Topic: SME server with firewall options on just 1 nic

[daedalus]

hi all,

I am not planning to use SME server as a gateway, because I have a fully functional adsl router.

but..
the thing is, I want to use SME server as web/mail/ftp server, but also have some control about who is connecting to it.

I wonder... is it possible to use SME's firewall option with just 1 nic ?

[Boris]

two options possible:
1. all the limitations done on the adsl router/firewall and server is set as server-only
2. SME setup as server-gateway with fake LAN interface and address. You may need to reverse eth0/eth1 interface for it so eth0 is your WAN instead of LAN.

Running second configuration doesn't really give you any more security over first option.
"Local networks" settings in the SME behind the ADSL firewall in combination with limited port forwarding on the existing firewall will allow you for enough safety.

[daedalus]

option 2 is the option I need.... but..
do I need to put an extra nic in the server just to be able to use the firewall option or...?

[Boris]

No, just use the same driver as you have, but it only load it as eth0, so make sure that eth0 is your Internet (not LAN) interface. Samba and some other services that bound by default to LAN interface will not work, but it was not in your requirements.
Most of the people with existing firewall are perfectly happy with SME in the server-only mode.

[arne]

If you use the server only option, you can also apply your own configuration of the Linux firewall via a script. Here is a adress for a "script generator".

http://iptables-script.dk/

The way I use the SME server, I set it up behind a ADSL router firewall as "server-only" and then I apply a additional firewall on the SME server using a firewall script. I this way I can open for all internet and lan trafic as required.

The argument against such an arrangement with two firewalls might be that this is more firewall functionality than a home server arrangement will need. On the ather hand the disadvances and the costs is zero, so I think it is a rather ok solution.

[Skydiver]

Changing To Server / Gateway mode fails with you only have one nic you can not use this mode.

I guess my only option would be to put a second nic in the system if i wanted to open or forward any ports or is there some other way for Alpha 3

[arne]

If you have only one nic you can run it as "server only" and then apply your own firewall rules via script. Have been using this setup at home and at work for years. No problems with that.

Arne.

[Skydiver]

Thanks for the reply..

Do you have a script or the location i can find one to do this task

Cheers