Topic: Access to web site externally

[brian read]

I am having trouble configuring things to allow access to my SMEserver from the internet.

I have an IPCop firewall on an ADSL line, with an SMEServer on the LAN.

The ADSL line is a dynamic IP, but I have a dyndns domain, which I can ping sucessfully.

VPN from the internet works fine.

I have forwarded port 80 on the firewall to the SMEServer but my browser tells me that it canot find the server.  I am testing it from inside the LAN, by surfing to the DynDNS domain.

I ahve also tried another port (8888), just incase my ISP is blocking port 80, but that also doesn't work.

Does it matter whether I have the SMEServer in  Server only or Gateway and Server mode?  I have tried both.

any ideas?

Cheers

Brian

[Jon Blakely]

Brian,

I assume from your post that your server domain name and dyndns domain name are different.

If you want external http access to your server, your server domain name needs to be a FQDN ( fully qualified domain name) i.e the same as your dyndns domain name.

You can ping your dyndns domain name but you are only pinging as far as the external interface of your ADSL router or the external interface of your IPcop firewall, depending on whether you have an ADSL router or just a modem.

If you can't change your server domain name you can create a virtual domain with the name of your dyndns domain and point it at an Ibay and put your website there.

Jon

[brian read]

My Server domain name _is_ the same as the dyndns domain.

However I am not running DNS in the SMEServer, it runs in the Ipcop firewall.  Is that the problem?  IpCop doesn't seem to have an interface for setting the "local" domain name.

Brian

[Bill]

Brian,
There are two settings U must make on IPCOP to pass ports
1. Port Forwarding which U did
2. External Service Access MUST have Port 80 Open.

I used both IPCOP and Smoothwall, but it seems IPCOP kinda died, so I went back with Smoothwall. I BETA tested adding 'DansGuardian' to these Firewalls and it worked pretty good, but decided to put back on my SME 5.1.2 at home and SME 5.5 at the office.

BTW Try port scanning your FW to what ports it sees open. USE LANGUARD, GRC.com, NMAP, NESSUS,etc...

Good Luck
Bill

[brian read]

>There are two settings U must make on IPCOP to pass ports
>1. Port Forwarding which U did
>2. External Service Access MUST have Port 80 Open.

I have done both of these

>BTW Try port scanning your FW to what ports it sees open. USE LANGUARD,
>GRC.com, NMAP, NESSUS,etc...

GRC confirms that port 80 is open.

8-((

Brian

[Eerikki Peltokorpi]

Hello Brian

Have you tried to connect the webserver truly outside of you network. Sometimes you cannot access internal server from internal network tru outside world.....

Ask someone to try connect to server from internet...  

If that work then you have to tell somehow your's dns system that server is in local network. (use e-smiths DNS for primary and IPcop for secondary DNS server.)


Hope this help you out.

-Eerikki Peltokorpi-

[brian read]

Ok, I have done as Eerikki suggested, and tried it from "outside", and it worked!

How can I get the same URL to work internally as well?

Cheers

Brian

[Charlie Brady]

brian read wrote:

> How can I get the same URL to work internally as well?

Remove IPCop and configure the server in servergateway mode
[Unless you happen to use a USB ADSL modem, that is. You can blame Alcatel for that.]

Charlie

[Bill Talcott]

brian read wrote:
>
> Ok, I have done as Eerikki suggested, and tried it from
> "outside", and it worked!
>
> How can I get the same URL to work internally as well?
>
> Cheers
>
> Brian

If you're using the SME for internal DNS, it should route the URL to itself automatically. Otherwise, it's going to the internal router/firewall interface, which isn't being forwarded back to the SME.

[Bill]

If IPCOP has an internal ip of say 192.168.10.1 and U set primary DNS on IPCOP as 192.168.10.1 then edit the /etc/hosts of IPCOP and type

192.168.10.10 domain.com www.domain.com

where 192.168.10.10 is the Internal ip of your SME Server and domain.com is yor FQDN


I have SW running with SME as Private Server and Using TZO as my DNS Internet Service.

Works 100% for Me

Bill

[Tim Perreault]

I am nowhere the guru these other guys are, but I had about the same problem. Do you have 2 nics installed on the server? If you do swap them you might be saying that the nic connected to the lan is actually the external interface. I could see the internet, but not my lan. Once i swapped the eth in the setup, both worked fine. I had the firewall restrictions set to the lan nic instead of the external nic for the internet leaving my server open to the internet instead of my lan.

Tim

[Actron]

try JAP (http://anon.inf.tu-dresden.de/index_en.html&e=747 or http://anon.inf.tu-dresden.de)

it works for me to simple test my SME services on external NIC

(sorry for my short words - i'm a german )
actron