Dynamic Good Guys Firewall for Stock Vicibox Servers

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Thu Mar 07, 2013 7:37 pm

Step By Step!

http://www.viciwiki.com/index.php/DGG

If your name is "Kumba" or "The Vicidial Group" you are free to copy and incorporate this without any residuals or "mention" of PoundTeam. Anyone else: Attribution-ShareAlike 3.0 Unported License: http://creativecommons.org/licenses/by-sa/3.0/us/
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby Acidshock » Wed Mar 13, 2013 7:55 pm

I didnt see anyone say thank you so let me be the first!
Thank you!

Nice guide. It should help a lot of people out there.
VERSION: 2.14-698a | BUILD: 190207-2301 | Asterisk:13.24.1-vici | Vicibox 8.1.2
Acidshock
 
Posts: 430
Joined: Wed Mar 03, 2010 3:19 pm

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Wed Mar 13, 2013 8:18 pm

I like customers who want "customization". I do not like having to respond to customers whose servers have been hacked. It's expensive to rebuild and secure a server ... but nothing is "built" during this process. My coders like ... coding! 8-)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby rrb555 » Thu Mar 14, 2013 8:16 am

wow this is great. Thank you williamconley

I just want to ask few things with
URL for Dynamic Good Guys Login:
http://xxx.xxx.xxx.xxx:81/xxxxxxxxxxxxx ... xxxxxx.php
agents can login to the server without any issue but what will be the link if you are the manager?
One server that I am managing | Single Server | ViciBox Redux 6.0 | VERSION: 2.12-549a | BUILD: 160404-0940 | revision 2508| No other hardware
For help you can send me a direct email info@support.com.ph
rrb555
 
Posts: 585
Joined: Tue Feb 08, 2011 4:24 pm
Location: Quezon City, Philippines

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Thu Mar 14, 2013 8:21 am

Same link. Log in there first, then hit the /vicidial/admin.php page manually and you'll already be "allowed" past the firewall due to your successful login attempt at the :81 page.

Good question :)

Upon Request (ie: $$ or time) we could modify the :81 to bounce admins to the Welcome Page instead of the agent login page after completion (based on user level, of course).
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby rrb555 » Thu Mar 14, 2013 8:30 am

another question, I didn't able to read on the wiki that SIP connection will be allowed too. will SIP be allowed to also? I guess it should. :)
But what will be the process for this? I guess agent should start logging in to port 81 link first to allow their IP's then configure their softphones next?
One server that I am managing | Single Server | ViciBox Redux 6.0 | VERSION: 2.12-549a | BUILD: 160404-0940 | revision 2508| No other hardware
For help you can send me a direct email info@support.com.ph
rrb555
 
Posts: 585
Joined: Tue Feb 08, 2011 4:24 pm
Location: Quezon City, Philippines

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Thu Mar 14, 2013 8:34 am

yes. As soon as the agent logs in via :81, their sip phone will be able to register as well.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby rrb555 » Thu Mar 14, 2013 8:46 am

for this one
Enter FQDN or IP - whichever is used in URL - of this server for apache configuration:
I have enter the Public IP address of the server, what if I want to change the IP address? how can i change this?
One server that I am managing | Single Server | ViciBox Redux 6.0 | VERSION: 2.12-549a | BUILD: 160404-0940 | revision 2508| No other hardware
For help you can send me a direct email info@support.com.ph
rrb555
 
Posts: 585
Joined: Tue Feb 08, 2011 4:24 pm
Location: Quezon City, Philippines

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Thu Mar 14, 2013 9:38 am

I believe that is used to create the link ... it will still work after you change your IP, but you'll need to modify the link in your browser.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Wed Mar 20, 2013 8:51 pm

Note: Sourceforge moved the repository for a "sub package" and we found out today. In theory this has been repaired. We'll be testing it tomorrow if we get a chance.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby DomeDan » Thu Jul 18, 2013 6:40 am

Have DGG in production now, its pretty neat, thank you PoundTeam! :)

But I have a few things that you might want to look at:


In the wiki page http://www.viciwiki.com/index.php/DGG
after:
"Alt-Q" to quit and return to Command Line mode

you should add somehting like:
back in "yast firewall" again and select Custom Rules
Or something because that is not mentioned when the next step starts talking about Custom Rules




