Is there any way to change the port the Web UI listens on?
Say from 80 to 8080?
9143i/9133i/480i
Thanks.
Web UI port
Submitted by alster on Wed, 03/31/2010 - 4:38pm.
ummmm
Thu, 04/01/2010 - 4:31pm
1. Exposing the UI of your phone or PBX to the web is for lack of a better term STUPID.
see: http://www.google.com/search?q="hacked"+site:trixbox.org
2. http://en.wikipedia.org/wiki/Port_forwarding
--
Thanks for the warning..
How
Sat, 04/03/2010 - 12:06pm
If you have ssh login, then
Sun, 04/04/2010 - 11:58pm
If you have ssh login, then you can create an ssh tunnel and access the web UI locally.
You can do something like this
ssh -L
then in your browser, go to
http://localhost:
and you will have access to your phone UI
If you are using Putty, look under Tunnels to create something similar.
HTH
Thanks for the ssh tip
Mon, 04/05/2010 - 10:29pm
Can you expand a little more please?
I typically use an app called SecureCRT on XP to access a linux box on the (remote) network (where the phones are) via ssh.
Are you implying I can setup an ssh connection to the phone? and then tunnel throught that?
I'm a little foggy on the direction your leading me..
couple suggestions....
Tue, 04/06/2010 - 5:08am
For the record we did accomplish the change you are eluding to above to the port the web admin user interface listens on not in the software but by setting up a "virtual server" rule in the firewall to bind our new TB web admin listening port (undisclosed) to port 80 on the internal TB IP AND by shutting off port 80 responses on the firewall. You can always set a remote access port on the firewall with whatever port you want and then log into it and deactivate the virtual server rule by a simple check mark when you don't need access to it and then remote in and check it again before accessing the TB remotely when you do need remote access. You can and should also consider changing the port 22 default Putty uses to connect to the TB. Why secure every other connection and not that one?
This is NOT the same as port forwarding which is useless since it would redirect hacker attacks the same as it would your valid attempts to access the admin interface...
You mentioned other systems in the network having traffic on those other ports so if you can put the TB on the same firewall with the other computers you can use the virtual server rules to route the port 80 traffic and the port 443 traffic to other internal IPs of the respective servers behind the same firewall or even remap them so they are more secure the same as you remap XXXX to 80 on the TB internal IP. If you cannot put them all behind the same firewall then get a public IP for the TB firewall alone, use a switch if necessary in front of your firewall to "split" your internet connection if it is DSL, cable, whatever and then use that dedicated firewall for the virtual server rule to remap port XXXX to port 80 on the TB internal, non public IP of 192.168.X.X
You might also consider (depending on budget) the use of an appliance such as a Raritan KVM over IP solution which would negate the need to leave anything open to the public web ever.... I picked an 8 port unit up on Ebay for $350 and the special KVM cable for it for $25 and considered myself lucky.... just an idea depending on how important maximum security is to you never mind the added ability to remotely resolve problems with the TB even if it locks up and you can't access it through the web or putty interfaces....
Marc
No you can setup an ssh
Tue, 05/04/2010 - 3:41pm
No you can setup an ssh tunnel through your Trixbox server to access your phone web UI.
It looks like the input format protectio messed up my example.
ssh -L (local port, et.1500):(phone IP):80 root@(external IP of trixbox)
Assuming your (external IP of Trixbox) port 22 is forwarded to your internal Trixbox IP
Once connected, on a local browser, go to
http://localhost:(localport, eg.1500)
MaG
www.eGuest.ca
Domains
Sat, 07/23/2011 - 12:37am
Member Since:
2006-10-06