Topic: Two SME Server boxes will not talk to each other.

[croppa]

I have 2 SME Server boxes running 6.01. Both are accessable room the net as they should be both are running ClamAV and working fine except they will not communicate with each other (will not ping, recieve email, go to the web site on the other or in any way accept that the other exists). I am at a complete loss as to whot I have done (or not done) and do not know where to start. This is the second time this has happend. The last time I reinstalled bothe boxes from scratch. Thanks in anticipation
Stuart

[jfarschman]

Croppa,

  That's strange because they are just like any other boxes.  I'm really curious...

  1. Can you connect to both boxes from the LAN using a third machine?
  2. Can both SMEs ping the third machine?
  3. Are they even on the same LAN?

  There is a lot that isn't clear about you configuration.  Give us some more details.

[croppa]

Thank you Jay for your reply. The two boxes behave normaly other than will not comunicate in any way with each other. I am at a complete loss. (I am not wildy experenced with Linux however I mostly use it at home).
You can ping from outside from any other machine on the   net, send emails etc. but not from or to each other. Both machine are on ADSL conections one at home one at work. They were setup so I could access the server manager from the other but not from any other IP.If you would like further information please ask as I do not know whot you may wont.
Thanks Stuart

[jfarschman]

Stuart,

  Okay. so these two machines are configured on two different LANs and they should communicate across the Internet.  Are they also configured as 'gateways'?  If so, can machines behind the gateway connect to the other machine?

PC---SME---DSL----Internet----DSL---SME---PC

Can you connect from PC to distant SME?

Finally, how are you testing connections.  I heard you say that you are pinging and trying to connect to the web server on the distant machine and that you fail.  How are you testing?  Are you using the command line interface on a SME?  wget?

Of course, you've configured "Remote Access" to allow connections, remembering that you need to use the NAT-ted IP Address (because the DSL routers most cretainly change the IP)... right?

[croppa]

Yes this is the arrangement amd no other machines behind cannot ping or contact. Everything use to work properly then it became impossiable to pickup mail from the other then after sone time it all failed. I had the remote access working fine before. It is a big puzzle to me. I cannot ping either from either SME box or from other machines behind the SME box to the other SME box however I can ping from machine to say google or wherever. I had  setup SSH Authentication and this also went well and now I cannot get to the box for this to work.
Thanks for your interest so far. I think there may be a corrupt or altered config file somewhere, but where I do not know. (I just suspect this I donot know for shure)
Stuart

[jfarschman]

Stuart,

  I don't believe the 'corrupt file theory'... because you said you rebuilt both SMEs.  Also, if both machines are able to interact with the Internet (at large) but not each other... that sounds more like a problem with a firewall... probably on one or both SMEs.

  I would check your "remote access" very carefully.  Each SME should have the IP Address and an appropriate mask for the other listed in it.  Without this, you will not be able to access the GUI on the distant end.

jay@hitechsavvy.com

[croppa]

Thanks Jay for your continued interest
The idea of a problem with my firewall sounds quite feasable. The two machines were working back and fowards when they were first installed and for abuot 8 months.
Do you think the remote access (currently set at Remote Management set to allow the work ip on the home machine, with 255.255.255.255, ssh to allow public access (I would normally set to off and switch on with remote management when needed), PPTP 0 FTP set for internal only).
Where might I look at in firewall config.
If you go to
http://budgetscreens.homeip.net/
you will get the website under construction page.
I get
 
ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://budgetscreens.homeip.net/

The following error was encountered:

    * Connection Failed

The system returned:

    (110) Connection timed out

The remote host or network may be down. Please try the request again.

Your cache administrator is admin@xxxxx.mine.nu.
Generated Tue, 15 Feb 2005 11:12:52 GMT by boss.xxxxx.mine.nu (Squid/2.4.STABLE6)

Thanks again
Stuart

[jfarschman]

Hmmm.

  I'm going to summarize this problem really quickly:

  1.  You have a simple setup of two SME servers
      PC---SME---DSL----Internet----DSL---SME---PC

  2.  Each end PC can connect to anything on the Internet, but they cannot connect to the remote SME.

  3.  Each SME can connect anywhere on the Internet, but they cannot connect to the other SME

  4.  You are testing with http.

  If this is the case, then the only problem I can see is with your DSL routers.  I think they are the problem.  Are the programmed correctly.  You will need to forward ports from the DSL to the SME, or forward and entire IP through the DSL router.

  Does this make sense?  These little DSL boxes will allow you to connect from the inside to anywhere on the Internet, but they won't let the Internet connect to them without YOU programming it.

  Hope this helps.

[StuC]

Other assumptions worth checking.
1 Are both IPs trully static?
2 Does your ISP block port 25
3 Does your browser use a proxy (I.E is the proxy recorded as a trusted address on the remote machine)
4 Are you trying to connect via IP Address or DNS (what happens if you use ip.address not name)
5 Are the domains common on either machines (I.E. mycompany.com on both machines)

[jfarschman]

Stu ... I like #5

[StuC]

Hi Jay,
then I thought....
homeip.net is a dynamic address so don't know how quickly the new address is posted/registered.

I suppose the local cached DNS could screw things up?
Not sure what the equivalent to windows ipconfig /flushdns is.

Being able to ping budgetscreens.homeip.net is no guarantee that the machine responding (or not responding) is the actual machine (if the adress is old or DYNDNS no updated)
Maybe it is worth checking the frequency and success of Dyndns update.

[croppa]

Thanks to you both
Both ADSL Modems are simple modems and the SME server does the atenticating.
Both SME machines are on fixed IP.
Each machine is setup to a different DYNDNS Domain and setup with a static IP.
From each direction dyndns resolves to the correct IP when they are pinged.
My service provider does not block any ports.
My browser is not setup to use a proxy.
Thanks  very much for yor help
Stuart

[jfarschman]

Well Stuart...

  Nothing can be wrong then.  I mean... if you can go to some other place on the Internet and get into both boxes... but you cannot connect from one box to the other.... and you've checked everything else... I am at a loss.  I don't know what it could be.

  Maybe it's something obvious.  If you need a hand with this send me an email.

[croppa]

I also am stumped.
I just bypassed the sme server and set up a normal Linux box to the modem. I still could not connect with the other however I could not try the other way. I will try to in the morning. I tend to think that it may be in the firewall and it is blocking the others IP but I have no experence in iptables.
Thanks for your help and I will report when I know more.
Regards Stuart

[croppa]

On reinstalling one box things did not improve in either direction but as soon as I had reinstalled boxes on each end they both saw and worked with each other. I am at a loss to explain whaty has caused my problem. Any help would be greatly appreciated to make sure that I do not have the problem again.
Thanks Stuart