关于FreePBX部分网络无法ping通或通信异常问题解决思路

最新推荐文章于 2024-04-17 09:44:59 发布

a3551522

最新推荐文章于 2024-04-17 09:44:59 发布

阅读量241

点赞数

分类专栏： FreePBX 文章标签：网络

本文链接：https://blog.csdn.net/a3551522/article/details/134823916

版权

FreePBX 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

起因：部署后一直正常运行的FreePBX这几天有同事反馈说无法访问与注册。

排查：

1、看下FreePBX网段网关及其他服务器、设备是否访问正常

2、查看其他网段访问FreePBX是否正常

3、查看FreePBX的防火墙、获取的IP与路由表

[root@freepbx ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

[root@freepbx ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.4.160  netmask 255.255.255.0  broadcast 10.1.4.255
        inet6 f418::b62e:99ff:fe20:9db6  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::b62e:99ff:fe20:9db6  prefixlen 64  scopeid 0x20<link>
        ether b4:2e:99:20:9d:b6  txqueuelen 1000  (Ethernet)
        RX packets 5827378  bytes 1935908187 (1.8 GiB)
        RX errors 0  dropped 470855  overruns 0  frame 0
        TX packets 5729933  bytes 2065827348 (1.9 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 28747531  bytes 31739394858 (29.5 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 28747531  bytes 31739394858 (29.5 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@freepbx ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.4.1        0.0.0.0         UG    0      0        0 eth0
10.1.4.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0

[root@freepbx ~]# arp -a
gateway (10.1.4.1) at 50:6f:77:50:5d:bf [ether] on eth0

发现：

1、FreePBX所在的网段下网关与其他设备访问正常。

2、大部分其他网关访问FreePBX也正常

3、查看配置都是正常，也没有限制

分析：
1、从排查结果分析，大概率应该是FreePBX做了限制

2、Linux除了防火墙开关以外还有一个iptables 规则

[root@freepbx ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-recidive  all  --  anywhere             anywhere
fail2ban-BadBots  tcp  --  anywhere             anywhere             multiport dports http,https
fail2ban-FTP  tcp  --  anywhere             anywhere             tcp dpt:ftp
fail2ban-apache-auth  tcp  --  anywhere             anywhere
fail2ban-SSH  tcp  --  anywhere             anywhere             tcp dpt:ssh
fail2ban-PBX-GUI  all  --  anywhere             anywhere
fail2ban-SIP  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-BadBots (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-FTP (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-PBX-GUI (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-SIP (1 references)
target     prot opt source               destination
REJECT     all  --  10.1.18.5            anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-apache-auth (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-recidive (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

3、果然问题出在这里，10.1.18.5 IP被限制了。输入命令进行手动剔除。

[root@freepbx ~]# iptables -D fail2ban-SIP -s 10.1.18.5 -j REJECT

4、剔除后访问正常。继续深入，不只一个同事反馈，应该还有其他记录。查看fail2ban日志

[root@freepbx ~]# cat /var/log/fail2ban.log
2023-11-09 03:09:02,244 fail2ban.server [2523]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.14
2023-11-13 03:34:17,212 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 04:04:18,038 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 05:33:20,358 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 06:03:21,172 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 06:03:25,181 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 06:33:25,948 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 06:34:45,031 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 07:04:45,833 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 07:06:10,923 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 07:36:11,713 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 07:37:36,807 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 08:07:37,589 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 08:09:02,679 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 08:39:03,480 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 08:40:27,567 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 09:10:28,382 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 09:11:54,473 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 09:41:55,272 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 09:43:20,359 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 10:13:21,171 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 10:14:46,258 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 10:44:47,080 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 10:46:12,168 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 11:16:12,984 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 11:17:38,069 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 11:47:38,876 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-13 11:49:03,966 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-13 12:19:04,780 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-14 00:16:26,691 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-14 00:46:27,496 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-14 00:47:46,581 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-14 01:17:47,377 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-14 01:19:05,462 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-14 01:49:06,265 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-14 01:50:24,349 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-14 02:20:25,141 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-14 02:21:43,224 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-14 02:51:44,009 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-14 02:53:02,094 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.21.5
2023-11-14 02:53:04,063 fail2ban.actions[2523]: WARNING [recidive] Ban 10.1.21.5
2023-11-14 03:23:02,897 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.21.5
2023-11-16 09:02:59,723 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.7.69
2023-11-16 09:33:00,533 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.7.69
2023-11-21 02:53:05,033 fail2ban.actions[2523]: WARNING [recidive] Unban 10.1.21.5
2023-11-23 02:32:31,561 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.0.25
2023-11-23 03:02:32,371 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.0.25
2023-11-23 08:16:12,156 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.0.25
2023-11-23 08:46:12,969 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.0.25
2023-12-04 05:47:36,415 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.7.97
2023-12-04 06:17:37,222 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.7.97
2023-12-05 09:29:18,111 fail2ban.actions[2523]: WARNING [pbx-gui] Ban 10.1.18.5
2023-12-05 09:59:18,943 fail2ban.actions[2523]: WARNING [pbx-gui] Unban 10.1.18.5
2023-12-05 10:17:24,724 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.18.5
2023-12-05 10:47:25,524 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.18.5
2023-12-05 10:48:25,590 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.18.5
2023-12-05 11:18:26,395 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.18.5
2023-12-06 00:14:03,880 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.18.5
2023-12-06 00:44:04,684 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.18.5
2023-12-06 00:45:05,750 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.18.5
2023-12-06 01:15:06,564 fail2ban.actions[2523]: WARNING [asterisk-iptables] Unban 10.1.18.5
2023-12-06 01:16:06,629 fail2ban.actions[2523]: WARNING [asterisk-iptables] Ban 10.1.18.5
2023-12-06 01:30:04,483 fail2ban.actions[2523]: INFO    [asterisk-iptables] 10.1.18.5 already banned
2023-12-06 01:31:04,543 fail2ban.actions[2523]: INFO    [asterisk-iptables] 10.1.18.5 already banned
2023-12-06 01:32:04,604 fail2ban.actions[2523]: INFO    [asterisk-iptables] 10.1.18.5 already banned
2023-12-06 01:32:54,655 fail2ban.actions[2523]: INFO    [asterisk-iptables] 10.1.18.5 already banned
2023-12-06 01:33:54,716 fail2ban.actions[2523]: INFO    [asterisk-iptables] 10.1.18.5 already banned
2023-12-06 01:34:25,747 fail2ban.actions[2523]: INFO    [asterisk-iptables] 10.1.18.5 already banned
2023-12-06 01:35:27,807 fail2ban.actions[2523]: INFO    [asterisk-iptables] 10.1.18.5 already banned

5、真相了。也怪我没上心，之前同事反馈偶尔登陆不了，也没当回事，大部分都是让他修改个IP去解决。哈哈哈，后续可以将限制的IP进行手动释放了。

这个排查的方法是通用的，也告诫我每个问题都需要认真对待，才能了解真相。

FreePBX还没入门，只是做了简单的部署与配置。继续学习！