And I added "align=left" to the goodguys.php/phpmysqlezedit.php script to make the column name be aligned with the values (maybe it looks weird for me because I have a widescreen)
with all on the left side its much better
Code: Select all
--- phpmysqlezedit/phpmysqlezedit.php.orig   2013-07-18 02:23:24.000000000 +0200
+++ phpmysqlezedit/phpmysqlezedit.php   2013-07-18 02:23:57.000000000 +0200
@@ -342,7 +342,7 @@
             $addstring="<a href='{$_SERVER['PHP_SELF']}?action=add&table=$table&limit=$limit'>Add</a>";
         }
         print('<br>'."\n".'<table width='.$width.'% align="center">'."\n");
-        print("   <tr><th colspan=$num_fields>View Table $table&nbsp;$addstring</th></tr>\n   <tr><th><b>Del</b></th><th><b>Mod</b></th>\n");
+        print("   <tr><th colspan=$num_fields>View Table $table&nbsp;$addstring</th></tr>\n   <tr align=left><th><b>Del</b></th><th><b>Mod</b></th>\n");
 
         while ($i < $num_fields) {






And I edited stage two to ask for the address for the mysql server + a fake prompt
and added a check to see if the mysql command succeed, if it fails then it asked if it should continue
Code: Select all
--- dgg/dgg_install_stage_two.sh.orig   2013-07-18 01:36:21.000000000 +0200
+++ dgg/dgg_install_stage_two.sh   2013-07-18 01:47:22.000000000 +0200
@@ -25,7 +25,16 @@
    echo "Argument $((i)): ${args[$i]}"
 }
 
+echo Enter ip address to the mysql server - blank if localhost
+echo -n ">"
+read -e HOST
+if [[ ${#HOST} > 1 ]]
+then
+    HOST=-h$HOST
+fi
+
 echo Enter root mysql password - blank if no password
+echo -n ">"
 read -e PASS
 if [[ ${#PASS} > 1 ]]
 then
@@ -34,7 +43,13 @@
 #echo $PASS
 #@TODO: Get db name from conf
 echo "Installing Database"
-mysql asterisk < $SVNREPOSITORY/dgg_mysql_setup.sql $PASS
+mysql asterisk < $SVNREPOSITORY/dgg_mysql_setup.sql $PASS $HOST
+if [[ $? -ne 0 ]]
+then
+      echo -e "\nThe mysql import seams to have failed, you might want to Ctrl+C now and check it up and try again"
+      echo -n "Or else just press Enter"
+      read -e FAIL
+fi
 #@TODO: Create Update version
 /bin/bash /usr/src/poundteam/dgg/dgg_install_stage_three.sh
(you could make this step try to get the login details from /etc/astguiclient.conf instead, that would be sweet!)


also added a fake prompt to stage four: echo -n ">"

Didn't bother messing with uploading patch files for these small changes

What I miss is a uninstall script, I know its pretty hard to do, but its not impossible.

And also write the script so it can be run again without adding duplicates to the files it writes to
because that happen to me when it failed to import the sql-file
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Mon Aug 12, 2013 11:13 pm

back in "yast firewall" again and select Custom Rules

added

align=left

added

For the mysql, however, multi-server installation is merely accomplished on each server. So it can fail on the non-mysql boxes as long as it works on the real mysql server.

Our next upgrade to the package (if anyone funds it ...) will include multi-server either through http to the other instances or trust through apache to ssh commands. We perform these by hand now, because it's a bit complex to install the trust version and nobody wants to pay for development of the http version. But we've got many installs with trust allowing instant access to all servers regardless of which server you started on. Required by a few clients with load balancing that do not have apache running on any of their dialers.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby DomeDan » Tue Aug 13, 2013 8:43 am

Nice!

Then I got an other patch for stage two:
Code: Select all
--- dgg_install_stage_two.sh.orig   2013-07-09 10:55:07.415359949 +0200
+++ dgg_install_stage_two.sh   2013-08-13 15:30:22.895547687 +0200
@@ -35 +35,2 @@
-#@TODO: Get db name from conf
+#@TODO: Get db name from conf  * Done
+source <(sed 's/\ =>\ /=/g' /etc/astguiclient.conf) #parsing the astguiclient config file and use the VARDB variables
@@ -37 +38 @@
-mysql asterisk < $SVNREPOSITORY/dgg_mysql_setup.sql $PASS
+mysql $VARDB_database < $SVNREPOSITORY/dgg_mysql_setup.sql $PASS -h$VARDB_server

Then we are killing two birds with one stone, getting the database name and ip-address :)

I have only installed DGG on one of my servers, the one with asterisk and apache, because my standalone firewall stops all other traffic pointed to the other servers,
Seams line I'm the only one with this kind of setup :P but the change in stage two will make the install work on server setups like mine and like yours,
its better that the database install works all the time instead of failing on all servers except the database server
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Tue Aug 13, 2013 9:00 am

