error

Discussion in 'General' started by kramtw, Jul 7, 2009.

  1. kramtw

    Joined:
    Nov 14, 2008
    Messages:
    15
    Likes Received:
    0
    hi

    all remote calling card extension not connecting to server and all softphone sawing 404 error

    can anyone help

    not much info


    thanks
     
  2. gamba47

    Joined:
    May 28, 2009
    Messages:
    595
    Likes Received:
    0
    Really Not Much Info :S

    Can you explain a litle bit ?

    Are you tryng to connect to your PBX from outside of the lan ?
    Are you behind a NAT ?


    Regards.
    gamba47
     
  3. kramtw

    Joined:
    Nov 14, 2008
    Messages:
    15
    Likes Received:
    0
    ok

    i how have a bit more info all of the sip extension in freepbx that are remote to the lan are not working i am getting the 404 error both on the zoomata and the counterpath softphone, whereas the extensions that are local to the freepbx are working

    one more thing the server that i am using to host the pbx is a dell poweredge 2950 with two nics in it is there a way to get both of them working together?i guess load balance, i find that the webpages from that server take some time to open.

    thanks
     
  4. gamba47

    Joined:
    May 28, 2009
    Messages:
    595
    Likes Received:
    0
    Are you behind a Router ?


    gamba47
     
  5. kramtw

    Joined:
    Nov 14, 2008
    Messages:
    15
    Likes Received:
    0
    yes the server is behind a router i think that i had all the port forwarded to the servers ip address
     
  6. gamba47

    Joined:
    May 28, 2009
    Messages:
    595
    Likes Received:
    0
    Put your Elastix box in DMZ on your router (this is for portforward al ports - tcp & udp )


    gamba47
     
  7. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    I question gamba47's advice:

    In the DMZ!!!???

    Danger, Danger Will Robinson!!

    Perhaps for debugging, but please realise what you expose to the "bad guys" out there if you do that with a "standard" Elastix installation, not just VOIP/SIP but more particularly the HTTPS interface, which is truly generic and well known as to user/password.

    You will be a sacrificial lamb under these circumstances, I implore you to protect your "property/accounts" with better circumspect. Prime example, Did you change your /var/www/html/admin credentials? ( I bet you a dollar to a donut you didn't!)

    IF a sentient "knuckle dragger" cared to phish you network, I believe you (and your VOIP accounts) would be compromised in 10 seconds flat!!

    (these guys(bots) don't sleep, they are not stupid, in fact they are almost certainly cleverer than you, further, denial is not a river in Egypt. Welcome to the real world)

    I might be paranoid, but that doesn't mean THEY are not out to get me!
     
  8. donhwyo

    Joined:
    Aug 8, 2008
    Messages:
    293
    Likes Received:
    0
    Don't bet against dicko. A good doughnut costs more than a dollar anyway. Besides he is right.

    Don
     
  9. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    (Hey Don !! what's new?)
     
  10. kramtw

    Joined:
    Nov 14, 2008
    Messages:
    15
    Likes Received:
    0
    ok i have done the dmz thing and the some of the remote sip accounts from the freepbx worked, but the remote sip accounts that where done in a2billing are still working. i thing that i have all the right port open because it was working (both the freepbx and a2billing) for the past year or so.

    and yes as dicko was saying putting the server on dmz is like saying hi to the world.

    if possible give me list of the ports that need to be forwarded to the server from the router
     
  11. gamba47

    Joined:
    May 28, 2009
    Messages:
    595
    Likes Received:
    0
    How about the problem of Asterisk with sip behind nat ?

    I know about this problem, but a strong password solve it o not ?


    regards. gamba47
     
  12. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Gamba47:

    I'm not sure I understand your thinking.

    Surely forwarding the bare minimum set of ports necessary in any deployment is better than opening all 65000 of them.

    The NAT "problem" and it's standard resolution remains exactly the same in both scenarios, port forwarding is port forwarding.

    A glaring example of the insecurities you expose yourself to:

    put your box in the DMZ and from any other box in the world you have root access to the mysql database on port 3306 with the "well known" password eLaStIx.2oo7,

    Regards

    dicko

    (If root access is limited to localhost then that wouldn't be the case)
     
  13. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    Thanks Dicko for pointing this one out. I never thought of it.
    Is there a way to restrict access to this port/service only from localhost?

    I was thinking about an hotel setup where the customers can connect their computer in their room instead of a telephone and hack in the pbx from the LAN...

    What would be the proper way to lock them out?
     
  14. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Hey Patrick:

    In such an environment, I think any network available to the guests should be fire-walled/routed just like the internet with static mappings for the phone MAC addresses and a restrictive "login portal" presented to any other MAC that pops up to collect their money.
     
  15. gamba47

    Joined:
    May 28, 2009
    Messages:
    595
    Likes Received:
    0
    Good point.

    How many password do we have in elastix to change all of this ?

    * Webadmin
    * mysql

    Something else ?

    I would like to create a simple script to change all of this password when you install your box.

    Regards. gamba47
     
  16. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    gamba47:

    Basically "lots" there are several posts here that enumerate the common ones. somethings like sqlite don't even have one.

    Unfortunately changing the default passwords (particularly yhe mysql root password) has an unpleasant side effect of stopping a lot of value added add-ons(and even Elastix intrinsic) scripts from running, and even disabling some otherwise functional parts.

    My personal belief is that "scripting" such basic changes will neither particularly improve the system's security, but will further give the users a false sense of security, further security is not only compromised by insecure password's many things running on you box are insecure, even perhaps your mail server and almost certainly your web server, so truly caveat implementor.

    I believe a well constructed firewall and a solid knowledge of what services are running on your system are pretty well imperative, as is a basic understanding of security issues under any circumstances.

    There is a forum called security here where perhaps some options have already been explored, and is also more pertinent to your current direction.


    regards

    dicko
     
  17. gamba47

    Joined:
    May 28, 2009
    Messages:
    595
    Likes Received:
    0
    Thanks dicko. I will read more :D


    gamba47
     
  18. kramtw

    Joined:
    Nov 14, 2008
    Messages:
    15
    Likes Received:
    0
    so guys how then do i get the remote sip accounts to work as i am still not able to get them working, i am still getting the 404 error on all of my remote xlite clients.


    can anyone help

    thanks
     
  19. gamba47

    Joined:
    May 28, 2009
    Messages:
    595
    Likes Received:
    0
    Do you make the portforward on your router ?


    gamba47
     
  20. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    did you allowed NAT on your extensions?
    what's the 'sip debug ip' log?
     

Share This Page