Topic: Telstra ADSL with 4-port Self-Install kit (PPPoA) Help/Mini

[Barry Rogers]

Tom,

You're a bl__dy legend!

I did the defserver configuration and all the emails came flooding in... Thanks a heap. I believe the Wesite is now visible from the outside.
You do not have to email me, as I use an external email service for this testing, but thanks anyway.
It is easy when you actually know what you are doing, which I lack!

Can I ask a really dumb question? Why isn't the Primary Website visible from the internal network, unless I type in "www.e-smith.blah.com", but all the virtual domains are?

When you say "This can be hazardous, " do you mean the server is open now to intrusion? The server may be on the inside of the router, but all requests are still going to the external NIC (10.0.0.1) and therefore I would have thought the server can look after itself for any intruders coming into it from any port?
To safeguard this, maybe I could selectively open up different ports for web, FTP, email, SSH, etc. Would this be better?

Anyway, thankyou again. Legend!

Barry Rogers

[Tom Docking]

G'day Barry,

I'm glad it all worked for you!


> Can I ask a really dumb question? Why isn't the Primary
> Website visible from the internal network, unless I type in
> "www.e-smith.blah.com", but all the virtual domains are?

Hmmm, in actual fact, I haven't bothered looking at the web site internally on this system. (Maybe I should.)

When I put it up, I just found where the E-Smith box put the "Starter web page," and popped the files in there. As such, it comes up as soon as I put in the domain.

I'll have a look around, but I think someone else will be better at answering this one than I will...

 
> When you say "This can be hazardous, " do you mean the server
> is open now to intrusion? The server may be on the inside of
> the router, but all requests are still going to the external
> NIC (10.0.0.1) and therefore I would have thought the server
> can look after itself for any intruders coming into it from
> any port?
> To safeguard this, maybe I could selectively open up
> different ports for web, FTP, email, SSH, etc. Would this be
> better?

When I said that "it may be hazardous," that is just me being exceptionally paranoid. The E-Smith firewall should be perfect at bouncing any intrusions, I just like the idea of not opening up any more ports to the local network than I have to. Perhaps a firewall expert can give us an opinion?


Cheers,

Tom Docking

[Mizou]

Hi Tom,

When you mention

"I set up my E-Smith box as 10.0.0.1 on the interface for the Alcatel ADSL modem, and forwarded the appropriate ports to this address. The result; perfect and seamless forwarding to the http server and mail servers...",

I followed your instructions and I got stuck (understanding) on the above. Could you help further?

Cheers

mizou

[Tom Docking]

What's the matter? You don't like Yoda speak?


What I did was:

1) On the E-Smith box, I set the network card (that was connected to the Alcatel box) to have the address of 10.0.0.1.

I use the 192.168.1/24 space internally, so using the 10.... on the alcatel worked well. In other words, I ignored the DHCP server that was built into the Alcatel modem.


2) I telnetted into the Alcatel modem, and began forwarding the appropriate ports to the E-Smith box.

     "telnet 10.0.0.138 23" (or "telnet 10.0.0.138:23")
to get to the CLI mode of the Alcatel modem

     "nat create protocol=tcp inside_addr=10.0.0.1 inside_port=80 outside_addr=0 outside_port=80"
to forward all traffic destined to port 80 (http) to the e-smith box.
to forward other traffic, simply substitute the inside and outside port in the above example. Eg, 110 to allow the POP3 server to be accessed.

Any ports that you do not forward, will hit the Alcatel box and drift off into /dev/null.


If you would like to send *all* traffic to the e-smith box, then you can do:
     nat defserver addr 10.0.0.1

It all depends on how paranoid you are.


I hope this helps a bit better.

Cheers,


Tom Docking

[darren]

i Know this sound stupid but what did you set the e-smith box to
i.e

static ip
ppoe
etc.....

cause i am trying to setup a dlink dsl 300+ modem in ppoa mode
 Cheers Darren

[Barry Rogers]

our e-Smith box is - DHCP client (send ethernet address as client ID)

[Barry Rogers]

Tom,
I have just upgraded from 4.1.2 to 5.1.2 (forced to do so) and am finding the ADSL modem locks when I do 'nat defserver addr 10.0.0.X', which you told me about way back when. this was absolutely no problems with 4.1.2... all worked 100%.
5.1.2 seems to 'open' lots of ports when I look at the 'list' in 'nat' on the ADSL modem after doing the 'defserver' command. perhaps this is causing the lock up problem on the ADSL modem?
I have tried opening selected ports on the ADSL modem - 80-HTTP, 25-SMTP, but alas, nothing is coming through to the SME.