Not able to open Odoo required ports and allow through the firewall.
-
@noreast-it said in Not able to open Odoo required ports and allow through the firewall.:
Odoo
So your doing on site hosting, or your using it online hosted by them? I looked at their page and I don't see anything about allowing their IPs access to all of your devices for unsolicited inbound traffic.. Which would make little sense to be honest.
You may need to talk to their servers outbound on port 8069? But I don't see any info about having to open firewall ports even.
-
@SteveITS said in Not able to open Odoo required ports and allow through the firewall.:
@noreast-it So just to verify these devices all have public IPs?
No our devices do not have public IP addresses, I don't want to do port forwarding or 1:1 or DMZ, would kind of defeat the purposes of having a router.
-
@johnpoz said in Not able to open Odoo required ports and allow through the firewall.:
You may need to talk to their servers outbound on port 8069? But I don't see any info about having to open firewall ports even.
Thank you for your response, We have outbound access as I am currently allowing all ports through and users can login to Odoo on the web. Our problem is that we are trying to use a virtual IoT device for Odoo to connect to and print to our internal printers.
-
As an addendum to our issues with Odoo, the consultants who are selling and setting up the Odoo product for/to us have been talking to Odoo about printer issues since July. And without fail no matter what info the consultant was adding to the ticket they were repeatedly told to open port 8069 at the very least and port 443 if 8069 was not enough to get the setup working. The consultant company has shown me logs from the Odoo server that show that it cannot communicate with our virtual IoT box. Is there a service out there that I can use to test port opening with?
-
@noreast-it said in Not able to open Odoo required ports and allow through the firewall.:
No our devices do not have public IP addresses, I don't want to do port forwarding or 1:1 or DMZ, would kind of defeat the purposes of having a router.
If they don’t have public IPs and you’re not forwarding ports it’s not possible to communicate with them over IPv4, from the Internet. Consider IPv6…?
-
@noreast-it you would forward what ports to to forward to this devices IP then, not open your whole network..
As mentioned @SteveITS you have to have public IP on this device not to have to forward too it.doing 1:1 nat or dmz would defeat the purpose of router???? You are not doing those things without a router.. So huh??
-
Hi Steve, could you refer me to documentation on how that would work with IPv6? Thank you.
-
@noreast-it does this software and their device even support IPv6? Does your ISP? Just forward the port(s) to the devices IP.. This is insanely easy to do.. Unless your behind a cgnat - which are you? What is the routers wan IP? Does it start with 100.64-127
-
@johnpoz Perhaps, I'm missing something but when I tried to port forward to multiple internal IP addresses (using an alias) it did not work. Are you telling me that there is a way to port forward a port to all internal IPs?
-
@noreast-it you don't need to port forward to multiple IP you need to forward to this 1 device that lets them talk to your local printers from the internet.
you don't even need to do that.. Nowhere does it say you need to forward ports - please point me to the documentation where it says you need to forward ports to their iot box..
Its just a raspberry pi for gosh sakes that phones home.. Where do you have to open inbound ports in their documentation - please point to that.
-
@johnpoz said in Not able to open Odoo required ports and allow through the firewall.:
@noreast-it you don't need to port forward to multiple IP you need to forward to this 1 device that lets them talk to your local printers from the internet.
Hi John, I've forwarded the port successfully to the device that connects to our printers. At least according to a port checker tool, except that Odoo still couldn't reach our printers. According to the consultants, Odoo support has now told them that the only support they are able to provide is to tell users to open port 8069 and 443 if 8069 on it's own does not solve the problem. Why? because Odoo does not have a network support team.
-
@noreast-it because they don't need one and you sure and the hell do not need to open those ports.. It phones home.. You need no inbound unsolicited traffic
It needs to be able to talk to the their services..
https://www.odoo.com/documentation/16.0/applications/general/iot/devices/printer.html
-
@johnpoz https://www.odoo.com/documentation/17.0/applications/general/iot/config/windows_iot.html#firewalls
Hi John, your comments are appreciated I will continue by trying to port forward to the device that the printers are connected to. Opening ports is what Odoo specified that I should do, their own logs show that they cannot connect to port 8069 on our internal network.
-
@noreast-it again you don't need any port forwards.. Do you see the iot box in your odoo? If not its not phoning home.. There is nothing on their documentation or forums about forwarding ports to these devices.. What if you had more than 1, etc. They phone home and present the device you connect to them so you can print to them from the odoo software.
-
@johnpoz I have been arguing with our consultants for over a month that the IoT device was already connected based on:
I will advise them that the printing issue needs to be looked at more from their end. Thank you.
-
@johnpoz said in Not able to open Odoo required ports and allow through the firewall.:
Do you see the iot box in your odoo?
Yes we do, and we have been able to assign reports to printers and modify the configuration, but every time nothing printed I was informed that the issue was on my end based on: https://www.odoo.com/documentation/17.0/applications/general/iot/config/windows_iot.html#firewalls
-
@noreast-it its says printers.. But I don't see any printer actually listed.. This 1 iot box isn't going to be able to magically printer to any printer in your network.
what shows up when you click the handlers button? It doesn't support every single printer out there.. From the doc it should auto detect what printer you have connected to it via say usb.. But I doubt it would auto detect some printer on your network via its IP, etc.
I would suggest you get with them about adding a printer to the iot box. You clearly see that the iot box is online in their system.. But its not seeing any printer, etc.
Is your printer connected to this box via usb?
edit: that is for windows firewall, using their windows virtual IOT.. Not some iot box. And that inbound rule is for when some device on your network can not access the virtual IOT running on that windows machine, or if you want to setup Worldline thing.
That has zero to do with some iot box you have on your network, with a printer attached to it
-
@johnpoz Hello, all printers are being connected with a virtual IoT box running on a windows server 2019 VM in order to connect to all needed printers via ethernet.
The printers that we have tested so far by installing are supported.
my bad, I had cut off the previous pic with out including the printers
-
@noreast-it said in Not able to open Odoo required ports and allow through the firewall.:
how that would work with IPv6
Normally, with IPv6 each device has its own public IP address. So a firewall rule on WAN allowing "from any to [alias of all Oodo IPs" or whatever would allow direct access. Of course whatever is connecting to them needs to use IPv6. And often IPv6 addresses will change because few ISPs assign static IPv6 blocks.
With IPv4 it is not possible to forward the same port to multiple IP addresses. Unless the "source" in the NAT forward is different.
Your linked doc page on Windows firewall would apply to your Windows server running their software, not your router.
-
@noreast-it said in Not able to open Odoo required ports and allow through the firewall.:
a virtual IoT box running on a windows server 2019 VM in order to connect to all needed printers via ethernet.
Well any firewall rules you need to do would be on that VM host then, not on pfsense.
But nowhere do I see any talk of opening a port forward in your firewall allowing any ports inbound unsolicited from the internet. You clearly see the virtual iot box in their system.. Why it can't print would be on that box or their system.. Has nothing to do with firewall rules or port forwarding on pfsense.