After Firewall calls connecting but not landing on agents

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

After Firewall calls connecting but not landing on agents

Postby samadsaeed » Tue Jan 16, 2018 2:56 am

Hi Everyone,
Below is the configuration i'm using for this topic.

Vicibox8 ISO Single sever install on dedicated server from http://www.datasoft.ws
VERSION: 2.14-644a
BUILD: 171130-0036
CPU:
vendor_id : GenuineIntel
model name : Intel(R) Xeon(R) CPU L5420 @ 2.50GHz
cpu MHz : 2003.000
cache size : 6144 KB
RAM: 8GB

I have changed my SSH port to something other than 22, changed my SIP port to something other than 5060. Everything was going good but then I came up with a script for firewall rules IPtables on https://striker24x7.blogspot.com/2014/0 ... cript.html I followed all instructions given on this blog and added all carrier IPs i use and my agent's IPs into the IP whitelist file as instructed in the blog. As soon as I implemented the firewall rules and went to the asterisk -rv console I see calls are being connected and Answered but are not landing on agents. I did not see anything unusual or any congestion on Asterisk CLI but agents didnot receive any calls for about 10 minutes. As soon as I executed the command /sbin/SuSEfirewall2 off the calls started landing on agents. Please guide me what am I missing? Thank you. Any help would be appreciated.

Cheers--
Samad.
Last edited by samadsaeed on Wed Jan 17, 2018 2:01 am, edited 1 time in total.
Vicidial Scratch Install
Centos 6.7 64bits
VERSION: 2.14-679a|BUILD: 180618-2300|asterisk 11.22.0-vici
4 Dialers|1DB & Webserver| 5 Server Cluster|
CPUinfo|Intel(R) Xeon(R) E3-1240v3 @ 3.4GHz|32GB RAM|600x2 SAS|
All Servers are of same configurations.
samadsaeed
 
Posts: 40
Joined: Wed Dec 06, 2017 2:09 pm
Location: GB

Re: Vicidial-Calls connecting but not landing on agents

Postby samadsaeed » Tue Jan 16, 2018 1:28 pm

Hi, please experts out here I want your expert advice here! Please get me a solution to this. I can post anything u want here if its a requirement.
Vicidial Scratch Install
Centos 6.7 64bits
VERSION: 2.14-679a|BUILD: 180618-2300|asterisk 11.22.0-vici
4 Dialers|1DB & Webserver| 5 Server Cluster|
CPUinfo|Intel(R) Xeon(R) E3-1240v3 @ 3.4GHz|32GB RAM|600x2 SAS|
All Servers are of same configurations.
samadsaeed
 
Posts: 40
Joined: Wed Dec 06, 2017 2:09 pm
Location: GB

Re: After Firewall calls connecting but not landing on agent

Postby samadsaeed » Sat Jan 20, 2018 6:37 am

Hi, Sir(s) i'm waiting for some sort of a response as the server i'm talking about is not a practice server its currently a production server which is running without firewall rules. Please help me sort out the issue I would be very thankful to you all!

Regards,
Samad.
Vicidial Scratch Install
Centos 6.7 64bits
VERSION: 2.14-679a|BUILD: 180618-2300|asterisk 11.22.0-vici
4 Dialers|1DB & Webserver| 5 Server Cluster|
CPUinfo|Intel(R) Xeon(R) E3-1240v3 @ 3.4GHz|32GB RAM|600x2 SAS|
All Servers are of same configurations.
samadsaeed
 
Posts: 40
Joined: Wed Dec 06, 2017 2:09 pm
Location: GB

Re: After Firewall calls connecting but not landing on agent

Postby gequiros » Sat Jan 20, 2018 1:52 pm

Suggestion:

#1- Do a Install Scratch

#2- Do changes, one by one, and test, if it all works good, do another change, and so on

#3- If Something fails, now you know what's failing and "debug" and check all the odds there

#4- If you lack on knowledge (like most of us) and you just run scripts out of nowhere, becareful, you may be opening a major whole, you can't trust any script ( |Tho, striker is a respectable and helpful guy )

#5- If you can't find a solution, hire William Conley or Vicidial Group, cause downtime is making you lose more money, and better spent money wisely and have a system running as it should...



Take care and good luck !!! ( Try to isolate / identify the root cause of the issue )
Vicibox / ISO

1 x DataBase
1 x Archive
1 x Web
Many dialers

www.Come2VoIP.com
Skype: Come2VoIP-USA
WhatsApp: +1-305-320-1786
gequiros
 
Posts: 145
Joined: Sat Oct 22, 2016 1:22 am
Location: Miami, FL

Re: After Firewall calls connecting but not landing on agent

Postby thephaseusa » Sat Jan 20, 2018 7:56 pm

Samad use this whitelist firewall for your vicibox install:
http://www.viciwiki.com/index.php/DGG

It’s well documented in this forum. I use it. It works! It’s free!

John
thephaseusa
 
Posts: 345
Joined: Tue May 16, 2017 2:23 pm

Re: After Firewall calls connecting but not landing on agent

Postby uncapped_shady » Sun Jan 21, 2018 4:59 pm

Hi there, I use the same firewall on a few of my vicidialers and have no issues with it whatsoever. Just keep in mind that this firewall has a default drop rule of 0.0.0.0/0 (both INBOUND + OUTBOUND). That being said, have you allowed your public IP address in the iptables script together with your carrier IP's that you have mentioned? Have you allowed your internal IP range/s that all your agents make use of? Any internal V-lans that you are using?

