Topic: remote administration using web interface

[Richard Warwick]

Hi,

I've got an e-smith box at a different location from where I normally work.  For purposes of discussion - call the remote location "Branch", and my office "HQ"  
I need to administer the "Branch" firewall/server over the internet, but don't want it "wide" open - I wanted to limit it to the address range at HQ.  I can SSH to Branch from HQ, but the Web interface doesn't work - I get "forbidden".

I tried activating the "additional local networks", but that has side affects at that location - I.E. when the windows users need to get to resources at HQ, it doesn't work.  I'm guessing, but,I think, from reading the masq file in etc/rc.d/init.d that it is trying to route directly between the local net and the HQ address range on the internet without using masq'ing.

so, How is the best way to allow administration without breaking everything else?

Eventually, I'm going to get VPN going, but (because of HQ issues) that may be months away.

Thanks
Richard

[Michael Smith]

Get VPN going now.  When you establish your VPN to your e-smith box you can use the e-smith-manager and/or SSH (assuming you're permitting SSH).

[Andy MacDonald]

Or read the howto's about using the Server-Manager page over ssh

[jesus]

http://www.carrollweb.net/putty/putty-howto.html

[Jon Blakely]

Or another option is to use SSL.

Read this

http://www.e-smith.org/docs/howto/remote-mgr-access-howto.html

Jon

[Jeff C]

You could simply add the HQ IP address to your "Local Networks" panel in the server-manager and be done with it until you build your vpn.

-jeff

[Richard Warwick]

did that, it causes side affects breaking access from branch workstations to hq resources.  please see original message.

Thanks, though, for replying

[Boris]

I added only my managements workstation to local network list (subnet mask 255.255.255.255). "Branch" office loses connectivity  due incorrect routing to  resources on my workstation only (and they have no need to anyway), but rest of the "HQ" network is available.

Still the best way is direct VPN over PPTP to e-smith server
Good Luck.

[bob]

Did you try this?

http://geocities.com/mrfragger/e-smith/ssh-remotewebadmin.html

[Rob Wellesley]

>
> so, How is the best way to allow administration without
> breaking everything else?
>

I do remote admin this way

on the remote machine

/sbin/e-smith/db configuration setprop httpd-admin ValidFrom

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

/etc/e-smith/events/actions/restart-httpd-graceful

this opens up the server admin for external access over SSL

For commandline I install Darrell Mays Webconsole on the remote server and access via https

http://www.myezserver.com/downloads/mitel/contrib/webconsole-0.0.1/

Remote access settings on the remote server are

Secure shell (ssh) access: public
Allow administrative command line: yes
Allow ssh access using standard passwords: yes

Works fine


Rob