Code: Select all
source <(sed 's/\ =>\ /=/g' /etc/astguiclient.conf) #parsing the astguiclient config file and use the VARDB variables

mysql $VARDB_database < $SVNREPOSITORY/dgg_mysql_setup.sql $PASS -h$VARDB_server


updated.

although we'll see if it creates a problem when multiple servers try to create the same table. LOL
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby DomeDan » Wed Aug 14, 2013 7:11 am

Cool :)

This is what's gonna happen:
the second server runs the dgg_mysql_setup.sql that will drop the goodguys table and recreate it.

if they already started adding ip-addresses with DGG then they will be surprised that their entries are removed when they installed the second server

code could be added to check the table structure and decide if it needs to be recreated or not, or maybe this can be done in sql,

or you can solve it by dumping the data to a temp table and insert it back in when the goodguys table is created

Code: Select all
--- dgg_mysql_setup.sql.orig   2013-07-09 10:55:07.413360151 +0200
+++ dgg_mysql_setup.sql   2013-08-14 14:10:14.399784846 +0200
@@ -1,3 +1,8 @@
+DROP TEMPORARY TABLE IF EXISTS goodguystemp;
+CREATE TEMPORARY TABLE goodguystemp LIKE goodguys;
+INSERT INTO goodguystemp SELECT * FROM goodguys;
 DROP TABLE IF EXISTS goodguys;
 CREATE TABLE IF NOT EXISTS goodguys (  id bigint(20) NOT NULL AUTO_INCREMENT,  name varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,  ip varchar(15) COLLATE utf8_unicode_ci NOT NULL COMMENT 'xxx.xxx.xxx.xxx',  temporary enum('Y','N') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'N' COMMENT 'temporary = dump at reboot',  timestamp timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'entry date',  PRIMARY KEY (id),  UNIQUE KEY ip (ip) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=1 ;
 
+INSERT INTO goodguys(id,name,ip,temporary,timestamp) SELECT id,name,ip,temporary,timestamp FROM goodguystemp;
+DROP TEMPORARY TABLE goodguystemp;
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Wed Aug 14, 2013 1:17 pm

why would you drop it if it exists? why not just leave it there? that's why the create command has "if not exists" in it, to avoid dumping the existing table.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby DomeDan » Thu Aug 15, 2013 2:15 am

the row: "DROP TABLE IF EXISTS goodguys;" is not added by me, its in the svn,
and I would drop it because the existing table might have the wrong structure
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Thu Aug 15, 2013 10:46 am

did you check this to see if it fails if there is no prior table "goodguys"? some of those commands appear to rely on it's previous existence without an "IF"
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby DomeDan » Thu Aug 15, 2013 2:29 pm

as long as the process starts with "DROP TABLE IF EXISTS" it will work in both ways, if it exists and if it does not exist

and as long as these columns are the same: id,name,ip,temporary,timestamp
it will be able to insert the old data even if the new goodguys have more columns, the new columns will default if they are not defined in the insert
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Thu Aug 15, 2013 2:49 pm

CREATE TEMPORARY TABLE goodguystemp LIKE goodguys

if there is no "goodguys" won't this fail?

and my question wasn't "will it fail" it was "did you test". i'm assuming you didn't test ... you "decided"? 8-) (or did you actually test it both ways?)

i'd hate to make an svn change and then find out it kills the script at this point
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby DomeDan » Thu Aug 15, 2013 2:58 pm

haha, right, that second line.. ops xD sorry !
Tested it, with and without a table structure change. but forgot the third and very important way
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Thu Aug 15, 2013 6:49 pm

Well, keep tweaking it. It'll be better every time. :)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby DomeDan » Tue May 06, 2014 8:11 am

Was helping ruben23 out with how to use DGG in a multiserver setup where you need to access several external ip-addresses and came up with a solution I would like to share.

