0

We have recently set up a new Aterisk pbx server based on our previous pbx (also Asterisk) which was installed by an external company.

We've kept the configuration of the server the same, all we did was add db support to Asterisk, which wasn't implemented by the previous company. It's running on Centos 6.4. The 1st ethernet port split into two vlans, the second vlan being the one on which the phones connect to Asterisk and also receive ip addresses from dhcp.

There is a web portal running on the Asterisk server whereby data can be viewed and also various modifications made to call center agents. This is served up on the first vlan.

However there are some computers that are not on the right ip range to view the portal on the first vlan, but they are in the same range as the phones. Up until we changed to our new updated pbx, they were able to view the portal on the second vlan, but that is no longer possible.

I've added listen rules for the the ip addresses of both vlans in httpd.conf, in the format:

listen xxx.xxx.xxx.xxx:80

listen yyy.yyy.yyy.yyy:80

but it's still not working.

Do I need add a route via the route command? or implement port forwarding? I don't know very much about networking and am more or less learning on the fly at the moment.

Any help would be appreciated.

The result of cat /proc/sys/net/ipv4/ip_forward is '0'

and the result of ip ro sh is:

192.168.244.0/24 dev em2 proto kernel scope link src 192.168.244.250

192.168.12.0/24 via 192.168.20.1 dev em1.20

192.57.4.0/22 dev em1.10 proto kernel scope link src 192.57.7.248

192.168.20.0/22 dev em1.20 proto kernel scope link src 192.168.20.2

169.254.0.0/16 dev em1 scope link metric 1002

169.254.0.0/16 dev em2 scope link metric 1003

169.254.0.0/16 dev em1.10 scope link metric 1016

169.254.0.0/16 dev em1.20 scope link metric 1017

nimosza
  • 11
  • 4
  • could you show output of the # cat /proc/sys/net/ipv4/ip_forward and # ip ro sh? – ALex_hha Jul 26 '13 at 09:02
  • the result of cat /proc/sys/net/ipv4/ip_forward is '0' If I'm right that means that port forwarding is off? – nimosza Jul 26 '13 at 10:31
  • The result of ip ro sh is:192.168.244.0/24 dev em2 proto kernel scope link src 192.168.244.250 192.168.12.0/24 via 192.168.20.1 dev em1.20 192.57.4.0/22 dev em1.10 proto kernel scope link src 192.57.7.248 192.168.20.0/22 dev em1.20 proto kernel scope link src 192.168.20.2 169.254.0.0/16 dev em1 scope link metric 1002 169.254.0.0/16 dev em2 scope link metric 1003 169.254.0.0/16 dev em1.10 scope link metric 1016 169.254.0.0/16 dev em1.20 scope link metric 1017 – nimosza Jul 26 '13 at 10:32

3 Answers3

0

A VLAN is a link-layer construct which virtually emulates physically separate network segments. I can only assume that your network is correctly architected and the VLANs each have a different subnet for hosts assigned to them.

It sounds like the problem you are having, if that assumption is true, is related to routing. Chances are that your PBX is not also the router which routes your telephony VLAN (which mysteriously has non-telephony hosts on it), but it might be. In either case, do a traceroute to the IP of the host hosting the web portal you're having trouble getting to, and see where the routing breaks down. A router is required to move data across multiple networks, and for whatever reason one of the routers between your host on the phone network and your web server isn't passing the traffic along. Also look for errant firewall rules.

Normally you will be using some kind of routing protocol to manage these routes, which is where you should start looking for issues. However, if for some reason you are managing routes statically, you may need to add a route manually.

Suppose your PBX is also acting as the default gateway for the telephony network. In this case, likely the PBX doesn't have a route to the web portal server's network. However, it may also be the case that the web portal server doesn't have a route back (run the traceroute from both directions), or that the gateway isn't configured to forward traffic.

You wouldn't need to forward a port unless you were doing NAT between your internal networks, which would be somewhat unusual.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
  • Hi, I realised I wasn't very clear in my original question. The web portal is actually running on the same server as Asterisk. The server has two ethernet ports, the first one of which is split into two virtual devices pointing at two different vlans, these two virtual devices each have a static ip. The issue is that I can see the portal on the the first virtual devices ip but not the second one's. – nimosza Jul 26 '13 at 08:53
0

You need to confirm the basics first:

  1. IP Connectivity/Routing
  2. httpd config
  3. firewall rules

A lot of this answer looks like questions, but I think this gives you something to work with:

From the asterisk server can you ping the devices that you want to access the portal from? If not work through that routing issue to fix your basic connectivity. (Does this server exist in the same subnets as your old one that worked, or did you deploy a new address space?)

Run netstat -tna4 and make sure that the server is actually listening on xxx.xxx.xxx.xxx:80 and yyy.yyy.yyy.yyy:80, is it? If not double check your httpd config and restart it.

Do you have an active firewall running on the host? If so turn it off and see if that works, if it does, turn it back on and update your rules.

RussellM
  • 31
  • 4
0

In the end it turned out to be something as simple as adding a default gateway on the 2nd virtual interface. Unfortunately with my total lack of networking knowledge, it was anything but obvious to me. My original question was very unclear because I didn't really have a very good idea of what the problem actually was or how the vlans work. I have a much better idea now.

Anyway, thanks for your help. Very much appreciated.

nimosza
  • 11
  • 4