Topic: Public access through SME 6.0

[mthomas]

I'm running SME 6 final as server gateway and I want to allow public access to a NetBSD 1.6.2 sever on the same network. What is the best way to do this? Forward a port, use "Add network" under local networks or something else.

Thanks

Mark

[bobk]

I'm running SME 6 final as server gateway and I want to allow public access to a NetBSD 1.6.2 sever on the same network. What is the best way to do this? Forward a port, use "Add network" under local networks or something else.

Thanks

Mark

Why not start by expalining what type of "public access" you want to allow.

[mthomas]

www, ssh, ftp.

[cc_skavenger]

sounds like you'll have an easier time putting a router/firewall in front of the server, assigning it a public IP and port forwarding the ports you need.

Probably not the answer you wanted, but probably the only way to do it.

Hope this helps.

[bobk]

I have not test this but you could try the following

Assign the NetBSD 1.6.2 sever an IP address in a different range than the SME server. Example: If the SME server is 192.168.1.1; set the NetBSD 1.6.2 sever as 192.168.2.1.

Set the NetBSD 1.6.2 server's gateway as the SME server's internal IP address.

Go to the SME SM Local Networks panel and set up the NetBSD 1.6.2 sever as a local network with the external IP address of the SME server as the router.

Go to the SME SM Information Bays panel and setup an information bay to point the NetBSD 1.6.2 sever's domain to.

Go to the SME SM Domains panel and setup a virtual domain on your SME server for the NetBSD 1.6.2 server’s domain name. This must be a real domain with real DNS records pointing to the SME server's public external IP address. Point it to the information bay you just setup.

Go to the SME SM Hostnames and Addresses panel and enter the NetBSD 1.6.2 server's host name as a local host on your primary domain using the local IP address assigned previously (192.168.2.1 - subnet mask 255.255.255.255). In the virtual domain section change all the hosts to 'local' and assign the NetBSD 1.6.2 server’s local IP address (192.168.2.1) for all the listed services. You might need the set these to be be published globally and assing the SME server's public external IP address as the global address.

In theory this should work but no guarantees.

[Boris]

It will not work in theory nor in real life.
Right from the start:
>> If the SME server is 192.168.1.1; set the NetBSD 1.6.2 sever as 192.168.2.1.

They will not comunicate without router in between.

The main problem is that SME (as gateway) will respond to www, ssh and ftp (if enabled) itself.
You simply can not use the same port on given IP address for two computers.
You will need to either:
1.change SME's ports for those services to nonstandard and then unused standard ports (80, 22, 21) forward to internal NetBSD server.
2. use nonstandard ports for public access, forwarded to standard ports to internal NetBSD (public 88 > internal NetBSD's port 80 etc..)
3. Disable relevant services on SME and forward unused ports to internal NetBSD server. In this case it is not clear what you need this (SME) server for. e-mail and file sharing?

[mthomas]

thanks for the replies. since the NetBSD box is just used for testing I will just forward some non-standard ports to standard ports to the NSD box.