Topic: port forwarding -- how to get to a local machine

[ctaylor]

Okay -- just upgraded to 6.0 -- to get the port forwarding feature.

I have a application/service running on a local machine (192.168.168.103).  I have all traffic getting to it from the internet/external on port 2000.  Set a rule to open port 2000 on the sme server with the destination host ip address being 192.168.168.103.  Now users externally can get to it (i.e ctaylor which is my domain) put I CANNOT get to it from my LAN (say on a host machine 192.168.168.100).  This PC looks for ctaylor: 2000.  How can i configure my server or network to get to this local machine 192.168.168.103.  Is there a way i could put a DNS entry say, all traffic going to ctaylor:2000 that gets resolved to my 66.11.174.25 address gets routed instead to 192.168.168.103.  Is this possible with the SME to make this DNS entry?  Or is there other ideas here??

Much appreciated - thanks.

[bobk]

Try this.

Login to Server-Manager and go to Host Names and Addresses panel. Put an entry in for your application server with host name "ctaylor" and local IP 192.168.168.103.

[ctaylor]

Thanks -- this is the first thing I thought as well.  I attempted to put this entry in but for some reason on the page there seemed to be an "add" button or something.  THis told me perhaps there is another issue here.  I have a bunch of hostnames listed -- is there a limit to how many hostnames you're allowed??

[mike_mattos]

I use Radmin, and for remote access, its

mydomain.com  as address, and 4xxx as the port


In SME Port forwarding, 4xxx goes to 192.168.0.xxx, port 4zzz

For local access, it's

192.168.0.xxx  and 4zzz as the port

Requires local machines have fixed IP, but allows me to access machines NOT part of my domain.

[BoZz]

There is another way? The less ports open the better  for me    You can use Radmin, VNC UltraVNC or if you have XP just enable Remote Destop Assistance and auto except? but open no ports. Just give you user accounts PPTP access and log into the SME Server and become part of the local network. When you setup the VPN connection of your Computer pick the option not to route all traffic through the VPN (PPTP) so only the needed data from work routes along it.Another way to do it is to port forward through SSH with putty. More on using putty with SME can be found here http://www.carrollweb.net/putty/putty-howto.html

[mike_mattos]

a question re VPN.s and opening ports!

I'm rather more scared of a low security user having command line access to my SME server, than of having someone break into the designated PC accessible via remote access (port 4000 forwarded to a PC with a very restricted configuration.)

Is there not a greater risk with a VPN system that a virus on the VPN remote could harm the entire network,  than that of a hacker getting through a forwarded port?

Just wondered!

Mike