d001 wrote:I want to access my server from another network. I have included my IP address in the whitelist, but it didn't work.
Please confirm that you IP does not start with 192.168 or 10.
d001 wrote:In the YaST firewall, I have changed the zone of the interfaces from default to public. In the public option, I removed all allowed services except SSH. I saved the settings.
Are you using iptables or nftables (iptables-save provides full firewall dump for iptables, "firewall-cmd --list-all-zones | grep ': $' -v | grep ': no$' -v;" for nftables). In either case it may also be necessary to dump the ipsets that are involved as well.
d001 wrote:In the crontab, I added this:
- Code: Select all
#* * * * * /usr/local/bin/VB-firewall.pl --white --quiet
#@reboot /usr/local/bin/VB-firewall.pl --white --quiet
This was supposed to work, but it didn't.
Neither of those entries does anything. They both start with "#" and are "Comments" as a result.
d001 wrote:I used another method through NAT. I set my DNS IP to public and on my Mikrotik router, I created two NAT rules for ports 80 and 443 which redirect to the server.
If the Vicidial server does not have a public IP, this was 100% necessary before you began any other attempts. Thus any previous attempts should be retried. (Often we try something, determine it to be a failure, and move on ... but a later change was required before it could have succeeded: so going back and trying "ruled out" attempts is necessary again).
d001 wrote:However, this isn't the method I want to use because my WebRTC phone does not work outside the network.
WebRTC can work the same on any network IF you lie to the DNS resolver on the workstation to use the same Domain regardless of workstation location. Even windows has an /etc/hosts file that will lie on your behalf.
That being said: VPN is always an option and is useful for accessing resources on private networks.
d001 wrote:I don't know why, but also, I have two servers and I can't redirect them with the same public IP because I would have to change the ports 80 and 443 on the servers.
It is a normal concept to point port 81 on the router to port 80 of a 2nd vicidial server. Selecting an alternate port # for port 443 is also viable for SSL connections. The Vicidial server would be entirely unaware of the deception, of course. I'm not positive ALL links inside vicidial are properly formatted. For instance the "Admin Home URL" is usually "../vicidial/welcome.php" which allows for port mapping, but if you've changed it to "https://xxxx" then it would require modification.
If these two servers are clustered, however, there's really no need to expose both to the public web. Just use one for Web and the other for ... everything else.
PS: Good job posting your system specs!
