Welcome to the community forums for Theopenem. All responses are provided by other users that wish to help out. Theopenem will not respond to these posts. If you require more assistance than what the community can provide, we offer various paid support options.

  • I am limited to a single server in my environment, but have decided to better fortify my network. I currently have everything filtered and am whitelisting traffic through a DMZ proxy inbound to my Toec server.

    Thus far I have only been experimenting with Toec on my local network, and it works beautifully, however, I was wondering what ports are used for the clients to register with the server.

    I'm looking to forward those ports from a DMZ proxy into my server, whilst keeping the management console locked to the local net.

    I can't spin up a new machine due to resource limitations at this point, but have come across the need to manage endpoints off the network.

    Is this possible given my chosen design?


  • Your approach is correct. Only open up port 8888 to allow the endpoints to communicate, keeping the ui and api locked down to just the internal network.

  • On this note:

    During the setup there are a few different interface entries. I am seeking clarification on which are local and which are public, considering the change of network configuration.

    Using https://docs.theopenem.com/getting-started/configure/ as a reference

    Local or Public?
    Com Server:

    I ask because I am receiving the following error from the client:

    2021-03-14 13:48:02,785 ERROR [4] ApiRequest DOMAIN\User - Error Retrieving API Response: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond PROXY_IP_ADDRESS:8888
       at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
       at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.GetResponse()
       at RestSharp.Http.GetRawResponse(HttpWebRequest request)
       at RestSharp.Http.GetResponse(HttpWebRequest request)
    2021-03-14 13:48:02,801 ERROR [4] ServiceActiveComServer DOMAIN\User - Could Not Connect To Any Client Com Servers.  Delaying 30 Seconds Before Next Retry.

    However, at my DMZ proxy I am seeing in the logs the traffic inbound, masquerading to my server, and a response being sent back out.

  • @jikeidan I definitely had an issue with my itptables ruleset - had an adapter "eth-" entered instead of "eth0" - was preventing 😃

    Thanks again!