Open Meetings integration

(alex) #1

Hi folks my question is multi stranded so im happy to rephrase it subsequent to this question. I wanted to setup a video conference capability and have gone with apache open meetings. After usual struggles with various tutorials i found a qcow image on the apache site which is up and running on my proxmox host (yey!). i deliberately didnt install it on nethserver but noted that there is a guide to doing this within this community

my first question regards how i make the openmeetings server available via the public ip address that my nethserver is using (currently i just vpn onto my internet router which not adequate - i could spend weeks looking at port forwarding/nat/reverse proxies/firewall etc and be no wiser!). A step by step approach to this would be really useful and has broader use than just OM

secondly, has anyone else tried a similar project and integrated OM with Nethserver - ldap? anything else?

thanks in advance for your thoughts on this
Cheers
ALex

(Rob Bosch) #2

Did you ever have a look at Big Blue Button as conferencing tool? It is often used in educational environments and seamlessly fits into applications like Moodle.

(Markus Neuberger) #3

A HTTPS reverse proxy to 5080 would be nice but I don’t know if it works well with openmeetings.

A port forward of 5080 and 1935 to the openmeetings host should do it in any case.

https://openmeetings.apache.org/PortSettings.html

If you choose port forwarding you should secure openmeetings:

https://openmeetings.apache.org/RTMPSAndHTTPS.html

(alex) #4

thanks Robb i will definitely take a look at that because the documentation looks a million times friendlier than the apache project!

(alex) #5

thanks Markuz i just dont seem to be able to access the open meetings host from internet (via nethserver at least - i can vpn onto my internet router and access it from there via 192.168.1.20 - an interface i generally disable)
Nethserver red interface (192.168.1.16) is connected to an internet router and is a DMZ host of the router with a public IP
Nethserver green interface (192.168.10.16) is connected to a private network - open meetings server is 192.168.10.20 and has gateway of 192.168.10.16

Ive setup port forwarding 5080 => 5080; 1935 => 1935 for the open meetings server object I created
I was hoping this would work but the firewall seems to drop packets
May 2 13:16:50 cwprod11v04 kernel: Shorewall:net2loc:DROP:IN=eth0 OUT=eth1 MAC=b6:96:b0:f3:ae:10:00:1d:aa:5d:b4:f8:08:00 SRC=<my_ip> DST=192.168.10.20 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=7136 DF PROTO=TCP SPT=20718 DPT=5080 WINDOW=64240 RES=0x00 SYN URGP=0

ive played with the firewall also - opening up RED=>OPEN_MEETINGS but had no luck with various configs and deleted for security

I’m really having no luck here - its crossed my mind that i should have setup a DMZ network for the hosts im trying to access from internet (i will do this next time im on site) but docs seem to indicate that this should work on green network (i think)

a port scan from nmap on my PC does not show the 5080 or 1935 ports open

…any thoughts appreciated! Cheers. Alex

(alex) #6

************ Welcome to NethServer ************

This is a NethServer installation.

Before editing configuration files, be aware
of the automatic events and templates system.

      http://docs.nethserver.org

[root@cwprod11v04 ~]# ssh om_admin@192.168.10.20
om_admin@192.168.10.20’s password:
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-119-generic x86_64)

26 packages can be updated.
17 updates are security updates.

Last login: Wed May 2 19:55:37 2018
om_admin@ubuntu:~$ ifconfig
ens19 Link encap:Ethernet HWaddr de:11:9d:92:05:33
inet addr:192.168.10.20 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::dc11:9dff:fe92:533/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:809 errors:0 dropped:0 overruns:0 frame:0
TX packets:152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:479892 (479.8 KB) TX bytes:15899 (15.8 KB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1723 errors:0 dropped:0 overruns:0 frame:0
TX packets:1723 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:967327 (967.3 KB) TX bytes:967327 (967.3 KB)

om_admin@ubuntu:~$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.10.16 0.0.0.0 UG 0 0 0 ens19
192.168.10.0 192.168.10.16 255.255.255.0 UG 0 0 0 ens19
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ens19
om_admin@ubuntu:~$ netstat -plnt
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::5080 :::* LISTEN -
tcp6 0 0 :::5701 :::* LISTEN -
tcp6 0 0 :::9999 :::* LISTEN -
tcp6 0 0 :::1935 :::* LISTEN -
om_admin@ubuntu:~$
om_admin@ubuntu:~$ ping google.com
PING google.com (172.217.23.14) 56(84) bytes of data.
64 bytes from lhr35s01-in-f14.1e100.net (172.217.23.14): icmp_seq=1 ttl=50 time=10.0 ms
64 bytes from lhr35s01-in-f14.1e100.net (172.217.23.14): icmp_seq=2 ttl=50 time=9.77 ms
^C
— google.com ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 9.776/9.898/10.020/0.122 ms
om_admin@ubuntu:~$

(alex) #7

Hi Robb i wondered if you had managed to get BigBlueButton running behind Nethserver firewall. The documentation mentions the following ports need to be forwarded:
TCP ports 80, 443, 1935, and 7443
UDP ports in the range 16384 - 32768
I’m slightly challenged with the UDP port range - unless i have made a mistake!

(Markus Neuberger) #8

Are there port forwards or other firewall rules on your internet router because they are handled before the forwarding to the DMZ host, in your case the Nethserver?

Can you see the other open ports? Can you port forward from your internet router to some internal webserver just to check if your provider blocks some ports?

(alex) #9

Hi Markuz, the router has allocated the public IP as a “DMZ host” - i believe it therefore doesnt apply any firewall rules to it but i will check tomorrow… I have ports open on nethserver as below. If I create a firewall rule to allow ALL RED=>GREEN then i see the NGINX front page that the BigBlue Button server presents (on port 80). Ive disabled that rule now!

Discovered open port 587/tcp on 81.150.54.173

Discovered open port 25/tcp on 81.150.54.173

Discovered open port 143/tcp on 81.150.54.173

Discovered open port 995/tcp on 81.150.54.173

Discovered open port 22/tcp on 81.150.54.173

Discovered open port 110/tcp on xxxx

Discovered open port 80/tcp on xxxx

Discovered open port 993/tcp on xxxx

Discovered open port 5280/tcp on xxxx

Discovered open port 465/tcp on xxxx

Discovered open port 5222/tcp on xxxx

Discovered open port 1935/tcp on xxxx

Discovered open port 8089/tcp on xxxx

(Markus Neuberger) #10

I think you forgot some xxxx and show public IP…

Maybe it’s an openmeetings problem, maybe there are some trusted sites access settings.

(alex) #11

oops i was a bit tired there! the logs show the nethserver firewall dropping packets - does that not indicate that the firewall is preventing access as opposed to the downstream server. I seem to get a similar result with BigBlueButton and OpenMeetings on 2 seperate servers (both on green network)

(Markus Neuberger) #12

You mean port forward is not working to openmeetings and is not working to bigbluebutton? Does it work when you apply the “ALL RED=>GREEN” again just for a short test? Maybe it’s a firewall issue on the instances of OM or BBB?

In this case a wrong source port (20718 instead of 5080) is used so it’s dropped.