FreePBX autoprovisioning
-
Have you done this?
I've found several wiki pages on building the configuration files, but nothing about setting up DHCP to option 66 or how to make sure tftp is running on the FreePBX server, etc.
I've purchased the Endpoint manager module and created a template and a config for a few phones, but when I ftp IP:69 from my windows workstation to my FreePBX box I get Connection Refused. I get the same when I ftp from the FreePBX box itself.
netstat -a | grep tftp provides
udp 0 0 *:tftp *:*
So I think it's enabled.
netstat -unlp | grep xinetd
udp 0 0 0.0.0.0:69 0.0.0.0:* 1119/xinetd
This tells me it's on port 69, OK.
iptables-save
# Generated by iptables-save v1.4.7 on Wed Jul 1 15:59:46 2015 *filter :INPUT ACCEPT [1077942:539260982] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [931595:198694389] :fail2ban-BadBots - [0:0] :fail2ban-FTP - [0:0] :fail2ban-PBX-GUI - [0:0] :fail2ban-SIP - [0:0] :fail2ban-SSH - [0:0] :fail2ban-apache-auth - [0:0] :fail2ban-recidive - [0:0] -A INPUT -p tcp -j fail2ban-FTP -A INPUT -p tcp -j fail2ban-apache-auth -A INPUT -p tcp -j fail2ban-BadBots -A INPUT -j fail2ban-SIP -A INPUT -j fail2ban-PBX-GUI -A INPUT -p tcp -j fail2ban-SSH -A INPUT -j fail2ban-recidive -A fail2ban-BadBots -j RETURN -A fail2ban-FTP -j RETURN -A fail2ban-PBX-GUI -j RETURN -A fail2ban-SIP -j RETURN -A fail2ban-SSH -j RETURN -A fail2ban-apache-auth -j RETURN -A fail2ban-recidive -s 142.54.168.154/32 -j DROP -A fail2ban-recidive -j RETURN COMMIT
Now it looks like tftp is not setup for access through iptables. Am I right? If so, how should I solve this?
#iptables -L -n
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-FTP tcp -- 0.0.0.0/0 0.0.0.0/0 fail2ban-apache-auth tcp -- 0.0.0.0/0 0.0.0.0/0 fail2ban-BadBots tcp -- 0.0.0.0/0 0.0.0.0/0 fail2ban-SIP all -- 0.0.0.0/0 0.0.0.0/0 fail2ban-PBX-GUI all -- 0.0.0.0/0 0.0.0.0/0 fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 fail2ban-recidive all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-BadBots (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-FTP (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-PBX-GUI (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-SIP (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0
Google provided
iptables -A INPUT -m state --state NEW -i eth0 -p udp --dport 69 -j ACCEPTBut then states something to the effect that like FTP it needs help setting up a second connection on a higher port for actual transport of files.
selinux is disabled.
-
Did you try and connect with a TFTP client from your desktop?
If that failed, then simply turn off the firewall on the PBX and try again. That will tell you if that is the problem.
-
-
@Dashrender said:
This looks promising.
Why are you still chasing server side information?
Start at the beginning.
You installed the module and setup a phone
You setup your DHCP option
You rebooted a phone and it did not pull a config.Now, to troubleshoot. The first thing you should do is attempt to connect manually from a windows or linux box where you can see what is happening.
You never confirmed if you could connect to the tftp server manually.Once you confirm that, then you can go into more testing.
- Turn off the firewall on the FreePBX machine
- Check if the tftp service is running
- Check if there is something wrong with the tftp server config
- More advanced troubleshooting
-
I can't connect from Windows - I get "timedout occured."
- there is no file /etc/sysconfig/iptables, according to http://community.freepbx.org/t/iptables-and-freepbx-distro/18352/2 , iptables is not enabled by default on FreePBX distros - and since it's missing the config file, I'm guessing that iptables is not doing anything. That said, I did type
service iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]then tried again, and same thing, "timeout occurred."
-
I thought the following was the evidence that that tftp is running - am I wrong?
netstat -a | grep tftp provides
udp 0 0 *:tftp :
But now that I'm typing this, I found the chkconfig command and it's output for xinetd is:
xinetd based services: chargen-dgram: off chargen-stream: off daytime-dgram: off daytime-stream: off discard-dgram: off discard-stream: off echo-dgram: off echo-stream: off rsync: off tcpmux-server: off tftp: on time-dgram: off time-stream: off
This shows that tftp is on.
3) the contents of my /etc/xinetd.d/tftp is:# default: off # description: The tftp server serves files using the trivial file transfer \ # protocol. The tftp protocol is often used to boot diskless \ # workstations, download configuration files to network-aware printers, \ # and to start the installation process for some operating systems. service tftp { disable = no socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot per_source = 11 cps = 100 2 flags = IPv4 }
(ML is changing the spacing, I don't recall how to show code to keep formatting)
- there is no file /etc/sysconfig/iptables, according to http://community.freepbx.org/t/iptables-and-freepbx-distro/18352/2 , iptables is not enabled by default on FreePBX distros - and since it's missing the config file, I'm guessing that iptables is not doing anything. That said, I did type
-
I found a post where someone said they were having problems, so they deleted their tftp file and recreated it, I did that, rebooted - still not working.
-
OK shoot myself in the face - my windows firewall was preventing tftp from working, UG!
Seems to be OK.
-
And Auto Provisioning is working - though the time wrong... yet it tells me the correct timezone. weird.
-
Well, if the timezone is definitely correct and the time is wrong.... maybe you have not set the time correctly? No matter how well a clock keeps time if it is set incorrectly it will just keep the time off by a steady amount.
-
@scottalanmiller said:
Well, if the timezone is definitely correct and the time is wrong.... maybe you have not set the time correctly? No matter how well a clock keeps time if it is set incorrectly it will just keep the time off by a steady amount.
HUH? It's suppose to pull time from 0.us.pool.ntp.org
I would hope it pulls UTC time from them, then sets the offset based on my timezone.
-
@Dashrender said:
HUH? It's suppose to pull time from 0.us.pool.ntp.org
I would hope it pulls UTC time from them, then sets the offset based on my timezone.
I did not see you listing that as being set. Have you manually brought them into sync so that they can set the time? If they start too far off NTP can't correct it.
Try restarting the NTP service manually and see if it syncs up.
How much is it off by? Is it skewed or is it off by exactly X number of hours? The use of UTC to your OS time is determined by the UTC setting, not NTP.
-
@scottalanmiller said:
@Dashrender said:
HUH? It's suppose to pull time from 0.us.pool.ntp.org
I would hope it pulls UTC time from them, then sets the offset based on my timezone.
I did not see you listing that as being set. Have you manually brought them into sync so that they can set the time? If they start too far off NTP can't correct it.
Try restarting the NTP service manually and see if it syncs up.
How much is it off by? Is it skewed or is it off by exactly X number of hours? The use of UTC to your OS time is determined by the UTC setting, not NTP.
How would you manually reset the NTP on a phone?
It's off by 10 hours 5 mins.
-
OH, it's the phone. I see. Well in theory, same way as on a computer as most phones are Linux. But you may not be able to. Try restarting the phones. Or see if there is a way to manually set it to close enough so that NTP can correct it.
-
yeah, my phone. FreePBX is fine!
I'll try just unplugging and replugging the phone.
-
"Have you tried turning it off and back on again?" Tee hee.
-
@scottalanmiller said:
"Have you tried turning it off and back on again?" Tee hee.
Ha, beat you to that one