With this change you need to login once on one server only

You will need to install DGG on the other servers the master server will access phpmysqlezedit/goodguys.php page on the other servers

on the "master"-server you add a few lines to the secret file on port 81
just above the line "header("Location: http://$locationbase/agc/vicidial.php?r ... phone_pass");"
Code: Select all
        $url = 'http://NEXT_SERVER_IN_CLUSTER.LOCAL/phpmysqlezedit/goodguys.php?access=SECRET-STRING-TO-ACCESS-DGG-ADMIN&action=savenew';
        $ch = curl_init($url);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, "name=$VD_login&ip=$add&temporary=Y");
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $response = curl_exec($ch);
        curl_close($ch);


Change
NEXT_SERVER_IN_CLUSTER.LOCAL
to the IP or domain-name to the next server in the cluster,
if you got more servers just add all the rows a second time with the other server IP or domain-name
and change
SECRET-STRING-TO-ACCESS-DGG-ADMIN
to the secret access string to DGG admin you get when you install DGG
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Sun Jun 08, 2014 11:33 pm

Excellent. I think we'll add a slightly modified version of that. We'll pull from the servers table to get a list on which to execute (excluding "me" on the server being executed, so it can be executed on any server). Adding this to the "after script" that activates the GOOD file addition will make it work when submit is pushed, and putting it in a loop will allow unlimited clustered servers. Also putting in a "no wait" directive will cause it to ignore any servers that don't have DGG installed.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby dspaan » Fri Aug 15, 2014 1:20 pm

I have successfully installed DGG on a single server setup, stock ViCibox.

Only my problem is that the editor URL is not working. The agent login works fine.

Here is an example of what my URL's look like:

This one works fine:
http://myserver.com:81/sdfhuwesdf-sdf92-ff224-23rh8g2l-dig9g73jd7.php


This one redirects to the poundteam.com page:
http://myserver.com/phpmysqlezedit/goodguys.php?access=sdfhuwesdf-sdf92-ff224-23rh8g2l-dig9g73jd7


What could be wrong?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Fri Aug 15, 2014 2:14 pm

Does the access = value match the access variable set in /etc/ ?

What is the path to the etc file created?

Or did you just hard-code it directly into the file instead of using the include method?
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Fri Aug 15, 2014 7:44 pm

I note that your two values are the same: the one for the filename of the :81 is actually the same as the access= value. That's not likely correct. The system does not make them the same. So you likely "created" one of those links instead of copying it from the installer CLI output.

Can you post the CLI output? (note that if you did not copy it when it showed, it cannot be found in history, it's just gone ...). We can still find the values, of course, but that output (if you captured it) would likely show your problem quite clearly.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby dspaan » Sat Aug 16, 2014 2:55 am

No i don't have the CLI output. It didn't say that in the wiki article.

Can i run the installer again or will that mess things up?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Sat Aug 16, 2014 12:33 pm

Copy this information! It is easy to get now, but not so simple later unless you are very familiar with Linux.

Running the installer again will NOT get this information but will possibly break something ... and will not actually resolve anything.

The password in question will be stored in /etc/phpmysqlezedit/goodguys.php
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby dspaan » Sat Aug 16, 2014 3:20 pm

Thanks found it and got it working :-)

So if i want do this on a cluster i'll have to buy the pound team addon?

Will adding an IP also open up port 4569 for IAX2?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby williamconley » Sat Aug 16, 2014 4:32 pm

No need to purchase unless you want "login on A to allow use of B immediately". Works nicely on a cluster, as long as your agents log in to the server they will be using for both Web and Dialer (if they use two different servers, they'll need to log in to both to gain access through the firewall of both immediately).
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20256
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby nicholus » Tue Nov 25, 2014 7:22 am

I have installed and followed the directions above line by line on a fresh install. Site still appears in MegaProxy and I am able to ping the server.

Did I miss something?
(ViciBox 6.0.3) | VERSION: 2.10-451a | BUILD: 140902-0816 | Asterisk 1.8.31.0-vici | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Dual Xeon E5345 @ 2.33GHz QUAD CORE | 8GB RAM
nicholus
 
Posts: 3
Joined: Sun Nov 23, 2014 5:59 pm

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby dspaan » Tue Nov 25, 2014 9:00 am

In yast firewall you turned off the allowed services under the advanced menu?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby nicholus » Tue Nov 25, 2014 10:10 pm

External zone only has port 81 listed for TCP all others have been deleted.
(ViciBox 6.0.3) | VERSION: 2.10-451a | BUILD: 140902-0816 | Asterisk 1.8.31.0-vici | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Dual Xeon E5345 @ 2.33GHz QUAD CORE | 8GB RAM
nicholus
 
Posts: 3
Joined: Sun Nov 23, 2014 5:59 pm

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby dspaan » Wed Nov 26, 2014 5:15 am

Did you mind this:

NOTE: After installation, DO NOT use Yast Firewall ... Yast firewall deletes good guy entries upon saving/exiting from yast. Be sure to check all entries before final submission.

Is yast firewall actually running?

