Station behind firewall do not work

General support regarding TimeTrex, such as
configuring policies/taxes or processing payroll.
Locked
lstoumbos
Posts: 80
Joined: Wed Jan 10, 2007 7:41 am

Station behind firewall do not work

Post by lstoumbos »

TT 1.4.2
Linux 2.6
PHP 5.1.2
Apache 2

Currently I have TT setup on our dedicated IP address as a virtual host in the apache config file.

Code: Select all

<VirtualHost 70.141.25.1:443> ( not my actual IP )
The problem from following the manual and creating a station with the Enabled, Type as PC, Source as 70.141.25.1 and the Station ID as "ANY", all employees allowed to punch in and out. When in the internal network nobody can punch in or out. You can't even punch in or out from outside the firewall either, but that was the point.
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Post by shaunw »

Station source IPs are the IPs of the client machines, not the server. So if an employee is logging into TimeTrex from AOL using a 144.10.12.5 IP, you need to set that as the source.

Virtual host settings have no effect on stations.
lstoumbos
Posts: 80
Joined: Wed Jan 10, 2007 7:41 am

Post by lstoumbos »

Taken directly from the manual.

To create a “wild cardâ€
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Post by shaunw »

From a computer you wish to punch in/out from, if you open a web browser and go to: http://whatismyip.com, does the IP address that it tells you the one you are using as the station source? If not, try using that address instead and see if it works.

If both your TimeTrex server and your computers where employees punch in/out from are behind your firewall, you may need to use internal IP addresses, such as 192.168.1.0 or 10.10.0.1.
lstoumbos
Posts: 80
Joined: Wed Jan 10, 2007 7:41 am

Post by lstoumbos »

I don't think I am giving you the right information. I apologize.

Our server is on the firewall. Its a linux box and it handles the TT server and the firewall. I have more than 30 computers behind the firewall and would like anyone to be able to punch in from these computers.

When I setup TT to allow all the computers behind the firewall to punch in, it wouldn't work. It said I wasn't allowed to punch in from this station.

My question is what do I have to do to allow everyone to punch in from any computer behind the firewall, without setting up each computer with its own dedicated IP address.
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Post by shaunw »

What are the IP addresses of the computers behind the firewall, where employees will be punching in/out from?
lstoumbos
Posts: 80
Joined: Wed Jan 10, 2007 7:41 am

Post by lstoumbos »

subnet 255.255.255.0
ip addresses 10.10.100.0
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Post by shaunw »

At this time you can't use subnet masks in the station source, so you will either need to add each IP address manually as a station, or pass all traffic through some sort of proxy so they are seen as a single IP, or modify the code of course.
lstoumbos
Posts: 80
Joined: Wed Jan 10, 2007 7:41 am

Post by lstoumbos »

Thanx for the reply. I might try hard coding it but then I worry about the updates. I will look into a proxy.
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Post by shaunw »

I have talked to the developers and we may be able to get some basic subnet mask support in for v1.5.0-final. No guarantees though of course.
lstoumbos
Posts: 80
Joined: Wed Jan 10, 2007 7:41 am

Post by lstoumbos »

Thank you, it would make it alot more dynamic.
Locked