Topic: Router problems

[WA-Naemr]

There is a problem with your idea to hack, even thogh he has a "flat" as you put it network, he still has the FIREWALL on the SME server on, and the sme is providing NAT translation, therefore, you cant see past the SME, even if you get past the router.
Plus, with this SME set as a DMZ host on the router, it basicaly puts his SME directly on the web, any firewall on the router, would ether
 A: do ABSOLUTLY NOTHING
or
 B: get in the way, making it so one one could get to the website/email that he is providing..

Linux firewalls are among the best, so i see no risk with that part of the setup.


However, setting the internal network (green interface, LAN) to a standard class C network type; 192.168.0.n is a good idea, then let the SME server give out the ip addresses to the innermost network.

[idp_qbn]

BUT......
If the modem/router, SME and the workstations are all on the same subnet, anyone compromising the modem/router has free access to the workstations, bypassing the firewall on SME...the only protection left is whatever is on the workstations themselves. There is no real NAT happening here, since everything internal is on the 10.0.0.0 subnet.

BTW, I have no idea how to hack a modem/router unless it is left with external access enabled and the default username/password left unchanged. Someone with greater networking skills may be able to get in, though.

Cheers

Ian

[WA-Naemr]

That is not how NAT works. Even with every thing on the same subnet, they dont know it, the SME server creates a SEPERATE network on the green interface, the internal network can see OUT but, the external network (red) can not see IN unless the firewall on the SME is told to let SPESIFIC trafic in, and then, it is only directed to a pre designated host (eg, port 21 to 192.168.0.5)

[Matt]

Guys

Thanks for all the advice,  I have changed my local sme IP to 192.168.0.1 and then pluged it directly into my airport base station and I now have wireless internet access which is great.  

However now I cannot see the website from outside my LAN????  All I want to do is be able to host my web and email server.  When I had the flat network as described eariler the website amd email worked fine from outside the LAN but I couldn't get the connection to the airport to work at all.

I am very frustrated because it feels like I am almost there!!!!

I have a static IP on my asdl line and my domain is pointing to it but then I go on to mywanip.com my static IP isn't right in fact it is one of my LAN range, I think

Any suggestions........

[Matt]

Here is my current server configuration

Review configuration
Networking Parameters
Server Mode   servergateway
Local IP address / subnet mask   192.168.0.1/255.255.255.0
External IP address / subnet mask   10.0.0.3/255.0.0.0
Gateway   10.0.0.2
Additional local networks   192.168.0.0/255.255.255.0
DHCP server   enabled
Beginning of DHCP address range   192.168.0.11
End of DHCP address range   192.168.0.25
Server names
DNS server   192.168.0.1
Web server   www.balingout.org.uk
Proxy server   proxy.balingout.org.uk:3128
FTP server   ftp.balingout.org.uk
SMTP, POP, and IMAP mail servers   mail.balingout.org.uk
Domain information
Primary domain   balingout.org.uk
Virtual domains   matts-gallery.co.uk
balingout.org.uk
Primary web site   http://www.balingout.org.uk
Server manager   https://horsmonden/server-manager/
User password panel   https://horsmonden/user-password/
Email Addresses   useraccount@balingout.org.uk
firstname.lastname@balingout.org.uk
firstname_lastname@balingout.org.uk[/img]

[Matt]

The WAN IP on my router is 83.151.199.77 which is the Static IP from my ISP, so why is the WAN IP 192.168.0.25 on mywanip.com  

My domain is pointing to 83.151.199.77 but isn't working what should I do?

[WA-Naemr]

heres how it should be...      (adsl modem/router 10.0.0.1)------(SME server ->WAN<- port  10.0.0.2)------(SME server ->LAN<- 192.168.0.1)-----(Ethernet switch or hub 'no ip')-------(all of the computers on your network... 192.168.0.2-192.168.0.255)

MAKE SHURE YOUR FIREWALL ON THE MODEM/ROUTER IS OFF!


hook the airport up to the switch as thogh it where a computer

[Matt]

Hi WA-Naemr

I have changed my sme setup to the one you decribed in your most recent post and connected my sme and the airport directly to my switch.  The internet works fine, but I can still only see my website from within the LAN.  I have enabled DMZ and set my sme IP to the DMZ IP and switched off the router firewall, so why cannot I get website and email to be seen outside of LAN?  

PLEASE, PLEASE, PLEASE HELP THIS VERY FRUSTRATED PERSON

[WA-Naemr]

did you make shure you set the WAN ip of the sme server on the same network as the router/modem? (EG: router 10.0.0.1 and sme 10.0.0.2)
also, can your sme server see the internet? (login as admin and pick 'test internet') if it can not see it, it and the router are not comunicating,


also, make shure you dont have the sme server pluged in backwards!  (the lan nic connected to the router and the wan connected to the local switch)


also, make shure your sme server is on the firts port on the router (not wan, port number 1...)

[WA-Naemr]

Also try manualy forwarding the ports (this would be virtual servers for your router) forward 80 for wepsite, 21 for ftp, and so on

[CharlieBrady]

Still having problems

Could someone login to my router and see if they can help, Please!

user name= admin
password=epicrouter

This was a rather silly thing for you to have done. You now have no idea how many people may have logged into your router or how many changes they may have made.

I certainly hope that you have now disabled remote access and changed to a very well chosen password.

[WA-Naemr]

actualy, his router (luckaly) does not support remote management  

[idp_qbn]

I did a Google search for safecom SAMR-4114 and found the following link about port forwarding (http://tinyurl.com/qu3x7) which you probably will have to do to get your webserver visible from the 'outside' ie the Internet.

Cheers
Ian