never place a vicidial server in the DMZ unless you have a rock-solid firewall installed in the Vicidial server.
Since you have made no mention of your installation, I can't offer a lot of advice there, but I can tell you a more appropriate method to break holes in the office firewall and some suggestions to the Vicidial firewall.
1) Newbie suggestions!
when you post, please post your entire configuration including (but not limited to) your installation method and vicidial version with build.
this IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)
You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "from scratch" you must post your operating system and should also post the .iso version from which you installed your original operating system. If your installation is "Hosted" list the site name of the host.
If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.
Similar to This:
Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600
2) Take Vicidial out of the DMZ, forward port 80 TCP to the vicidial server and port 4569 UDP if you require a remote phone connection (You could use 5060 for remote SIP, but there are challenges if you have a router at both ends of the call ...). If you will have a second server and want access to that as well, forward external port 81 to internal port 80 on the 2nd server and add :81 to your domain name in the URL for the second server.
3) On the firewall in the vicidial server you should have a whitelist only system. This means closing all the ports and turning off ping and port 113 and then allowing traffic from individual IPs or IP ranges ONLY. so only those you specify will have access. This keeps China out unless you actually open a range for a hacker. If you only open individual IPs, I hope you can avoid opening one with a hacker on it. LOL If you installed with Vicibox you can use our Dynamic Good Guys package for this. It includes full lockdown instructions even if you don't install it.
http://www.viciwiki.com/index.php/DGG4) Of course, you could just get another IP address ... we actually recommend Vicidial be naked on the net to remove the router from the equation (less links in the chain, less points of failure).
Happy Hunting
(And Welcome to the Party!)
