Topic: Easy Port Forwarding

[Matt Goss]

Hi there!

I believe e-smith seriously needs an easy method of port forwarding.

For a small business manager, the ways provided are much to complex.

Building it into the server-manager, and taking care of all the little details in the background, would make it so much powerful.


Mitel (E-smith) could benefit from this, in that every $150 router on the market has an easy to use web interface with easy-to-use port forwarding.  Not providing this functionality in an easy to use way puts SME 5 a step behind the competition.


Thank you,
Matt

[John]

That's true; before i have installed i used Smoothwall. There you can easly make Port Forwarding with the general web interface.

Best, John

[Leon Uys]

Hear! Hear! I also thought I "upgraded" from SmoothWall but the lack of port forwarding is a serious motivator to go back to SW. I have to maintain a NT server behind the firewall and I still haven't got it working properly.
Leon.

[Matt Goss]

Any comment from the E-Smith Administrators?

This is a serious setback and I'd like to see it addressed, even if they can only verbally their feelings on the issue.


Another reason to add easy(er) port forwarding is that a small business may already have a web or ftp server with contracted support.  With easy(er) port forwarding, they could keep their current server, and then use e-smith to share bandwidth with the whole office.

Awaiting your feedback,

Thanks,
Matt

[koolmoose]

Matt Goss wrote:
>
> Any comment from the E-Smith Administrators?
>
> This is a serious setback and I'd like to see it addressed,
> even if they can only verbally their feelings on the issue.

From past posts, I believe Charlie Brady (Mitel) has long standing concerns about port forwarding that might seriously compromise internal network security.

He has developed a better way (using Apache proxypass) to provide access to internal web servers without unduly compromising the private net security.

See

ftp://ftp.e-smith.org/pub/e-smith/dev/5.1beta/updates/e-smith-proxypass-1.0.0-01.noarch.rpm

"This module allows Apache to be configured to pass requests for
 specified URLs through to other internal or external web sites.
 Access to the passthrough locations is optionally restricted
 to particular IP addresses or ranges.
"

If this module checks out I understand it will be added to 5.1, presumably with the server-manager interface.

I certainly can't speak for MITEL but I believe their big concern for users is security and proxypass is the direction they are going for port 80.  Much better to be safe than sorry.

Paul

[Matt Goss]

That is an excellent suggestion for forwarding web ports!

Thank You!

However, this does not assist with other things like forwarding an ftp port.

While I can understand the point on security, I think the lack of good port forwarding will prevent many small businesses from using this. (not to mention my own frustration while the current method works only some of the time, and with only certain ports and not others, for no seeminly good reason)

If a small business already has an email server for instance, e-smith can't port forward to it, without going to great lengths.


My wish item would be:
A server-manager add-on that allows port forwarding and also notices if you are trying to port forward on a port that is already in use, and would shut down that item.  ex. fwd port 21 and the local ftp turns off...


But again, thank you very much for your post!

I would like to know, from the e-smith managment, if this request is going to be put into action.

Thanks again,
Matt