Topic: Going from Win2k Server to SME , HELP

[NickCritten]

I missed the bit about a single dynamic IP - sorry.

In that case I agree with Ray - Don't use another Firewall Box, there's no need.

I personally have had issues with PPTP session and SME, but haven't used it on SME 7 final yet.
I also have had isses setting up IPSEC VPN's on SME before now, but again I haven't tried in a while.
IPCops IPSEC implemetation is very good and very mature, and I've never had issue with it, which was another reason for suggesting it.

Also remember that the Dyanamic DNS will ONLY work if your Modem gives the Dynamic IP to the SME, rather than passing all traffic through to an internal IP.

Let us know how you get on.

[sicnus]

Just to make sure I got this straight...

Modem>SME Server Gateway/Server>Router/Switch>Lan-WirelessAccesspoint-IIS ASP Server

Use the gateway server as the firewall and all the servers I need except webserver, also have those dynamic domain name sites connect to it...then turn router to a switch...and use the SME gateway server as my VPN Server?  And port forward and what not HTTP requests to my web server.

Looks like SME has it all.  thanks for the help...few more days till I'll be able to start installing.

[raem]

sicnus

>...Modem>SME Server Gateway/Server>Router/Switch>Lan-
>...WirelessAccesspoint-IIS ASP Server
> Use the gateway server as the firewall

Yes, that's the idea.


>...  and all the servers I need except webserver

Note that sme server is quite a capable web server running Apache, so you can do unlimited web site hosting on it, except for the asp stuff, which I gather needs a Windows IIS server.


>..also have those dynamic domain name sites connect to it..

configure those domians in dyndns.org or yi.org first, to point to your sme server's current dynamic IP, and configure sme to use the dynamic service in the initial setup screens to track changes in the servers dynamic IP and update external records.


>... then turn router to a switch...
>...use the SME gateway server as my VPN Server?  

Yes

> port forward and what not HTTP requests to my web server.

Port forwarding is built in, you may want to install the proxy pass  contrib to forward www requests to another server on your network, see the contribs server manager panel for details.
The proxy pass contrib is
ftp://ftp.firewall-services.com/smeserver-proxypass-0.0.2-1.noarch.rpm


> ...WirelessAccesspoint

Have a look at the specification of that device to see that it can happily reside as a LAN network device with a fixed local IP, and that you can configure it to use the sme servers local IP as it's gateway.


In the sme initial configurations screens, you will reserve a range of IPs to manually allocate to LAN devices, that are not then automatically used by sme DHCP server.

[raem]

sicnus

It sounds like you have never used sme server before, and are about to make major changes to your live production network.

I would suggest caution, you perhaps would be wise to install sme 7 on a test box (an old second hand low powered box would do) & configure it in server only mode, and allocate a unused local IP to it.
Attach it to your network and use it & get to know it & the feature set etc. At some point you can disconnect it from your network and reconfigure it in gateway/server mode to see what the differences are.
You can temporarily connect it to a dial up account or to your main Internet connection to test the dynamic IP functionality etc.
Then when you are familiar with configuring & using it, & understand it a whole lot better than you do now, you can look at rearranging your whole network as discussed.

[sicnus]

Ya I only have network experience with Win2k Server.

Quick question about hardware aspect of SME.  With SME is it better to have more ram/cpu power for the gateway/server or for the windows webserver/SME mail server.

Also in the network I currently work on; users CTRL ALT DELETE to log in and device/file sharing is very easy and so is setting permissions.  What is logging in and file sharing like with SME...read the manual but I'm curious as to what it is like from a SME user's point of view.

Thanks

[raem]

sicnus

>...With SME is it better to have more ram/cpu power for the
> gateway/server or for the windows webserver/SME mail server.

It depends on what you are doing on the server. If you need to run web applications with lots of concurrent users, then you need more processing power.
In most situations, more RAM will give better performance generally speaking. The virus scanning and spam filtering systems are pretty processor and RAM intensive.
From the usage you have suggested, either computer will do either job satisfactorily.

