djanjic Posted June 5, 2019 Report Posted June 5, 2019 Hello, we are installing new server on CentOS 7. Currently firewall is blocking Access to the PBX from the outside. I tried adding the service to the firewall using: sudo firewall-cmd --zone=public --add-service=pbctrl but am getting the following error Error: INVALID_SERVICE: pbxctrl tried with pbx instead pbxctrl as well, same error. Has anyone configured firewall in CentOS 7? If they have can they share their commands to allow access to PBX? Documentation doesn't have much on the topic. Thank you. Dusan Quote
Vodia PBX Posted June 5, 2019 Report Posted June 5, 2019 There was a typo in the --add-service, but I don't think that was the problem. Looks like that you need to specify the service in /usr/lib/firewalld/services (see https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos/). Quote
djanjic Posted June 6, 2019 Author Report Posted June 6, 2019 So I did enabled PBX as a service in firewall by issuing following command: sudo firewall-cmd --zone=public --add-service=pbxctrl --permanent and seeing that it is in there by doing: sudo firewall-cmd --get-services . We even opened http port, still no access to PBX. If we disable firewall, no problem. Are there any other ports, services we need to open to gain access? Has any one installed PBX on CentOS 7? If they have can they share config the file with the rest of us? Thanks. Dusan Quote
Support Posted June 6, 2019 Report Posted June 6, 2019 Also make sure none of the other services are running on port 80 / 443 on that server which might be blocking the PBX to run on that port. A quick netstat of the ports can give you more information on that. Quote
Vodia PBX Posted June 7, 2019 Report Posted June 7, 2019 Well the question is what you are getting out of firewalld. At the end of the day, it controls iptables and helps you organize the (complicated) setup. This is useful if you have a complex setup with many rules. However if you have just the PBX running on the CentOS, the setup is actually very simple - the only ports exposed are the ports controlled by the PBX and its internal SBC, which can also be considered something like a smart application firewall. (And the other port usually expired is the SSH port, but this one can be protected by the /etc/hosts.allow file.) IMHO it is okay in such simple cases to disable the firewall and just run the PBX on the network interfaces. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.