I don't know what else to look for, could be anything. Are the admin and authentication pages working properly for DDG?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby ruben23 » Thu Nov 27, 2014 5:21 pm

HI guys any multi server guide in installing DGG somehow..? like 1 database/Web server and 2 asterisk Server. Thanks
SkypeID: rlacumba
IBM x3200 Dual Core 2.4 Ghz.
4GB Ram
VERSION: 2.4-311a
BUILD: 110514-1351
© 2011 ViciDial Group
Asterisk 1.4.27-vici
Another VICI_day, same trunK, same Channel-->Transcode...
ruben23
 
Posts: 1161
Joined: Thu Jul 31, 2008 10:35 am
Location: Davao City, Philippines

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby dspaan » Thu Nov 27, 2014 7:31 pm

I've seen it somewhere in the forums. Also you can pay poundteam to set it up for you.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby DomeDan » Fri Dec 12, 2014 7:27 am

wrote about multiserver in this very topic :P viewtopic.php?f=4&t=27329#p111442
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby dspaan » Thu Dec 18, 2014 7:43 am

I did another DGG install but my colleague was unaware of this and used Yast firewall. But the admin page and authentication page still seem to work.

In the apache log i see this:

[Thu Dec 18 03:21:28 2014] [error] File does not exist: /srv/www/lockdown/myadmin
[Thu Dec 18 03:21:31 2014] [error] File does not exist: /srv/www/lockdown/phpMyAdmin-4.2.1-all-languages
[Thu Dec 18 03:21:34 2014] [error] File does not exist: /srv/www/lockdown/phpMyAdmin-4.2.1-english
[Thu Dec 18 03:21:39 2014] [error] File does not exist: /srv/www/lockdown/sqlite
[Thu Dec 18 03:21:42 2014] [error] File does not exist: /srv/www/lockdown/SQLite
[Thu Dec 18 03:21:45 2014] [error] File does not exist: /srv/www/lockdown/SQLiteManager-1.2.4
[Thu Dec 18 03:21:45 2014] [error] File does not exist: /srv/www/lockdown/sqlitemanager
[Thu Dec 18 03:21:46 2014] [error] File does not exist: /srv/www/lockdown/SQlite
[Thu Dec 18 03:21:46 2014] [error] File does not exist: /srv/www/lockdown/SQLiteManager
[Thu Dec 18 07:00:01 2014] [notice] Graceful restart requested, doing restart
[Thu Dec 18 07:00:01 2014] [notice] Apache/2.2.15 (Linux/SUSE) mod_ssl/2.2.15 OpenSSL/1.0.0 PHP/5.3.3 configured -- resuming normal operations
[Thu Dec 18 09:45:35 2014] [error] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.Win32:)
[Thu Dec 18 10:07:38 2014] [error] [ Directory index forbidden by Options directive: /srv/www/htdocs/agc_nl/
[Thu Dec 18 10:08:04 2014] [error] script '/srv/www/htdocs/agc_nl/vicidail.php' not found or unable to stat
[Thu Dec 18 10:17:14 2014] [error] File does not exist: /srv/www/lockdown/favicon.ico
[Thu Dec 18 10:17:14 2014] [error] File does not exist: /srv/www/lockdown/favicon.ico
[Thu Dec 18 10:17:28 2014] [error] File does not exist: /srv/www/htdocs/phpmysqlezedit/style.css, referer:
[Thu Dec 18 10:17:49 2014] [error] File does not exist: /srv/www/htdocs/phpmysqlezedit/style.css, referer:
[Thu Dec 18 10:17:52 2014] [error] File does not exist: /srv/www/htdocs/phpmysqlezedit/style.css, referer:
[Thu Dec 18 10:17:58 2014] [error] File does not exist: /srv/www/htdocs/phpmysqlezedit/style.css, referer:
[Thu Dec 18 10:18:06 2014] [error] File does not exist: /srv/www/htdocs/phpmysqlezedit/style.css, referer:
[Thu Dec 18 11:04:12 2014] [error] File does not exist: /srv/www/lockdown/favicon.ico


Any recommendations?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Dynamic Good Guys Firewall for Stock Vicibox Servers

Postby natewerks » Wed Feb 03, 2016 5:15 pm

hello Guys,

I am new to vicibox. I am having an issue with the DGG install. When i access from the vicibox from an external ip it puts the router wan IP address in the good guys list. Does this mean that i am opening up ports to the internet?

Please help.


Vicibox 7 standard single install. No Dial Hardware,
natewerks
 
Posts: 6
Joined: Mon Jan 25, 2016 4:54 pm

Next

Return to Support

Who is online

Users browsing this forum: No registered users and 101 guests