Topic: External Access to Web Site on SME Server

[mudra]

Hi,

I have a problem allowing external access to my webpage / webmail on my SME Server. I am running version 6.0 and I have set up a DynDNS account that appears to be forwading to the correct address. From inside my LAN I can access the website and the webmail; but it appears to be impossible from outside the LAN.

I am running as a SERVER / GATEWAY and as posted in another thread, I have tried changing that to PRIVATE and back again to ensure the Firewall settings are correct.

I have forwarded the correct ports on the router (I think) but when trying to connect the web browser initially says connecting but then timesout.

Does anyone know what I should try next. (I am using the primary IBay so I guess that this is set to global access by default).

TIA

Mudra

[wsmeurope]

I use to have the same problem, I spend 4 days and an other French user spend 2 weeks. Check if you internet provider carry a firewall service, if so just cancel you ISP firewall and use you own.

[mudra]

Thank you for your quick reply.

I have contacted my ISP (Tiscali) and they say that they  do not run any firewalls of this type.

I have requested a Static IP adddress and will see if this helps.

In the meantime is there anything else that I could try.

Mudra

[wsmeurope]

What kind of modem and router you use?

[bzuelly]

Do you have port 80 on your firewall pointing towards SME?  Also, are you hosting your own DNS or are you using your domain registrar's DNS servers?  The easiest way to make it work is to use your Domain Registrar's DNS servers.  It may take a few hours for them to update.  When I set mine up, I didnt have to use DynDNS.  It has been running just fine.

[mudra]

I have port 80 forwarded from my router to my server. DynDNS are doing the DNS work for me.

I think my problem may lie with the port forwarding that I have done, but have not yet had the time to check this out.

Will try when I am back at work next week.

Thanks for all the suggestions.

Mudra

[russs]

Don't know if this is relevant but I have an company Intranet visible to both external and internal clients. I have a ADSL router/firewall which allows port 80 through to my Intranet server and I have the Intranet server set as 'Server only'.
This seems to work fine, have you tried this?

[bzuelly]

Russs,

That is pretty much what I did.  I set it up as server only and forwarded port 80 on my router to the SME box and bam, it was done.

it could lie with somewhere with the DNS replicating to the outside "main 13" DNS servers then.

i would suggest trying "server only" and going from there.

[kruhm]

Your webmail may run on https, port 443, not http, port 80. Direct port 443 on the router and direct it to the sme as well.

[girkers]

I had a similar problem when I originally setup my SME box and what it was, is that my ISP was blocking all ports <1024, thus I had to get around this.

I "fixed" my SME server to get around this limitation and once that was done and the port was forwarded in my router it worked.  I also just run my SME box in "Server Only" mode as my router is the gateway.

Could I ask, have you been able to forward any other ports through your router, such as Remote Desktop?  Why I ask is that with my router after creating the Port Forwarding rule I then had to create a firewall rule to allow the traffic through.

What I found was that although I had the rule setup my firewall in the router would stop the traffic getting through.  The log file in your router (if it has one) would be your friend in this instance.

[mudra]

Thank you to everyone for their suggestions.

(1) I now have my static IP address.

(2) I have an Alcatel Speedtouch modem / router which has an IP address of 10.0.0.138. When I try and port forward I want this to go to 192.168.0.1. Can this be done, or do I have to change my entire network to 10.0.0.n ?

(3) I will try changing to server only when I can reboot after work tonight.

I will post back when I have tried some more things.

Thanks,

Mudra

[cydonia]

Isn't there an issue with external access to the primary ibay?

I would try creating a new ibay and setting the domain to look to this one before you go swapping to server mode.  May be a basic problem which can be fixed through  server-manager...

[girkers]

Unfortunately with the Alcatel speedtouch, if it is the basic model and by the look of the IP addie it is, you will in fact have to modify your network to the 10.x.x.x network.

As to accessing the web from the outside world, this is normal to have it in the primay ibay, that is what it is for, the primary website.

[mudra]

I have tried server only and that does not appear to be working for me.

I really would prefer to change my modem to 192.168.0.138 than have to change everything else.

Does anyone know if this is possible ?

If not I will have to try changing to 10.0.0.n and see what that give me.

Thanks for all the help.

Mudra

[psdata]

Mudra,

You make a mistake whith you IP adress.

A SME in server-gateway config had two IP adress a internal and a External.

The folowing flow you must made:

Internet
  | (whith a public ip)
  |
Speedtouch
  | (ip 10.0.0.138)
  |
  | (ip 10.0.0.137 mask 255.255.255.0 gate 10.0.0.138)
 SME box
  | (ip 192.168.0.1 mask 255.255.255.0)
  |
Your network
   ip 192.168.0.x mask 255.255.255.0 gate 192.168.0.1)

So you see the flow and see the solution

You must forwared the trafic off port 80 and 443 from your speedtouch to the IP adress 10.0.0.137 (the external IP adress of your sme box)

Goodluck

John

[mudra]

Thank you John. Your schema was a great help. I will try out what you say and come back with the results.

I am embarassed that I didn't work this out myself before.

I have done an ifconfig on my SME box and it says that the eth0 is 10.0.0.1 and I guess I forward from the router to this ?

Thanks for all your help.

Mudra

EDIT: Everything is working now and I am very happy. I was port forwarding from my router to the wrong NIC on my SME Server.

Thanks to everyone who tried to help me this one.

Mudra

[cydonia]

I am also having a simliar problem, except a bit more strange.

People can access the website using the external IP from outside the network, but within the LAN, it says "connection refused".

Any ideas?

[psdata]

Hello,

On the first

See you network configuration if done it well

Outside IP only on the outside

Inside IP only use on the switch who also connect's the Workstation

Please keep a look at the drawing on the first page. And fill in for your zelf your info.

Check of you can reach your admin page ect.

Do it step by step and write it down what you check and if it work

Good lock

Regards

John