 

[johnny2000]

bad logins will do that!


Tom

Yes, i understand that, however i did not missed any username/password credential since i had it remembered by firefox, and now even if i used another desktop for as long as the fail2ban is running it doesn't allow me to access the freepbs gui, does it mean that the fail2ban is banning my whole local network address, if so how to remove it from fail2ban so that it would allow me to access it? Thank you.

 

[johnny2000]

I tried running this command: iptables -nvL fail2ban-ASTERISK also the list for fail2ban-SSH and fail2ban-APACHE, and voila there are no such chains, meaning after i run the update-scripts and update fixes the fail2ban service was damaged, please help what i need to do so that i would be able to access the freepbx gui and the ssh server. thank you.

 

[darmock]

what is the complete output of the status command?

 

[johnny2000]

what is the complete output of the status command?

PBX in a Flash Version 1.3 Daemon Status
********************************************************************
* Asterisk * ONLINE * Zaptel * ONLINE * MySQL * ONLINE *
* SSH * ONLINE * Apache * ONLINE * Iptables * ONLINE *
* Fail2ban * ONLINE * IP Connect* ONLINE * Ip6tables * ONLINE *
* BlueTooth * ONLINE * Hidd * ONLINE * NTPD * ONLINE *
* Sendmail * ONLINE * Samba * OFFLINE * Webmin * ONLINE *
* Ethernet0 * ONLINE * Ethernet1 * N/A * Wlan0 * N/A *

 

[johnny2000]

what is the complete output of the status command?

After sometime when the timer of fail2ban expires i can access the kennonsoft main menu, however once i am inside the freepbx administration, i can not access anything, eg. extensions, reports etc., and i can't even access the server using ssh. I check again the iptable list and I found the chains for the fail2ban-asterisk, fail2ban-ssh, fail2ban-apache.

 

[darmock]

when you type

fail2ban-client status what do you get?

Well I just finished installing the following versions

PBX in a Flash 1.2
" 1.3
" 1.4

Into VMware machines. Used the last good payload files for each version.

Once installed I did the following


logged into the CLI

checked the ipaddress

tried to log into freepbx and kennonsoft

Result no problems.

Next on each machine ran update-scripts, then passwd-master, then update-fixes

checked each time to log into freepbx results no problems

on the 1.2 and 1.3 versions I had to run update-fixes prior to being able to run the fail2ban-client status as these versions did not come with the very latest fail2ban I am afraid. Result

root@pbx:~ $ fail2ban-client status
Status
|- Number of jail: 5
`- Jail list: apache-tcpwrapper, apache-badbots, ssh-iptables, asterisk-iptables, vsftpd-iptables

OK looks good ran iptables-nvL and got the following

iptables -nvL
Chain INPUT (policy DROP 765 packets, 126K bytes)
pkts bytes target prot opt in out source destination
731 73514 fail2ban-BadBots tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
137 12372 fail2ban-SSH tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 fail2ban-VSFTPD tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
2637 703K fail2ban-ASTERISK all -- * * 0.0.0.0/0 0.0.0.0/0
1787 569K fail2ban-APACHE tcp -- * * 0.0.0.0/0 0.0.0.0/0
714 164K ACCEPT all -- !eth0 * 0.0.0.0/0 0.0.0.0/0
1011 401K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x10/0x10
88 8597 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1024:65535
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
2 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
72 4320 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9080
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4569
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5000:5082
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:20000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4445
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5038
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9022

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 1741 packets, 797K bytes)
pkts bytes target prot opt in out source destination

Chain fail2ban-APACHE (1 references)
pkts bytes target prot opt in out source destination
1787 569K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-ASTERISK (1 references)
pkts bytes target prot opt in out source destination
2637 703K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-BadBots (1 references)
pkts bytes target prot opt in out source destination
731 73514 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-SSH (1 references)
pkts bytes target prot opt in out source destination
137 12372 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-VSFTPD (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

from what I can tell everything is working on default installs that have not been changed. BTW also installed the 1.2 and 1.3 ISO's and then ran the 1.4 load files exactly the same results.

I believe you are suffering from what the scientist's call a "fubarred" install. I am sure one of the other great minds will chime in but so far as I can tell when you take the default stuff and install it as described it really does work if not I will fix it. Perhaps you have discovered a hidden "feature" that no one knows about. I test this stuff endlessly on all version of PIAF 1.2 AND ABOVE! Prior to releasing it I sure hope it is not a bug in the base software but installing it as described seems to work in our lab....

I apologize that I can't be of more help. I would simply scrub and reinstall and follow the same path I did and see what happens. Unfortunately PBX in a Flash is an ecosystem which sometimes gets polluted without any human intervention.... I tend to think sometimes it is the higgs boson impacting on the silicon of the processor that is causing it.....hehe

Tom