access 2 servers through 1 linksys router

Any and all non-support discussions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

access 2 servers through 1 linksys router

Postby Need » Thu Mar 28, 2013 4:29 pm

Hi guys,
Im hoping someone can help me here. Thanks to you guys I now have a fully functional vicidial server in the office :)
Ive been experimenting with vicidial and the network, ive managed to get access to the server from home by placing it in dmz and using no ip to access it via url.

But is that the correct way to access it from the outside world ?
Which leads me to my other question...

What do I need to do to successfully setup 2 seperate servers in the office and access them individually from outside the office ?

Basically just for testing purposes I would like to see if I can make this work, I have 2 servers one on 192 168 1 169 and second is 192 168 1 170 and I have a linksys modem router, can this be done ?

Im not a expert but I have some good knowledge of networking and computers.

Anyone willing to give me some advice on how to go about this ?

Thanks in advance
Mark
Need
 
Posts: 13
Joined: Sat Feb 02, 2013 9:35 am

Re: access 2 servers through 1 linksys router

Postby williamconley » Thu Mar 28, 2013 7:43 pm

never place a vicidial server in the DMZ unless you have a rock-solid firewall installed in the Vicidial server.

Since you have made no mention of your installation, I can't offer a lot of advice there, but I can tell you a more appropriate method to break holes in the office firewall and some suggestions to the Vicidial firewall.

1) Newbie suggestions! 8-)

when you post, please post your entire configuration including (but not limited to) your installation method and vicidial version with build.

this IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)

You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "from scratch" you must post your operating system and should also post the .iso version from which you installed your original operating system. If your installation is "Hosted" list the site name of the host.

If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.

Similar to This:

Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600

2) Take Vicidial out of the DMZ, forward port 80 TCP to the vicidial server and port 4569 UDP if you require a remote phone connection (You could use 5060 for remote SIP, but there are challenges if you have a router at both ends of the call ...). If you will have a second server and want access to that as well, forward external port 81 to internal port 80 on the 2nd server and add :81 to your domain name in the URL for the second server.

3) On the firewall in the vicidial server you should have a whitelist only system. This means closing all the ports and turning off ping and port 113 and then allowing traffic from individual IPs or IP ranges ONLY. so only those you specify will have access. This keeps China out unless you actually open a range for a hacker. If you only open individual IPs, I hope you can avoid opening one with a hacker on it. LOL If you installed with Vicibox you can use our Dynamic Good Guys package for this. It includes full lockdown instructions even if you don't install it. http://www.viciwiki.com/index.php/DGG

4) Of course, you could just get another IP address ... we actually recommend Vicidial be naked on the net to remove the router from the equation (less links in the chain, less points of failure).

Happy Hunting 8-) (And Welcome to the Party!)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: access 2 servers through 1 linksys router

Postby Need » Fri Mar 29, 2013 4:01 am

Sorry william did not know you must post version and setup for general chat, I will in future.
I got to thank you again, your knowledge is excellent :)

With the information you've provided ill start hunting over the weekend ;)

Thanks again mate
Need
 
Posts: 13
Joined: Sat Feb 02, 2013 9:35 am

Re: access 2 servers through 1 linksys router

Postby williamconley » Fri Mar 29, 2013 3:01 pm

if I had known your installer version, it would have been obvious if you could use DGG, or perhaps gardo would have stopped by and told you how to use the firewall in goautodial. And it is a requirement of the board to at least post the vici version with build. since it is free, it should not be too much of a hardship to gather this information ... unless, of course, you have not yet installed! LOL
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: access 2 servers through 1 linksys router

Postby ruben23 » Sun Mar 31, 2013 7:15 pm

@ williamconley

Any chance i can implement this DGG with a scratch install Ubuntu Server 12.04 LTS. im hoping..
SkypeID: rlacumba
IBM x3200 Dual Core 2.4 Ghz.
4GB Ram
VERSION: 2.4-311a
BUILD: 110514-1351
© 2011 ViciDial Group
Asterisk 1.4.27-vici
Another VICI_day, same trunK, same Channel-->Transcode...
ruben23
 
Posts: 1161
Joined: Thu Jul 31, 2008 10:35 am
Location: Davao City, Philippines

Re: access 2 servers through 1 linksys router

Postby williamconley » Mon Apr 01, 2013 6:10 pm

absolutely. if you have the balls to scratch install, you should also be able to download the install package for DGG and modify it to become the firewall for your fresh build.

Or, we could modify it to fit for you ... of course. Or you could wait for GNUdial to come out (momentarily ...) which is ubuntu 12.04LTS and will have DGG in it.

If you are interested in becoming a Beta tester for GNUdial, contact me directly.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: access 2 servers through 1 linksys router

Postby boybawang » Fri Apr 05, 2013 11:28 am

ubuntu uses ufw for its firewalling you can check out https://help.ubuntu.com/8.04/serverguide/firewall.html for instructions to use. Also learn to install and integrate fail2ban with asterisk and ssh to protect yourself from bruteforce attacks
Vicidial Installation + Configuration + Support + Custom Development
Download my ebook on installing vicidial for free http://download.vicidial.com/ubuntu/VIC ... 100331.pdf
skype: deodax.cordova@gmail.com
m: +639172063730
boybawang
 
Posts: 989
Joined: Sat Nov 14, 2009 1:18 pm
Location: Dumaguete City, Negros Oriental, Philippines

Re: access 2 servers through 1 linksys router

Postby williamconley » Fri Apr 05, 2013 10:39 pm

yep, but neither is a pure whitelist which will ultimately lead to brute force sip attacks OR an IP lockout if you enter the wrong password for a sip phone. unfortunately, if that sip phone password is incorrect in a room that is behind a firewall, all users in that same room will be suddenly locked out at the same time as the result of a single sip phone from that IP having the wrong password entered ...

but that's just my experience with those who use fail2ban for sip in that scenario. so far the only solution i've found that is universal is Pure Whitelist. and that's what DGG is for (to make pure whitelist palatable and easy to administer).

just so we understand what ufw for ubuntu is:

Code: Select all
It is also possible to allow access from specific hosts or networks to a port. The following example allows ssh access from host 192.168.0.2 to any ip address on this host:

sudo ufw allow proto tcp from 192.168.0.2 to any port 22
which means the user is expected to log in via ssh to administer ufw and learn that (interesting) language to administer it. i'm sure it's excellent for us geeky folk, but DGG has a web interface and does not require the user to ssh at all and will allow even remote users with dynamic IP addresses to access the system from their home or from Starbucks ... but only if they have The Code emailed to them first.

And it's free if you install it yourself. eventually we'll create a version for ubuntu, too.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: access 2 servers through 1 linksys router

Postby ruben23 » Sat Apr 06, 2013 11:07 am

this is nice hope DGG will have for Ubuntu server also, im saving so i can implement this, with help of williamconley :)
SkypeID: rlacumba
IBM x3200 Dual Core 2.4 Ghz.
4GB Ram
VERSION: 2.4-311a
BUILD: 110514-1351
© 2011 ViciDial Group
Asterisk 1.4.27-vici
Another VICI_day, same trunK, same Channel-->Transcode...
ruben23
 
Posts: 1161
Joined: Thu Jul 31, 2008 10:35 am
Location: Davao City, Philippines

Re: access 2 servers through 1 linksys router

Postby williamconley » Sat Apr 06, 2013 4:09 pm

as soon as we get past Beta, we'll be releasing the Ubuntu .iso and it will have DGG in it with ubuntu 12.04LTS.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 62 guests