Topic: PLEASE HELP... SME Server Not Connecting to the Net

[guhappy]

Hello,

First of all, I'm a complete noob to SME Server 6.0.1, so let me explain my problem the best way I can. I brought a domain name akinminds.com from godaddy.com. I set the nameservers for the domain to use the free domain name forwarding services from mydomain.com (i.e. ns1-4.mydomain.com). On mydomain.com I have set the A Record of akinminds.com to the IP address of my Comcast internet connection. I have a Linksys WRT54GS router with the Local DHCP server enabled and have setup Port-Forwarding of both TCP and UDP for port 80 to the local IP address of the SME Server (i.e. 192.168.1.10). I can access the starter site I created from the local network using the SME Server name (Ex. http://myservername) but the webpage doesn't work when using akinminds.com. By the way, the SME server is also using DHCP and I read from another post that this double DHCP configuration may cause conflicts. So, will disabling DHCP from the SME Server and giving it a static IP address resolve this issue? Also I would like to setup FTP, email, and etc, so do I need to forward the ports provided here (http://no.longer.valid/phpwiki/index.php/InstallationFAQ#portslist) on my router to the SME server? Please help.

Thanks in advance,
guhappy

[MSmith]

OK complete noob, time to tear down your network and redo.  Your SME server will work best as a server/gateway if it is directly exposed to the Internet, i.e. it takes the place of your Linksys WRT54G.  As noted in other posts, you can get hacked firmware for the WRT54G that will allow you to configure it as an access point for your network; get yourself an inexpensive switch for everything else.  So your network should go like this:  Comcast <--> SME server WAN (external) interface :: SME server LAN (internal) interface <--> switch (I use a 16-port Netgear I got inexpensively) <--> all other devices (PCs and Linksys set up as AP).  If your setup doesn't work in this configuration you've messed up your domain's DNS.

And yes, two DHCP servers on one subnet is a Bad Thing.

[guhappy]

OK complete noob, time to tear down your network and redo.  Your SME server will work best as a server/gateway if it is directly exposed to the Internet, i.e. it takes the place of your Linksys WRT54G.  As noted in other posts, you can get hacked firmware for the WRT54G that will allow you to configure it as an access point for your network; get yourself an inexpensive switch for everything else.  So your network should go like this:  Comcast <--> SME server WAN (external) interface :: SME server LAN (internal) interface <--> switch (I use a 16-port Netgear I got inexpensively) <--> all other devices (PCs and Linksys set up as AP).  If your setup doesn't work in this configuration you've messed up your domain's DNS.

And yes, two DHCP servers on one subnet is a Bad Thing.

Well, I guess I will have to rethink this home server approach. So, I need another ethernet card for my server and a switch. I'm probably better off URL forwarding for now until I research this more. But, I would like to get this running, so are there any other options I can take?

[guhappy]

MSmith thanks a lot for the info. I will do what you mentioned and get the gear needed i.e. another ethernet card and switch. I will hopefully set it up successfully for early Jan 2006. But, I know if I run into trouble I can find help.  :-)

[MSmith]

You're welcome.  Glad I could be of service!

[djhomeless]

I've got a similar setup, the only difference being that I have one of those all-in-one Netgear devices (Router, Firewall, Wifi AP, Modem). My SME works quite happily in this setup (server-only mode), so in theory I don't see why you would have a problem with your Linksys AP.

Instead of forwarding individual ports to my SME box, I just setup a DMZ rule in my Netgear Firewall. Ergo, every port that I don't have a rule against, goes to my SME box. This is really not a good idea if you are concerned about security, a better approach would be to forward just the ports you need and ignore the rest (I am just being lazy).

Back to your problem, is your home IP 68.36.174.236? If not, then that's what the name servers think it is. If this is correct, and you still don't see your domain externally, did you make sure to setup the domain on your server?

Good Luck

[guhappy]

Yes that is my IP. I think I haven't setup the domain on the server. Can you show me the way? But, I think I'm going with the first solution that MSmith suggested. I buying a cheap Linksys 5-port switch. I might need help so please stand by. Thanks for the help.

[djhomeless]

Don't buy HW unless you really need it. Again, it would be great to have the switch, but its not needed either.

In your SME Server panel, there is an option for "domains". Simply add your domain name there, and define an Ibay for it. Then, you should be in business.

[cc_skavenger]

I wouldn't buy the hardware unless you really want to.  You can use the dmz approach or you could port forward the needed ports to the IP of your server.  I would not have the server on DHCP, give it an IP.  I use this setup currently for several sites that I maintain, they all work fine.  I tried to browse to  the IP listed above, but it would not display anything.  Does comcast allow web hosting and mail servers?

The typical ports needed should be:
Port 20 & 21 for ftp
Port 22 for ssh
Port 25 for smtp
Port 80 for http
Port 110 for pop3
Port 443 for https

[boss_hog]

Hey yall,
my setup here is very similar to cc_skavenger.
ISP supplied modem
WRT54G (router/switch/AP)
Hawking Tech' 24 port switch

WRT54 feeds my SME6.5 ports 25, 110, 80, 81, 443
(no ftp in my setup)
DHCP is in 192.168.1.10-50 range
All my servers(SME6.5, testbeds SME 6.01, SME7b* and CentOS4.2 etc.) live in the 192.168.1.2-10

The SME will not get the proper WAN IP from the modem, which causes problems for my DynDNS account.
The WRT54 takes care of gettin the WAN IP and DynDNS updating is built into it.

The modem that the ISP has given me is very powerful (router, firewall, nat, dhcp etc.) but it is setup with their firmware and no formal documentation for using it. So.... the WRT54 does most of the work in my setup.
Hope this helps.
Joe

[djhomeless]

The SME will not get the proper WAN IP from the modem, which causes problems for my DynDNS account.
The WRT54 takes care of gettin the WAN IP and DynDNS updating is built into it.
Joe

The SME box doesn't need the WAN IP to function. It just needs to have the correct services (ports) forwarded to it so it can listen. As you host domains on the box, did you make sure to forward port 53 (DNS)?

Try pluggin in your domain to dnsreport.com, its a great tool for debugging dns problems.

[cc_skavenger]

As you host domains on the box, did you make sure to forward port 53 (DNS)?

??
Port 53 does not need to be forwarded.  It is making outbound connections only for dns.  It would need to be forwarded if it was a dns server for a network/workstation.

[guhappy]

Okay, good thing I didnt buy the switch today. Well I appreciate you guys explaining your setups. I will prob do a similar or exact copy of boss_hog's configuration . So I guess I have to give my server a static IP address and forward ports to the server. BTW, do I need to hack my firmware still and if so which one should I choose for a version 4 WRT54GS router? I was thinking of using the DD-WRT firmware... I can't wait to have this up and running. Thanks again.

[MSmith]

You guys who are putting a server-only SME box in a "DMZ" and thus exposing it wholly to the Internet are completely bypassing its firewalling capabilities and committing a fundamental security configuration error.

[cc_skavenger]

You guys who are putting a server-only SME box in a "DMZ" and thus exposing it wholly to the Internet are completely bypassing its firewalling capabilities and committing a fundamental security configuration error.

This is true.  That is why port forwarding should be used.  DMZ exposes all ports below 1024 to the wan.  Not a wise decision.