Monitoring connections to fusion

Andyd358

Member
Aug 23, 2018
162
7
18
51
UK
Hi

Currently we have a multi tennet pbx held on a remote server. We use CSF firewall to limit connections to the PBX, so that only IPs that have been adeed can register handsets and make calls. We have found that this can cause issues (basically with a new customer) in that the call connects but sometimes there is no voice. Its pretty random and only seems to be happening ot one domain on the PBX. I suppose the question I have is that if I turn off this firewall off how secure is Fusion from being hacked/ someone connecting anmd making fraudulent calls. The other part of the qauestion is how can I monitor if Im getting hits on the pbx that should not be trying to connect to it, ie incorrect login details for handsets?

Cheers

Andrew
 

bryanredeagle

New Member
Apr 17, 2019
29
3
3
35
La Porte, IN
haway.io
For the voice issues, it sounds like an issue with the CSF firewall. I can't say what though because I'm not familiar with it.

In regards to FusionPBX being secure, it's configured to sit on the internet directly. It has a firewall, fail2ban, and freeswitch settings to block unwanted traffic. For fail2ban, there's a couple options you'll want to enable to block anyone trying to register with an IP address rather than a domain (I assume you're having people register to domains since you're running multiple tenants).

I haven't installed super huge systems myself with it, but other have and can give more details about what they ran into.
 

Andyd358

Member
Aug 23, 2018
162
7
18
51
UK
Chhers been looking at the fail2ban this afternoon, This system was setup but be provious boss and he always expressed a liking for CSF so just went with that to be honest.
 

Dast

New Member
Nov 11, 2019
19
3
3
Australia
It is possible its either your firewall or a firewall the customer is using. I guess it couldn't hurt too much to whitelist all the traffic from their IP to see if that helps, if so then go from there to further refine the access.

CSF is probably a bit overkill for a simple voip server, but if it's working for you then don't bother changing.
With that said, I think a few basic iptable rules to block everything except the few ports you need, then have fail2ban monitor those ports would suffice.

I believe fusionpbx installs fail2ban be default and adds a few basic search patterns, I definitely recommend adding your own patterns to suit your needs. For example, you might want to block everyone outside of your country on certain ports, or block requests for dodgy extensions/domains/etc.

One thing to note with fail2ban is that you must keep logging enabled for freeswitch, which is generally the default and logs to `/var/log/freeswitch/freeswitch.log`, I don't recall the exact log level required.
 
  • Like
Reactions: Andyd358

Andyd358

Member
Aug 23, 2018
162
7
18
51
UK
Cheers for the replies
Gives me more to look into might have the time now we are all at home....
 

Andyd358

Member
Aug 23, 2018
162
7
18
51
UK
so went to turn it on today and got this :
ERROR There is no directory /var/run/fail2ban to contain the socket file /var/run/fail2ban/fail2ban.sock.