› VitalPBX Community Support › General Discussion › Firewall error causes system to be unreachable at 00:01 intermittently on VPS
- This topic has 9 replies, 3 voices, and was last updated 9 months, 3 weeks ago by
DannyLarsen.
- Post
-
- February 13, 2020 at 6:18 pm
Version 2.4.0-5 and Version 2.4.0-3
I am occasionally seeing VPS servers become unreachable just after midnight. After a restart thru the VPS provider console the problem goes away. In the logs I see this just before it becomes unreachable.
Feb 13 00:01:00 ubsv1 firewalld[475]: WARNING: ICMP type ‘beyond-scope’ is not supported by the kernel for ipv6.
Feb 13 00:01:00 ubsv1 firewalld[475]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Feb 13 00:01:00 ubsv1 firewalld[475]: WARNING: ICMP type ‘failed-policy’ is not supported by the kernel for ipv6.
Feb 13 00:01:00 ubsv1 firewalld[475]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Feb 13 00:01:00 ubsv1 firewalld[475]: WARNING: ICMP type ‘reject-route’ is not supported by the kernel for ipv6.
Feb 13 00:01:00 ubsv1 firewalld[475]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Feb 13 00:01:01 ubsv1 systemd: Started Session 8122 of user root.
Feb 13 00:01:01 ubsv1 systemd: Starting Session 8122 of user root.
Feb 13 00:01:01 ubsv1 systemd: Started Session 8123 of user root.
Feb 13 00:01:01 ubsv1 systemd: Starting Session 8123 of user root.
Feb 13 00:01:01 ubsv1 firewalld[475]: WARNING: ‘/usr/sbin/ip6tables-restore –wait=2 -n’ failed:
Feb 13 00:01:01 ubsv1 firewalld[475]: ERROR: ‘/usr/sbin/iptables-restore –wait=2 -n’ failed:
Feb 13 00:01:01 ubsv1 firewalld[475]: WARNING: COMMAND_FAILED
Feb 13 00:01:01 ubsv1 firewalld[475]: WARNING: ‘/usr/sbin/ip6tables-restore –wait=2 -n’ failed:
Feb 13 00:01:01 ubsv1 firewalld[475]: WARNING: ‘/usr/sbin/iptables-restore –wait=2 -n’ failed:
Feb 13 00:01:01 ubsv1 firewalld[475]: WARNING: ‘/usr/sbin/ebtables-restore –noflush’ failed:
Feb 13 00:01:01 ubsv1 firewalld[475]: ERROR: COMMAND_FAILED
Feb 13 00:01:05 ubsv1 asterisk: [2020-02-13 00:01:05] #033[1;31mWARNING#033[0m[3232]: #033[1;37mchan_sip.c#033[0m:#033[1;37m3832#033[0m #033[1;37m__sip_xmit#033[0m: sip_xmit of 0x7f21741039a0 (len 523) to XXXXXXX:5060 returned -1: Operation not permitted
Feb 13 00:01:05 ubsv1 asterisk: [2020-02-13 00:01:05] #033[1;31mWARNING#033[0m[3232]: #033[1;37mchan_sip.c#033[0m:#033[1;37m3832#033[0m #033[1;37m__sip_xmit#033[0m: sip_xmit of 0x7f2174060500 (len 523) to XXXXXXX.30:5060 returned -1: Operation not permitted
Feb 13 00:01:06 ubsv1 asterisk: [2020-02-13 00:01:06] #033[1;31mWARNING#033[0m[3232]: #033[1;37mchan_sip.c#033[0m:#033[1;37m3832#033[0m #033[1;37m__sip_xmit#033[0m: sip_xmit of 0x7f21741039a0 (len 523) to XXXXXXX:5060 returned -1: Operation not permitted
Feb 13 00:01:06 ubsv1 asterisk: [2020-02-13 00:01:06] #033[1;31mWARNING#033[0m[3232]: #033[1;37mchan_sip.c#033[0m:#033[1;37m3832#033[0m #033[1;37m__sip_xmit#033[0m: sip_xmit of 0x7f2174060500 (len 523) to XXXXXXX:5060 returned -1: Operation not permitted0
- Replies
-
- February 15, 2020 at 1:31 am
- February 15, 2020 at 8:30 am
Posted by: @ing-joserivera26Did you try to perform a full update?
I also seen the local firewall caused some troubles on system updates.
Yum update from console run and retrieve all packages going to be updated but then when downloading packages stops on large files, like kernel and so on because throughput drops down to zero afre a few seconds. System logs reports something seen as SIP packet flooding.
Disabling firewall from config ui doesn’t solve the problem because doesn’r really disable the firewall. Stopping the firewalld daemon from console let the update transaction to terminate successfully.
Tested on 3 different fresh installs, 2 real and 1 virtual hardware, latest iso.
0- February 18, 2020 at 5:23 pm
Not sure what you are referring to as a Full Update, this server is on the latest version
This appears to be caused when this script runs /usr/share/ombutel/scripts/build_firewall_blacklists
Since the server becomes unreachable from anywhere but the vps console, If you do a restart it from the console it seems to solve the issue, at least for a reasonably long time.
0- February 18, 2020 at 5:31 pm
We’re improving this, we will release a patch to fix this behavior. This script you mentioned is to update the database of common VoIP attackers, in this way, your PBX is protected from those bad guys.
0- February 18, 2020 at 9:49 pm
- April 6, 2020 at 2:50 pm
- April 7, 2020 at 3:54 pm
- April 7, 2020 at 4:17 pm
- April 7, 2020 at 4:40 pm
- You must be logged in to reply to this topic.