Forums

Resolved
0 votes
I have been using and installing ClearOS since ClarkConnect 4 days, so I am pretty used to it by now. I rarely have to open the bonnet, so as to speak, but something has happened to my office system recently that has prevented something we always have been able to do from working anymore.

We have a Static IP on a Router linked to the Internet. However the internal IP address of the Router is 192.168.2.1. Three different devices connect to this Router. We have our ClearOS box which has a static IP address of 192.168.2.2, we have a small server running our 3CX VoIP exchange. This has an IP Address of 192.168.2.4. We also have a front facing Webserver. On the main Router all traffic appropriate to the VoIP box and web box are forwarded to these boxes. All other traffic is passed to ClearOS.

Obviously the ClearOS box has 1 External NIC - enp2s0 on 192.168.2.2 and 1 LAN NIC - enp4s0 on 192.168.3.1. All pretty standard stuff. and it has been this way for many Versions of ClearOS in our Office.

Up to a few months ago, 3CX softphones running on PCs in the office with an IP Address such 192.168.3.22, could access the VoIP exchange on 192.168.2.4 without any problem. Suddenly communication from the LAN to these few external IP addresses stopped whilst connection to the internet remains unaffected.

I now have an urgent reason to fix this as we have a new CRM where the Clients are running on our PCs inside the office, that must be able to communicate with the 3CX VoIP exchange. I have tried every tweak I can think of within ClearOS and then started working on setting up Static Routes at CentOS 7 level.

I read the suggested document https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_bestpractices_managing_static_routes and many others but to no avail.

As an example, I have a route-enp4s0 which contains the following line
192.168.2.0/24 via 192.168.3.1 dev enp4s0
that produces an error "cannot find device" enp4s0 which is patently rubbish. I have tried every different combination of setting up enp2s0 and enp4s0 route files with different variations but nothing works.

I am now at a loss so I tought I would ask for some advice or help.
Friday, August 23 2019, 10:15 PM
Share this post:
Responses (1)
  • Accepted Answer

    Saturday, August 24 2019, 07:23 AM - #Permalink
    Resolved
    0 votes
    In this scenario a static route like you are proposing is pretty much pointless as it effectively already exists. ClearOS knows that any traffic arriving at enp4s0 for any subnet other than 192.168.3.0/24 will automatically get routed to enp2s0 while ClearOS is in gateway mode.

    Are you running any IDS/IPS or other filter on ClearOS?

    Looking at https://www.3cx.com/docs/manual/firewall-router-configuration/, their examples are really for configurations where the softphone in on the internet and there is nothing indicating that you need to forward anything so I am puzzled. Have you tried asking 3CX?

    I wonder if you can turn off NAT for traffic for these phones by doing something like:
    iptables -t nat -I POSTROUTING -o enp2s0 -d 192.168.2.4 -j ACCEPT
    This is only a guess. If it works, it means the 3CX server will receive traffic which appears to come from 192.168.3.0/24, rather than being natted to 192.168.2.2.

    If you can't get any help from 3CX you may need to start packet sniffing but I am not sure how to diagnose the issue.
    The reply is currently minimized Show
Your Reply