vicidial.org

[samadsaeed]

Hi Everyone,
Below is the configuration i'm using for this topic.

Vicibox8 ISO Single sever install on dedicated server from http://www.datasoft.ws
VERSION: 2.14-644a
BUILD: 171130-0036
CPU:
vendor_id : GenuineIntel
model name : Intel(R) Xeon(R) CPU L5420 @ 2.50GHz
cpu MHz : 2003.000
cache size : 6144 KB
RAM: 8GB

I have changed my SSH port to something other than 22, changed my SIP port to something other than 5060. Everything was going good but then I came up with a script for firewall rules IPtables on https://striker24x7.blogspot.com/2014/0 ... cript.html I followed all instructions given on this blog and added all carrier IPs i use and my agent's IPs into the IP whitelist file as instructed in the blog. As soon as I implemented the firewall rules and went to the asterisk -rv console I see calls are being connected and Answered but are not landing on agents. I did not see anything unusual or any congestion on Asterisk CLI but agents didnot receive any calls for about 10 minutes. As soon as I executed the command /sbin/SuSEfirewall2 off the calls started landing on agents. Please guide me what am I missing? Thank you. Any help would be appreciated.

Cheers--
Samad.

[samadsaeed]

Hi, please experts out here I want your expert advice here! Please get me a solution to this. I can post anything u want here if its a requirement.

[samadsaeed]

Hi, Sir(s) i'm waiting for some sort of a response as the server i'm talking about is not a practice server its currently a production server which is running without firewall rules. Please help me sort out the issue I would be very thankful to you all!

Regards,
Samad.

[gequiros]

Suggestion:

#1- Do a Install Scratch

#2- Do changes, one by one, and test, if it all works good, do another change, and so on

#3- If Something fails, now you know what's failing and "debug" and check all the odds there

#4- If you lack on knowledge (like most of us) and you just run scripts out of nowhere, becareful, you may be opening a major whole, you can't trust any script ( |Tho, striker is a respectable and helpful guy )

#5- If you can't find a solution, hire William Conley or Vicidial Group, cause downtime is making you lose more money, and better spent money wisely and have a system running as it should...



Take care and good luck !!! ( Try to isolate / identify the root cause of the issue )

[thephaseusa]

Samad use this whitelist firewall for your vicibox install:
http://www.viciwiki.com/index.php/DGG

It’s well documented in this forum. I use it. It works! It’s free!

John

[uncapped_shady]

Hi there, I use the same firewall on a few of my vicidialers and have no issues with it whatsoever. Just keep in mind that this firewall has a default drop rule of 0.0.0.0/0 (both INBOUND + OUTBOUND). That being said, have you allowed your public IP address in the iptables script together with your carrier IP's that you have mentioned? Have you allowed your internal IP range/s that all your agents make use of? Any internal V-lans that you are using?

So make sure that your public IP address as well as your internal IP range or ranges are included then run /usr/src/firewall/firewall.sh again. Once you have run the script again, run iptables -nL and see that all your IP's are in fact allowed.

Also to note is that when you are using this iptables script you will have to disable the "yast firewall" so run yast firewall and stop the firewall if running then disable it from auto starting, once that is done run /usr/src/firewall/firewall.sh again and run iptables -nL just to be sure your IP's are allowed and that the last rule is the drop rule for 0.0.0.0/0

Keep in mind that you have to be sure that the new firewall script starts at boot of the server as it will not start by default.

Let me know how it goes and if my advice worked out for you. Good luck

PS: Please note that my advice is purely for guiding you in the right direction but you are ultimately responsible for your server and infrastructure, therefore I cannot be held liable for any loss you or your company suffers due to following my advise.

[samadsaeed]

Hi Everyone!
Thanks all for the advice. I'll try all suggestions and update u guys here once the issue is resolved. Thanks.

[samadsaeed]

Hi,

Hi there, I use the same firewall on a few of my vicidialers and have no issues with it whatsoever. Just keep in mind that this firewall has a default drop rule of 0.0.0.0/0 (both INBOUND + OUTBOUND). That being said, have you allowed your public IP address in the iptables script together with your carrier IP's that you have mentioned? Have you allowed your internal IP range/s that all your agents make use of? Any internal V-lans that you are using?

So make sure that your public IP address as well as your internal IP range or ranges are included then run /usr/src/firewall/firewall.sh again. Once you have run the script again, run iptables -nL and see that all your IP's are in fact allowed.

Also to note is that when you are using this iptables script you will have to disable the "yast firewall" so run yast firewall and stop the firewall if running then disable it from auto starting, once that is done run /usr/src/firewall/firewall.sh again and run iptables -nL just to be sure your IP's are allowed and that the last rule is the drop rule for 0.0.0.0/0

Keep in mind that you have to be sure that the new firewall script starts at boot of the server as it will not start by default.

Let me know how it goes and if my advice worked out for you. Good luck

PS: Please note that my advice is purely for guiding you in the right direction but you are ultimately responsible for your server and infrastructure, therefore I cannot be held liable for any loss you or your company suffers due to following my advise.

Bro, please clear me on the point that do I have to add my internal user's ips in the whitelist too? because I have a dedicated internet connection here in the office and all users login using the static internet IP i have to the server which is hosted on the internet. And yes the static IP of my internet connection has been added in the whitelist because they are able to login to the system successfully and they also hear the only person recording aswell. so the connection seems good. I also donot see any congestion or dial errors on asterisk CLI which means the dialing is also going good so the carrier IPs are also whitelisted. now the issue is just that agents are unable to receive any calls after this i dont know when the calls are being answered correctly then where do they disappear if they are not landing on the agent. Please your help would be highly appreciated.

[williamconley]

my internal user's ips in the whitelist too

Properly set up, your internal network port should bypass the firewall completely and jump to "Accept" as soon as the packet is identified as being on an internal network.

yast firewall as a section to identify internal vs external. Be sure NOT to check the box for "protect against internal networks", of course, as that would turn the firewall on for internal networks as well defeating the purpose.

[uncapped_shady]

As William mentioned by default Internal bypasses the firewall but as you have set up a third party firewall that blocks / allows both inbound and outbound as well as internal network you would need to add the IP ranges that you will be connecting to. Keep in mind this is with Yast Firewall disabled and only when you are making use of the strikers iptables method.

Sent from the mobile client - Forum Talker