access elastix and ari outside network

Discussion in 'General' started by reynolwi, Oct 4, 2008.

  1. reynolwi

    Joined:
    May 5, 2008
    Messages:
    100
    Likes Received:
    0
    Im still trying my hardest to get access to elastix and ari from outside our enterprise network but still am not having any luck.

    Right now the SSL port 443 and web 80 are on exchange
     
  2. danardf

    Joined:
    Dec 3, 2007
    Messages:
    8,069
    Likes Received:
    12
    Good morning.

    Do you have a router?
    If yes, you must doing redirect 2 ports TCP:
    [*]80 http[*]443 https

    These 2 ports are redirected to IP addresse Elastix server.
     
  3. reynolwi

    Joined:
    May 5, 2008
    Messages:
    100
    Likes Received:
    0
    NO we can't... i explained in my original post that exchange OWA uses those ports on the router and under no circumstances can we change that. I need a different way to get to elastix.
     
  4. saleh

    Joined:
    Apr 18, 2007
    Messages:
    249
    Likes Received:
    0
    You can change the ports for http and https for your Elastix Server.

    Example:

    1) for http
    # vi /etc/httpd/conf/httpd.conf

    find this in the httpd.conf "Listen 0.0.0.0:80" and change it like this "Listen 0.0.0.0:12XXX"

    2) for https
    # vi /etc/httpd/conf.d/ssl.conf

    find this in the ssl.conf "Listen 443" and change it like this "Listen 12XXX"

    and "<VirtualHost _default_:443>" and change it like this "<VirtualHost _default_:12XXX>"
     
  5. jades

    Joined:
    Oct 5, 2008
    Messages:
    38
    Likes Received:
    0
    After following saleh's steps make sure you run:
    service httpd restart

    After you made your changes
     
  6. danardf

    Joined:
    Dec 3, 2007
    Messages:
    8,069
    Likes Received:
    12
    I didn't see this line!

    Why do not redirect another port :

    http://public_address:8080/ ---> @IP at Elastix server:80

    Exemple:
    210.2.55.10 (public)
    192.168.1.100 (Elastix)
    http://210.2.55.10:8080 forwarded to 192.168.1.100:80
     
  7. danardf

    Joined:
    Dec 3, 2007
    Messages:
    8,069
    Likes Received:
    12
    In this case, into the LAN, no one can doing connect by the port 80!
    Not cool.
     
  8. reynolwi

    Joined:
    May 5, 2008
    Messages:
    100
    Likes Received:
    0
    I have tried port forwarding on the router side but it fails. I changed the ports like what saleh said but now the FOP panel will not load and im guessing its because its still looking for asterisk on ports 80 and 443. how do i change fop so it looks at the new ports? im going to set a link on our intranet and website for users so they can get to ARI outside so if i have to have a port number show thats fine with me.
     
  9. saleh

    Joined:
    Apr 18, 2007
    Messages:
    249
    Likes Received:
    0
    The default port of the FOP Panel is 4445

    Change line ";listen_port=4445" to "listen_port=12XXX" in file "/var/www/html/panel/op_server.cfg"

    OR forward the default port of the FOP Panel to your Elastix Server
     
  10. saleh

    Joined:
    Apr 18, 2007
    Messages:
    249
    Likes Received:
    0
    Dear danardf,

    Apache can listen to two ports (like 80 for LAN and 8080 for WAN)
     
  11. danardf

    Joined:
    Dec 3, 2007
    Messages:
    8,069
    Likes Received:
    12
    I'm ok with you, but for usuals connections it's 80.
    Simply for no change the usual.
     
  12. reynolwi

    Joined:
    May 5, 2008
    Messages:
    100
    Likes Received:
    0
    Maybe im not understanding or you guys arent understanding. When you go to the flash operator panel in elastix, freepbx, or even thru the web doing https://servername/panel you get the error cannot display this webpage. It can not access FOP anymore because i changed the SSL server port. How do i get FOP running again or am i stuck with no outside access to elastix? If apache can listen to two ports how do i set SSL to function on port 443 within the enterprise and some different port for outside access?
     
  13. reynolwi

    Joined:
    May 5, 2008
    Messages:
    100
    Likes Received:
    0
    ohh and FOP doesnt work in the enterprise or out. It doesnt show up period.
     
  14. saleh

    Joined:
    Apr 18, 2007
    Messages:
    249
    Likes Received:
    0
    I think the easy way is only changing the apache to listen in tow http ports (not changing the ssl port) and disable the "RewriteEngine" option in the httpd.conf

    "RewriteEngine" = "redirect the http traffic to https traffic"

    To DO THIS:

    # vi /etc/httpd/conf/httpd.conf

    search this "RewriteEngine On" in the config file and disable it.

    vor changes

    RewriteEngine On

    after changes

    RewriteEngine off

    Then: change apache to listen in tow http ports

    # vi /etc/httpd/conf/httpd.conf

    vor changes
    Listen 0.0.0.0:80

    after changes
    Listen 0.0.0.0:80
    Listen 0.0.0.0:8080

    Then: After you made your changes

    # service httpd restart
     
  15. martinparks

    Joined:
    Nov 21, 2007
    Messages:
    13
    Likes Received:
    0
    I don't know if this well help you but I am giving it as an example of what I am currently doing.

    my ports are also taken up by an active server so to access my internal network from outside I use Putty and Firefox

    I Installed putty to c:\ of my laptop
    you will need port 22 open on one of your systems


    go to start --> run

    C:\putty.exe public_address -D 8080
    Log into your putty session and leave it open but minimized to the start bar

    Then open Firefox and in the connection settings.

    Select Manual proxy configuration

    add this to
    SOCKS Host: localhost
    Port: 8080

    now save and restart Firefox

    Firefox will use the open putty session to tunnel into your network

    from there you use your networks local IPs (192.168.. or 10.0..) in Firefox to get around just like if you where there in person.

    This setup only takes 30 secs and after you are done just set Firefox back to No proxy
    and that's it.

    The connection has the added benefit of tunneling through a secure port and you do not need to change anything on Elastix or any other server.
     

Share This Page