So make sure that your public IP address as well as your internal IP range or ranges are included then run /usr/src/firewall/firewall.sh again. Once you have run the script again, run iptables -nL and see that all your IP's are in fact allowed.

Also to note is that when you are using this iptables script you will have to disable the "yast firewall" so run yast firewall and stop the firewall if running then disable it from auto starting, once that is done run /usr/src/firewall/firewall.sh again and run iptables -nL just to be sure your IP's are allowed and that the last rule is the drop rule for 0.0.0.0/0

Keep in mind that you have to be sure that the new firewall script starts at boot of the server as it will not start by default.

Let me know how it goes and if my advice worked out for you. Good luck

PS: Please note that my advice is purely for guiding you in the right direction but you are ultimately responsible for your server and infrastructure, therefore I cannot be held liable for any loss you or your company suffers due to following my advise.
uncapped_shady
 
Posts: 30
Joined: Sat Jan 20, 2018 5:51 pm
Location: South Africa Gauteng

Re: After Firewall calls connecting but not landing on agent

Postby samadsaeed » Mon Jan 22, 2018 1:30 am

Hi Everyone!
Thanks all for the advice. I'll try all suggestions and update u guys here once the issue is resolved. Thanks.
Vicidial Scratch Install
Centos 6.7 64bits
VERSION: 2.14-679a|BUILD: 180618-2300|asterisk 11.22.0-vici
4 Dialers|1DB & Webserver| 5 Server Cluster|
CPUinfo|Intel(R) Xeon(R) E3-1240v3 @ 3.4GHz|32GB RAM|600x2 SAS|
All Servers are of same configurations.
samadsaeed
 
Posts: 40
Joined: Wed Dec 06, 2017 2:09 pm
Location: GB

Re: After Firewall calls connecting but not landing on agent

Postby samadsaeed » Mon Jan 22, 2018 6:54 am

Hi,
uncapped_shady wrote:Hi there, I use the same firewall on a few of my vicidialers and have no issues with it whatsoever. Just keep in mind that this firewall has a default drop rule of 0.0.0.0/0 (both INBOUND + OUTBOUND). That being said, have you allowed your public IP address in the iptables script together with your carrier IP's that you have mentioned? Have you allowed your internal IP range/s that all your agents make use of? Any internal V-lans that you are using?

So make sure that your public IP address as well as your internal IP range or ranges are included then run /usr/src/firewall/firewall.sh again. Once you have run the script again, run iptables -nL and see that all your IP's are in fact allowed.

Also to note is that when you are using this iptables script you will have to disable the "yast firewall" so run yast firewall and stop the firewall if running then disable it from auto starting, once that is done run /usr/src/firewall/firewall.sh again and run iptables -nL just to be sure your IP's are allowed and that the last rule is the drop rule for 0.0.0.0/0

Keep in mind that you have to be sure that the new firewall script starts at boot of the server as it will not start by default.

Let me know how it goes and if my advice worked out for you. Good luck

PS: Please note that my advice is purely for guiding you in the right direction but you are ultimately responsible for your server and infrastructure, therefore I cannot be held liable for any loss you or your company suffers due to following my advise.


Bro, please clear me on the point that do I have to add my internal user's ips in the whitelist too? because I have a dedicated internet connection here in the office and all users login using the static internet IP i have to the server which is hosted on the internet. And yes the static IP of my internet connection has been added in the whitelist because they are able to login to the system successfully and they also hear the only person recording aswell. so the connection seems good. I also donot see any congestion or dial errors on asterisk CLI which means the dialing is also going good so the carrier IPs are also whitelisted. now the issue is just that agents are unable to receive any calls after this i dont know when the calls are being answered correctly then where do they disappear if they are not landing on the agent. Please your help would be highly appreciated.
Vicidial Scratch Install
Centos 6.7 64bits
VERSION: 2.14-679a|BUILD: 180618-2300|asterisk 11.22.0-vici
4 Dialers|1DB & Webserver| 5 Server Cluster|
CPUinfo|Intel(R) Xeon(R) E3-1240v3 @ 3.4GHz|32GB RAM|600x2 SAS|
All Servers are of same configurations.
samadsaeed
 
Posts: 40
Joined: Wed Dec 06, 2017 2:09 pm
Location: GB

Re: After Firewall calls connecting but not landing on agent

Postby williamconley » Mon Jan 22, 2018 9:18 am

my internal user's ips in the whitelist too


Properly set up, your internal network port should bypass the firewall completely and jump to "Accept" as soon as the packet is identified as being on an internal network.

yast firewall as a section to identify internal vs external. Be sure NOT to check the box for "protect against internal networks", of course, as that would turn the firewall on for internal networks as well defeating the purpose.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: After Firewall calls connecting but not landing on agent

Postby uncapped_shady » Wed Jan 24, 2018 10:53 am

As William mentioned by default Internal bypasses the firewall but as you have set up a third party firewall that blocks / allows both inbound and outbound as well as internal network you would need to add the IP ranges that you will be connecting to. Keep in mind this is with Yast Firewall disabled and only when you are making use of the strikers iptables method.

Sent from the mobile client - Forum Talker
uncapped_shady
 
Posts: 30
Joined: Sat Jan 20, 2018 5:51 pm
Location: South Africa Gauteng


Return to Support

Who is online

Users browsing this forum: Google [Bot] and 102 guests