error

kramtw

Joined
Nov 14, 2008
Messages
15
Likes
0
Points
0
#1
hi

all remote calling card extension not connecting to server and all softphone sawing 404 error

can anyone help

not much info


thanks
 

gamba47

Joined
May 28, 2009
Messages
595
Likes
0
Points
0
#2
kramtw said:
not much info
Really Not Much Info :S

Can you explain a litle bit ?

Are you tryng to connect to your PBX from outside of the lan ?
Are you behind a NAT ?


Regards.
gamba47
 

kramtw

Joined
Nov 14, 2008
Messages
15
Likes
0
Points
0
#3
ok

i how have a bit more info all of the sip extension in freepbx that are remote to the lan are not working i am getting the 404 error both on the zoomata and the counterpath softphone, whereas the extensions that are local to the freepbx are working

one more thing the server that i am using to host the pbx is a dell poweredge 2950 with two nics in it is there a way to get both of them working together?i guess load balance, i find that the webpages from that server take some time to open.

thanks
 

gamba47

Joined
May 28, 2009
Messages
595
Likes
0
Points
0
#4
Are you behind a Router ?


gamba47
 

kramtw

Joined
Nov 14, 2008
Messages
15
Likes
0
Points
0
#5
yes the server is behind a router i think that i had all the port forwarded to the servers ip address
 

gamba47

Joined
May 28, 2009
Messages
595
Likes
0
Points
0
#6
Put your Elastix box in DMZ on your router (this is for portforward al ports - tcp & udp )


gamba47
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#7
I question gamba47's advice:

In the DMZ!!!???

Danger, Danger Will Robinson!!

Perhaps for debugging, but please realise what you expose to the "bad guys" out there if you do that with a "standard" Elastix installation, not just VOIP/SIP but more particularly the HTTPS interface, which is truly generic and well known as to user/password.

You will be a sacrificial lamb under these circumstances, I implore you to protect your "property/accounts" with better circumspect. Prime example, Did you change your /var/www/html/admin credentials? ( I bet you a dollar to a donut you didn't!)

IF a sentient "knuckle dragger" cared to phish you network, I believe you (and your VOIP accounts) would be compromised in 10 seconds flat!!

(these guys(bots) don't sleep, they are not stupid, in fact they are almost certainly cleverer than you, further, denial is not a river in Egypt. Welcome to the real world)

I might be paranoid, but that doesn't mean THEY are not out to get me!
 

donhwyo

Joined
Aug 8, 2008
Messages
293
Likes
0
Points
0
#8
Don't bet against dicko. A good doughnut costs more than a dollar anyway. Besides he is right.

Don
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#9
(Hey Don !! what's new?)
 

kramtw

Joined
Nov 14, 2008
Messages
15
Likes
0
Points
0
#10
ok i have done the dmz thing and the some of the remote sip accounts from the freepbx worked, but the remote sip accounts that where done in a2billing are still working. i thing that i have all the right port open because it was working (both the freepbx and a2billing) for the past year or so.

and yes as dicko was saying putting the server on dmz is like saying hi to the world.

if possible give me list of the ports that need to be forwarded to the server from the router
 

gamba47

Joined
May 28, 2009
Messages
595
Likes
0
Points
0
#11
How about the problem of Asterisk with sip behind nat ?

I know about this problem, but a strong password solve it o not ?


regards. gamba47
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#12
Gamba47:

I'm not sure I understand your thinking.

Surely forwarding the bare minimum set of ports necessary in any deployment is better than opening all 65000 of them.

The NAT "problem" and it's standard resolution remains exactly the same in both scenarios, port forwarding is port forwarding.

A glaring example of the insecurities you expose yourself to:

put your box in the DMZ and from any other box in the world you have root access to the mysql database on port 3306 with the "well known" password eLaStIx.2oo7,

Regards

dicko

(If root access is limited to localhost then that wouldn't be the case)
 

Patrick_elx

Joined
Dec 14, 2008
Messages
1,120
Likes
0
Points
0
#13
dicko said:
Gamba47:
A glaring example of the insecurities you expose yourself to:
put your box in the DMZ and from any other box in the world you have root access to the mysql database on port 3306 with the "well known" password eLaStIx.2oo7,
dicko
Thanks Dicko for pointing this one out. I never thought of it.
Is there a way to restrict access to this port/service only from localhost?

I was thinking about an hotel setup where the customers can connect their computer in their room instead of a telephone and hack in the pbx from the LAN...

What would be the proper way to lock them out?
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#14
Hey Patrick:

In such an environment, I think any network available to the guests should be fire-walled/routed just like the internet with static mappings for the phone MAC addresses and a restrictive "login portal" presented to any other MAC that pops up to collect their money.
 

gamba47

Joined
May 28, 2009
Messages
595
Likes
0
Points
0
#15
dicko said:
put your box in the DMZ and from any other box in the world you have root access to the mysql database on port 3306 with the "well known" password eLaStIx.2oo7,
Good point.

How many password do we have in elastix to change all of this ?

* Webadmin
* mysql

Something else ?

I would like to create a simple script to change all of this password when you install your box.

Regards. gamba47
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#16
gamba47:

Basically "lots" there are several posts here that enumerate the common ones. somethings like sqlite don't even have one.

Unfortunately changing the default passwords (particularly yhe mysql root password) has an unpleasant side effect of stopping a lot of value added add-ons(and even Elastix intrinsic) scripts from running, and even disabling some otherwise functional parts.

My personal belief is that "scripting" such basic changes will neither particularly improve the system's security, but will further give the users a false sense of security, further security is not only compromised by insecure password's many things running on you box are insecure, even perhaps your mail server and almost certainly your web server, so truly caveat implementor.

I believe a well constructed firewall and a solid knowledge of what services are running on your system are pretty well imperative, as is a basic understanding of security issues under any circumstances.

There is a forum called security here where perhaps some options have already been explored, and is also more pertinent to your current direction.


regards

dicko
 

gamba47

Joined
May 28, 2009
Messages
595
Likes
0
Points
0
#17
Thanks dicko. I will read more :D


gamba47
 

kramtw

Joined
Nov 14, 2008
Messages
15
Likes
0
Points
0
#18
so guys how then do i get the remote sip accounts to work as i am still not able to get them working, i am still getting the 404 error on all of my remote xlite clients.


can anyone help

thanks
 

gamba47

Joined
May 28, 2009
Messages
595
Likes
0
Points
0
#19
Do you make the portforward on your router ?


gamba47
 

Patrick_elx

Joined
Dec 14, 2008
Messages
1,120
Likes
0
Points
0
#20
did you allowed NAT on your extensions?
what's the 'sip debug ip' log?
 

Members online

Latest posts

Forum statistics

Threads
30,915
Messages
130,920
Members
17,594
Latest member
knethardsolutions
Top