> Server 1: 1.2ghz , 512mb ram , 40gb
> Server 2: 2 MP 1.2ghz , 1gb ram , 40gb

Server2 would obviously be better to use as your main gateway server/mail server, as it has more processor speed and RAM to handle email & virus & spam scanning etc.
But then again your Windows server will likely be in more need of grunt, so perhaps the Windows server should be Server2 spec, and the sme gateway server/mail server can be Server1 spec (1.2Gb/512Mb will run OK just add more RAM if you find it neeeds it).


>..users CTRL ALT DELETE to log in and device/file sharing is very easy
> and so is setting permissions.  What is logging in and file sharing like
> with SME

You would be best to configure your sme server as Domain Controller & DHCP server & DNS server, and set up your users there. They can login & authenticate for access to other workstations/servers on the domain.
Disable these functions (& browsemaster too) in any Windows servers or you will have conflicts/problems.
You can set up a logon.bat script on the sme server domain controller.
File sharing is done by setting up ibays and mapping them as drive letters in the logon.bat file.
sme server is primarily designed to be used in networks with Windows workstations, although some of the more advanced proprietary Microsoft functionality is not available in samba (as it is proprietary) eg Active Directory. Permissions do not work the same, you have slightly less configuration control of groups & files with sme compared to Windows, but sme is still very secure it that regard.

[sicnus]

One last question...

I've got the hardware all setup, all components test fine.  Is it possible to install everything without annoying errors or problems having the machine not hooked up to the internet...since I'm going to use the machine as a server/gateway between a modem and switch I can't take down network too long and have SME installation take longer than expected.  For example, registering for a dynamic domain name from one the preset sites, will that be a problem if the machine is not in it's final possition as far as internet connections and possition in the network goes?

Thanks

[raem]

sicnus

The sme server in gateway mode will act as a router, so you must get the Internet connection up & running in order for workstations to get Internet access. There is a test menu on the admin console (login as admin to see this). If your hardware is OK, it should only take a few minutes to configure the basic settings once the OS install is complete.

You won't get connection errors on screen but they will be logged.

[sicnus]

having server as gateway/server and turning router to a switch...

to turn router to switch, disable dhcp, plug modem to gateway/server , plug gateway/server to switch's WAN then lan to switch's LAN?  Just double checking things again  

Thanks for the help

[NickCritten]

To use your router as switch, just disable DHCP, then only use the LAN ports -Ignore the WAN port

[Carbon]

I have a fixed IP
       ||
I have a ADSL modem/router.
The gateway is 192.168.0.1
I have set the DMZ in the modem/router to be 192.168.0.100
        ||
        ||
I have set up the external SME card to use the DMZ (192.168.0.100)
I have set the internal card to 10.0.0.1
        ||
I plug my switch into the internal card
and the switch feeds my LAN PC's (3)

Don't know what I'm doing but it feels right!

[NickCritten]

Carbon:

That looks good, That's a classic setup in Server/Gateway.

Although I wouldn't use a 10. range for your LAN (Unless you've subnetted it down to a /24 or higher BitMask)
I'd just use a different 192.168.x.x Network on your LAN... e.g.

192.168.0.0 for your outside, and 192.168.1.0 for your inside

[sicnus]

Hurray got SME installed , had a few problems passing the internet test but I worked after about 30minutes.

DUring installation after asks for admin pw, and I have to enter domain...say I enter home.com...and i use dyndns.org to register a domain.  how do the 2 relate?  Will they conflict?  or is the home.com domain only for the LAN side of things..just wanna clarify, rest assured I'll be spending all night after work setting things up, hopefully incedant free.

[NickCritten]

The DNS Server on your SME is internally facing only so it won't conflict with your DynDNS entry...

On the inside, your SME resolves server.example.com to the SME's LAN IP
On the outside, DynDNS resolves server.example.com to your public IP

[raem]

sicnus

>... I have to enter domain...say I enter home.com...and i use dyndns.org > to register a domain.  how do the 2 relate?

You should make the server's main domain name the same as your dyndns.org domain name.