FOOD FOR THOUGHT Travelin' Man 3 Tips

[Tapiocapioca]

I am trying to setup a safety the access on my server from 3 smartphone, so I am following the guide on this page http://nerdvittles.com/?p=815 .

I am using the version of PAIF on ubuntu, so I skipped the installation of Travelin' Man

I run ./secure-iptables , and I think was working in a good way
I setup one ddns client on my android phone and is working in a good way, I compared the IP (like 49.xxx.xxx.xxx with the website www.whatismyip.com and is the same I can see recorded on noip.com
I added my phone test with the command ./add-fqdn Lorenzo lorenzo101.ddns.net and selected the points number 1 and 2 (sip TCP/UDP) with the root user
When I digit the command cat /root/Lorenzo.iptables the result is lorenzo101.ddns.net 49.xxx.xxx.xxx
I also made the config about cron, if I switch my connection from wifi to 4g the ip change correctly, but my phone have not the access.
If I check iptables with the command iptables -nL I can not read my ip 49.xxx.xxx.xxx but I don't really understand if is fine or not..

If I knock the door the client login istantly, I am using zoiper with g729

What can happen?

 

[wardmundy]

Is /root/ipchecker configured and running in /etc/crontab??

 

[Tapiocapioca]

Yes it is, if i change the conncetion from wifi to 4g and also back the ip change almost in real time, i setup the update 1 minute for test and update almost in real time. The problem look like the script can't update the file iptables.
Trying i added some lines fake, and after i tried to run again the script ./secure-iptables and the lines i added still survive. Can be a problem of premissions? If it is, where can i find the script update the file iptables?

 

[wardmundy]

http://pbxinaflash.com/community/threads/iptables-persistent-unrecognized-service.18429/#post-117861

 

[Tapiocapioca]

No, other thread can't help me.
I did another one test.
I deleted the file of configuration about iptables and after I run the command ./secure-iptables
The script look like work in a good way, ask me the ip or fqdn of administrator at the end ask me to save the config and overwrite the old configuration, but in the fact doesn't write nojting. Only delete the old fqdn I added before.

 

[Tapiocapioca]

I tried to debug the script /root/ipchecker

This is the result

+ cd /root
+ element_count=3
+ restartflag=0
+ index=0
+ '[' 0 -lt 3 ']'
+ '[' '!' -s Lorenzo.iptables ']'
++ cat Lorenzo.iptables
++ cut -f 1 -d ' '
+ fqdn=lorenzo101.ddns.net
++ cat Lorenzo.iptables
++ cut -f 2 -d ' '
+ ip=49.xxx.xxx.xxx
++ dig +short lorenzo101.ddns.net
+ test=49.xxx.xxx.xxx
+ LEN=12
+ '[' 12 -gt 15 ']'
+ '[' 12 -lt 7 ']'
+ '[' 49.xxx.xxx.xxx = lorenzo101.ddns.net ']'
+ '[' 49.xxx.xxx.xxx '!=' 49.xxx.xxx.xxx ']'
+ echo 'Account Lorenzo.iptables OK'
Account Lorenzo.iptables OK
+ (( index++ ))
+ '[' 1 -lt 3 ']'
+ '[' '!' -s curly.iptables ']'
+ echo 'Ooops. curly.iptables not found.'
Ooops. curly.iptables not found.
+ ip=0.0.0.0
+ test=0.0.0.0
+ fqdn=0.0.0.0
+ '[' 0.0.0.0 '!=' 0.0.0.0 ']'
+ echo 'Account curly.iptables OK'
Account curly.iptables OK
+ (( index++ ))
+ '[' 2 -lt 3 ']'
+ '[' '!' -s moe.iptables ']'
+ echo 'Ooops. moe.iptables not found.'
Ooops. moe.iptables not found.
+ ip=0.0.0.0
+ test=0.0.0.0
+ fqdn=0.0.0.0
+ '[' 0.0.0.0 '!=' 0.0.0.0 ']'
+ echo 'Account moe.iptables OK'
Account moe.iptables OK
+ (( index++ ))
+ '[' 3 -lt 3 ']'
+ '[' 0 -eq 1 ']'
+ exit 0

I don't really understand, where this script putt the IP in iptables? If I understood this is the script nee to do it.

 

[lecoury]

Hello, did you find the solution?

My ipchecker is working fine updating the IPaddress on lece.iptable when it changes, however, those changes are not writen on the IPtables.

When I run iptables -nL the new IP address is not there just the old one.

Linix 6.7
Asterisk: 13.7.2
Incredible GUI: 12.0.30

Have anyone else had this problem?

Thanks.

Luis

 

[Tapiocapioca]

To fix the situation last time I reinstalled PIAF.

 

[wardmundy]

Keep in mind that dynamic IP addresses are managed by Travelin' Man 3 using the ipchecker script which must be run periodically from /etc/crontab. This script does NOT add the new IP addresses to the default iptables config file. That file contains the FQDN for the device using dynamic IP addressing. All the ipchecker script does is (1) check to see if the latest IP address for the FQDN is different from the one IPtables is already using and, (2) if so, it restarts IPtables to refresh the IP address table in memory. The refresh can be verified using iptables -nL not by referencing the iptables config file.

 

[Tapiocapioca]

Ward in my case the problem was different, I checked all scripts and some was not compete. I installed one virtual machine piaf and i compared the scipts just installed and mine and was different, like not complete. Just for examle, if on the vistual machine I had one script 100 lines, on my oficial machine vas 90 lines. Wasn't a problem about piaf, maybe something wrong duting the installation.
After i reinstalled everything ok

 

[lecoury]

Thank you for your responses. I think I might need to reinstall.

Ward, the ipchecker is running periodically, even if I run it mannually it runs flawlessly, however changes are not applied, when I run iptables -nL the old IP still appears.

just for reference.
Asterisk 13.7.2
Incredible GUI 12.0.30
Scientific Linux 6.7

The following is the result when running ipchecker (ip change was for testing only)

./ipchecker
Account testing.iptables CHANGED
FQDN: testingxxx.dyndns.org
OLD IP: 192.168.0.45
NEW IP: 192.168.0.46
iptables: Setting chains to policy ACCEPT: nat mangle filte[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
No IPtables problems found.
Stopping fail2ban: [ OK ]
Starting fail2ban: mkdir: cannot create directory `/var/run/fail2ban': File exists
ERROR NOK: ('Action iptables-multiport already exists',)
[ OK ]
You have new mail in /var/spool/mail/root
WARNING: Always run Incredible PBX behind a secure hardware-based firewall.

However Old IP still appeared on iptables -nL

Thanks!!

Luis