Topic: V7 beta8 Port forwarding

[martinhick]

I have a computer on the internal network set up to run securtiy cameras. This computer has a Web server interface and the cameras can be viewed from any machine on the network.

I added a port forwarding rule to the SME 7 box in the hope that I may be able to view the cameras externally.

I cannot gain access form an external source. Checking the firewall from shields up gives the prot that I have set as closed.

What am I doing wrong.

Martin

[CharlieBrady]

I have a computer on the internal network set up to run securtiy cameras. This computer has a Web server interface and the cameras can be viewed from any machine on the network.

I added a port forwarding rule to the SME 7 box in the hope that I may be able to view the cameras externally.

I cannot gain access form an external source. Checking the firewall from shields up gives the prot that I have set as closed.

What am I doing wrong.

The most common cause for port forwarding not working is the default route being wrong on the internal target system. Unless it sends return packets via the SME server, the connection is not going to be successful.

[martinhick]

My internal machine is definately running web services on port 8080 as internally I can web browse to 192.168.42.4:8080 and gain access to the web cams.

How do I check if the internal system is routing correctly.

I have also set up the SME 7.0beta8 website. This is viewable internally but not externally.

Martin

[CharlieBrady]

My internal machine is definately running web services on port 8080 as internally I can web browse to 192.168.42.4:8080 and gain access to the web cams.

How do I check if the internal system is routing correctly.

Can it access the internet? e.g. does "host www.contribs.org" work?

I have also set up the SME 7.0beta8 website. This is viewable internally but not externally.

Can that system access the Internet? If so, routing is set up correctly. The only other things that need to work right for external access is that DNS needs to point correctly at the box's external IP address, and the ISP needs to allow inbound port 80 traffic.

[martinhick]

yes all my machines on the netwoek have internet access

[CharlieBrady]

The most common cause for port forwarding not working is the default route being wrong on the internal target system.

And the most common cause for people *thinking* that port forwarding is not working is for them to try to test it from their internal network. Port forwarding can only be used (and tested) from outside the network.

[I'm not suggesting that this is the case here, but mentioning it for completeness. Hopefully someone will collect this for a FAQ.]

[martinhick]

I have been trying this externally with no luck. I have tried from my work place, maybe our firewall is blocking.

I had thought that if I tried an external port scanner that port 8080 would appear at least to be open and not blocked.

Martin

[Janm]

Do you have your ISP pointing at your external wan ipaddress with your domain name
a xxxx.xxxx.xxxx.xxxx
mx xxxx.xxxx.xxxx.xxxx
the x is for your ext ip address
Try http://grc.com
https://www.grc.com/x/ne.dll?bh0bkyd2
to see your address
Jan denmark
Eks:

GRC Port Authority Report created on UTC: 2005-12-10 at 04:56:58

Results from scan of ports: 0-1055

    4 Ports Open
    0 Ports Closed
 1052 Ports Stealth
---------------------
 1056 Ports Tested

NO PORTS were found to be CLOSED.

Ports found to be OPEN were: 80, 113, 443, 465

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

[martinhick]

grc.com reports port 8080 to be closed on my system. I am using an adsl Router. This has rudimentary port forwarding. Could this be acting infront of SMS and giving false readings. Do I need to open ports on the router before SME can repond.

[Janm]

Go in sme server-manager
and open port 8080 tcp
and after go to forward port 8080 to the ipaddress of the computer that
hold the actual website you want to activate
Jan

[Janm]

Forgot
You shoul also open port in your routeras wel and forward to sme
then sme wil let it throug to your other server if you have that
Jan

New
Much better put 1 extra nic in sme and use it as router
server gateway mode i do that
i dont yse my Planet broad band router anymore
Then you have a nic with a public ip eks>83.92.166.200
and a nic with a local nic  eks>192.168.0.1 for sme
and then set sme up to give dhcp address to local computers
and sme is your dns server also
Jan

[CharlieBrady]

Do I need to open ports on the router before SME can repond.

Of course. If packets are blocked/dropped by the router, how can  SME possibly respond to them?

Better yet, IMO, is to get rid of the router and just use an ADSL modem (or switch the router into bridging mode). The router adds no security, and just adds trouble - as you have discovered.

[martinhick]

Thanks once again Jan,

You confirmed what I had already suspected in the previous post.

I access the router and forwarded the port 8080 to my sme box. Whilst I was there I also thoutht about port 22 and Port 80.

I can now see the SME simple website and could probabaly adminster via ssh except that my works will not allow outbound on port 22.

All I have to do now is figure out how to substitute my actual website for the temp one created by SME

Martin

[Janm]

Easy just
delete the file inside the html map on sme
and put your files there insted remember to have a index.html or index.php
to start up
after that go in sme console and change permission
like this only an eks:
/chmod -R 777 html      enter
you should stay in Primary ibay with mc
Jan dk

[CharlieBrady]

after that go in sme console and change permission
like this only an eks:
/chmod -R 777 html      enter

No, don't do that. It's unnecessary, and creates an enormous security risk. Permissions of 777 are never necessary and should never be used.

[Janm]

Sorry only an eks>
then use 444
Jan

[martinhick]

Hi Jan,

I am struggling with this. I have coppied all my files into the html folder.

I have removed index.htm

192.168.42.5:80 still finds the original index file.

My website is generated with index.html and will start if I change this to index.htm but then cannor find is home page.

Where do I need to look to make changes. I seem to remember when setting up my original site on a redhat box that I had to edit the Apache files. Is this the case with SMe.

Martin

[martinhick]

Hi Jan,

Sorry about this but I am getting terribly confused.

There seem to be multiple coppies of Primary and therefore multiple html folders, some of these appear to be symbolic links the to same place!

Where should the created website files sit. I cannot work out the path to where they should be. They are currently on the SEM box but obviously not in the correct folder.

[martinhick]

Hi Charles,

I tried to set the ADSL router in bridging mode but could not get it to connect.

I have opened up several ports to the SME box and am having a little sucess. I can now externally manage the SMS box which is a great help.

Martin