Topic: PLEASE HELP... SME Server Not Connecting to the Net

[boss_hog]

Hey yall,
two things I would like to clarify quickly.

djhomeless wrote:
The SME box doesn't need the WAN IP to function....

This is true, but my domain name on a dynamic IP does.

My DynDNS account needs to be monitored for IP changes. If my modem was set to "bridge mode" all would be fine, but, this is not a viable option.

MSmith wrote:
You guys who are putting a server-only SME box in a "DMZ" and thus exposing it wholly to the Internet are completely bypassing its firewalling capabilities and committing a fundamental security configuration error.

Also true, but my setup made no mention of DMZ. Just forwarding specific ports to the SME.
Hope this helps.
Joe[/quote]

[MSmith]

My DynDNS account needs to be monitored for IP changes. If my modem was set to "bridge mode" all would be fine, but, this is not a viable option.

I've never been satisfied with SME's DynDNS updating and have always resorted to a client on an always-on LAN host; I've had excellent results with older versions of DirectUpdate (no later than 2.7).

MSmith wrote:
You guys who are putting a server-only SME box in a "DMZ" and thus exposing it wholly to the Internet are completely bypassing its firewalling capabilities and committing a fundamental security configuration error.

Also true, but my setup made no mention of DMZ. Just forwarding specific ports to the SME.
Hope this helps.
Joe

Yours didn't; another's did.  I'm speaking specifically of djhomeless here, who has apparently set up a server that has all ports open to the Internet except those specifically excluded at his Netgear router.  Quite unsafe, IMHO.  Far better to deny all, then enable only what you need.

[djhomeless]

Yours didn't; another's did.  I'm speaking specifically of djhomeless here, who has apparently set up a server that has all ports open to the Internet except those specifically excluded at his Netgear router.  Quite unsafe, IMHO.  Far better to deny all, then enable only what you need.

...which is why I said in my post that it is not a good idea if your concerned about security. The poster was having fundamental problems getting his domain traffic routed to his SME. In a case like that, it is best to get the problem fixed first, then backtrack to a safer configuration than try to do it right from the start (especially since the poster was a self-described noob).

My setup is only short term because I've recently rebuilt my home infrastructure. Hey, its Christmas. My wife would divorce me if I was spending a lot of time reconfiguring everything right now.

[guhappy]

Hey self-described noob here. I was reading the manual and it helped alot esp the info on i-bays since I didnt configure that. Thanks to everyone for pointing me in the right direction. Finally, Happy Holidays to all.

[woyzeck]

I was reading the manual and it helped alot

Always a good idea  


IMHO....

Putting an SME server in a DMZ that is configured for server only mode is a bad idea.

Port forwarding in a router is a bad idea also.

My personal preference would not to use sme as a file server and also a public server, I have never understood why people do this.  My personal preference is to have a firewall such as ipcop act as the gateway/firewall and sme server as a file server.  If you have a second ip address set up your public server on that, separate from your internal network.  If you don't set up the ipcop machine with an external card, trusted network card and a public network card.

See:
http://www.ipcop.org/1.4.0/en/install/html/decide-configuration.html#network-configurations


What you want to do,  and the way you have it set up now will work, but is certainly not best practices.

If you are not going to use sme as a file server, set it up in gateway/server mode and you should be set.  Of course, after you call comcast to have the reset the mac address that is registered with them.

Woyzeck

[cc_skavenger]

Port forwarding in a router is a bad idea also.
Woyzeck

Just out of curiosity, why is this bad?  How is it any different then the firewall built into the server?  If port 22 in the iptables firewall is open, it is open.  If you port forward port 22 in a router, it is open.  If you are using a good firewall, both allow for ACLs.

What is the difference?