Network Configuration diagram
Hi All,
I Need LAN Computers (X lite Client) to be able to connect to VoIP Server (Asterisk).
How can i configure the proxy server for this purpose.my diagram is in above link.can you help to connect X lite client to VoIP server.
Following are the Configuration.
LAN - X Lite Client
need to connct to example.com:5060 to register client
Proxy Server - Centos 7
Squid Proxy
etho0 - 192.168.1.250 /connect to ADSL Router ,Masquerade zone disable
etho1 - 192.168.1.0/24 connect to LAN , DHCP Server enable
VoIP Server - Asterisk 11.20.0 1.el7.centos
SIP ports 5004 - 5082 UDP
RTP Ports 10000 - 20000 UDP
You can't use SQUID for proxy SIP.
Should be sip proxy, for example you can use kamailio.org
Related
I have a HAProxy configured that works as expected when sending requests directly to the proxy host and port that the proxy is listening on. The proxy is running in TCP mode.
frontend tcp-in-mssql
bind :5650
mode tcp
use_backend mssql
backend mssql
mode tcp
server mssql01.mydomain.com mssql01.mydomain.com:5650 check
When I try to send requests to the proxy by using the SOCKS_PROXY or ALL_PROXY env vars, the proxy isn't used and the connection is made directly.
example:
SOCKS_PROXY=socks://localhost:5650 my_command --target=mssql01.mydomain.com:5650
ALL_PROXY=socks://localhost:5650 my_command --target=mssql01.mydomain.com:5650
The proxy is bypassed and a TCP connection is made directly to the target host. Though if do something like my_command --target=localhost:5650 the TCP connection goes through the proxy and is made successfully to the backend target server.
How can I route traffic to the proxy?
Socks is a specific protocol to be spoken by client and proxy (https://en.wikipedia.org/wiki/SOCKS). Socks allows the client to specify which server to connect to on which port. To do so, the client establishes a connection to the socks proxy, the socks proxy then establishes a connection to the server and forwards the traffic from client to server and vice versa.
Example:
client -> socks proxy (port: 1080) -> server1 (port: clients choice)
-> server2 (port: clients choice)
-> serverN (port: clients choice)
-> server (clients choice)
Your HAProxy configuration configures the haproxy to serve as a reverse proxy for tcp connections on port 5650. Tcp traffic received on port 5650 will then be forwarded to one of the destination servers configured in backend section.
Example:
client -> reverse proxy (port 5650) -> backend (server and port
as defined in haproxy config)
So you already have a working solution for proxying the connection to the mssql backend. Just configure the mssql client to connect to the hapoxy on port 5650.
If you need a socks proxy to suit your use case, you have to replace the haproxy with a dedicated, socks capable proxy solution
I can't connect to my queue on azure account using java code. It seems that the problem is the network. I can to connect with my private network but not with the company network.
I have this message error:
Exception in thread "main" http://com.microsoft.azure .servicebus.primitives.ServiceBusException: Error{condition=amqp:connection:framing-error, description='connection aborted', info=null}.
Any hints?
It seems that the problem is the network. I can to connect with my private network but not with the company network.
Yes, you are right. I also find the simlar issue on the github. It seems that your company firewall restriction which blocks all traffic on ports 5671 and 5672. We could get more information from AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide.
Azure Service Bus requires the use of TLS at all times. It supports connections over TCP port 5671, whereby the TCP connection is first overlaid with TLS before entering the AMQP protocol handshake, and also supports connections over TCP port 5672 whereby the server immediately offers a mandatory upgrade of connection to TLS using the AMQP-prescribed model. The AMQP WebSockets binding creates a tunnel over TCP port 443 that is then equivalent to AMQP 5671 connections.
If possible, you could ask permission to open 2 ports in your company firewall.
We did a network traffic capture while using the Discovery Node API and found that there was port access attempted on 621XX ports (62111, 62112, etc) and we were wondering if there was a specific set of ports the Discovery service typically uses.
This information would help immensely when firewall and corporate proxy settings come in to play.
The Watson Discovery API is an HTTPS service so only needs TCP port 443 to work. I would suggest that the activity on ports 621** are dynamic or private ports that your app is using to make the connections. They are not ports that need to be punched through firewalls, they are merely the port at which HTTPS connections to the remote server on port 443 are terminated.
I am running FILE-Zilla ftp server on windows in one of the LAN pc connect to my router. i am trying to access the FTP server from the network outside of the router using Router WAN ip (WAN-to-LAN) by adding Port-Forwarding rule (NAT) in the router. I have 2 cases here as per below configurations. the 1st is working and the 2nd is not (in Passive mode).
Note: i have added the custom inbound rule in the windows 7 firewall
where the ftp server is running.
Configuration #1
Filezilla FTP server port: 21
Passive port range: 50000-51000
NAT - external port: 21
NAT - internal port: 21
Windows firewall inboud rule port allow port: 21, 50000-51000
Client connecting to: <Wan IP>:21
This is working if client is trying to connect using Active/Passive mode
Configuration #2
Filezilla FTP server port: 2000
Passive port range: 50000-51000
NAT - external port: 21
NAT - internal port: 2000
Windows firewall inboud rule port allow port: 2000, 50000-51000
Client connecting to: <Wan IP>:21
This is working only if client is set to Active mode.
Not working with Passive mode configuration by client. the client can connect and login is successfull but ends with the error message at server side like this without any directory listing.
227 Entering Passive Mode (192,168,1,2,195,85)
Note: both the case working in LAN-LAN network.
My guess is that the configuration #1 works only because the NAT is smart enough to translate the IP address in the PASV response from the server. But it likely does that only for the standard FTP port.
You should tell the FileZilla FTP server its external IP address. Go to Edit > Settings > Passive mode settings > IPv4 specific > External Server IP Address for passive mode transfers.
Currently your FTP server is sending its internal IP address to the client. And the client obviously cannot connect to the IP address.
And have the NAT forward the ports in the passive port range (50000-51000).
Though the change will break the LAN-LAN connections. To allow both LAN and WAN connections, check if the NAT can be configured to translate the IP address for the non standard ports too. Though the translation will work for unencrypted connection only anyway. And you should not use unencrypted connections!
The last option is to use the extended passive mode (EPSV), if your clients allow that. In the extended passive mode, there's no IP address in the response. The FTP client uses the primary IP address of the FTP server for data connections.
I am using Boost asio in Visual C++. I am trying to connect to a static IP which listens TCP on port 1222. unfortunately i can only connect with Lan and cannot connect from another Lan to the TCP listening PC(203.143..).
It connects perfectly with the EC2 server. Is it something to do with firewall. but when i run the app it ask for the user to allow firewall for the specific port. I can post my code but i guess it's not something to with the code.
Usually a firewall on the server side (the PC you are trying to connect to) have to be configured to allow incoming connections.
Firewall on your side should be OK, it usually allows any type of outgoing connections.
I don't know what you meant by "the app ask for the user to allow firewall for the specific port" (clarify).