Page 1 of 1
(SOLVED)Issue with dynaportal whitelist and IPBLOCK
Posted:
Wed Jun 22, 2022 11:57 am
by vapiano
Version: 2.14-858a
Build: 220513-0819
Asterisk 13.38.2
Cloud VPS, 4 vCPU Cores, 8 GB RAM, 200 GB SSD
ViciBox_v10.x86_64 10.0.1.iso
Hello, I am happy to be here in this great forum. Hope you can help me.
I was playing a bit with building a dynaportal. After setting up the firewall, I went to Admin->Ip List and enabled the whitelist. My problem is now that when entering in dynaportal 6666 and the password, I get validated but am not able to open the admin page. Getting always the message "Your IP Address is not allowed: XX.XXX.XX.XX: |6666|IPBLOCK|". When entering in dynaportal as an agent, it is possible to log in in agents account. But admin page isn´t possible anymore.
Ipset list shows me that my IP is listed in the dynamiclist but still access in admin page is not possible.
Is there a way to disable the whitelist via console or to put manually an IP int the whitelist via console?
Thank you
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Wed Jun 22, 2022 1:58 pm
by vapiano
Okay I got it solved now by a freelancer I engaged. I dont kow what he did exactly but he told me that in asteriks database it was the system_settings table and he changed allow_ip_list field to 0.
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Wed Jun 22, 2022 5:07 pm
by williamconley
Sounds like your firewall may be off. You may want to check on that. Allowing YOU was the goal, not allowing EVERYONE.
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Fri Jun 24, 2022 5:26 pm
by vapiano
williamconley wrote:Sounds like your firewall may be off. You may want to check on that. Allowing YOU was the goal, not allowing EVERYONE.
My firewall is on.
My problem is now that disableing allow_ip_list field to 0 let me visit again the admin page but now the field doesn´t exist anymore in the admin section.
So I need a way to disable only the whitelist (ViciWhite). How can I disable the whitelist or put manually my IP into the whitelist via mysql?
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Sat Jun 25, 2022 2:49 pm
by williamconley
disabling the ability to VIEW/Modify IP lists has no effect on the firewall itself. That was a byproduct of whatever else the technician did. Sounds like he may have locked you out of the ability to modify the IP lists on purpose. Perhaps that capability has been limited to a different user, or turned off entirely. But the IPs in those lists are still there, and the firewall still operates however that technician has set it up. He may have put in an override value or changed firewall entirely. He may be entering IP values directly into those IP lists in the database, or any one of several other scenarios.
If nobody else can get to the server (ie: whitelist), but you CAN, you then just have to ask yourself if you trust the technician.
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Sat Jun 25, 2022 6:00 pm
by vapiano
williamconley wrote:disabling the ability to VIEW/Modify IP lists has no effect on the firewall itself. That was a byproduct of whatever else the technician did. Sounds like he may have locked you out of the ability to modify the IP lists on purpose. Perhaps that capability has been limited to a different user, or turned off entirely. But the IPs in those lists are still there, and the firewall still operates however that technician has set it up. He may have put in an override value or changed firewall entirely. He may be entering IP values directly into those IP lists in the database, or any one of several other scenarios.
If nobody else can get to the server (ie: whitelist), but you CAN, you then just have to ask yourself if you trust the technician.
It was my fault that I have locked myself out from the server by enabling the whitelist without adding my IP into it. I engaged the technician after I have messed up.
And he was a help because by turning the allow_ip_list to 0 I got access to my server again. But he doesn´t know how to only disable the whitelist or how to put manually my IP into whitelist. This is what I am looking for now. Maybe somebody knows how to help here.
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Mon Jun 27, 2022 2:32 pm
by carpenox
firewall-cmd --add-source=youriphere --zone=trusted --permanent
firewall-cmd --reload
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Tue Jun 28, 2022 12:09 pm
by vapiano
carpenox wrote:firewall-cmd --add-source=youriphere --zone=trusted --permanent
firewall-cmd --reload
Got for both commands a message "success" but still does not work.
When doing:
mysql -p
use asterisk
select * from vicidial_ip_list_entries;
i can see that there are no IP adresses in viciwhite. Does it help to put my ip adress in there and if yes, with which command do I put my IP adress into this vicidial_ip_list_entries?
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Tue Jun 28, 2022 3:06 pm
by carpenox
what ports do u have in trusted zone?
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Tue Jun 28, 2022 3:09 pm
by williamconley
- Code: Select all
mysql asterisk -e "insert into vicidial_ip_list_entries values ('ViciWhite','xx.xx.xx.xx')"
with your ip rather than xx.xx.xx.xx of course
Re: Issue with dynaportal whitelist and IPBLOCK
Posted:
Tue Jun 28, 2022 4:15 pm
by vapiano
williamconley wrote:- Code: Select all
mysql asterisk -e "insert into vicidial_ip_list_entries values ('ViciWhite','xx.xx.xx.xx')"
with your ip rather than xx.xx.xx.xx of course
Damnnnnnnnnnnn, yessss!!!! That was it!! Thank you so much. Finally I can continue working after more than one week.
Re: (SOLVED)Issue with dynaportal whitelist and IPBLOCK
Posted:
Wed Jun 29, 2022 4:11 pm
by carpenox
good stuff Bill, great postback vapiano