Topic: SME Firsttimer , need help pls

[sicnus]

Hi,

I recently installed SME 7.0 for the first time.  I was pleased with how simple things were.  I had previously been running all network services on a Win2k Server OS so it was refreshing to have a simple yet powerful alternative.

My first problem.  I registered my dynamic dns with dyndns.org about 3 or 4 days ago, and I created a starter website with the server-manager.  The server has an internet connection and when I type in my domain , www.ultimazero.homeip.net , the site comes up , only if I'm within the network though.  I've called my cable provider before and they say they do not block any ports.  Yet when I'm outside my network and I enter that address the browser just times out.  Any suggestions?  I am about to put the website on a Win2k Server box using IIS because I have to use ASP.NET but I wanted to make sure it would work first using the SME server's website software.

Next problems, not so much problems but features I know SME has but I can't find.

How do I configure , or even view the firewall in SME?

How do I monitor network traffic , like incoming and outgoing TCP/IP traffic?

Also, what is best way to install software with SME?  For example say I want to install 3rd party Firewall or Virus software?  Do I log in as root and install it, will that allow it to work if it sits at the log in prompt?  Same question applies to software dyndns.org suggests for updating network's IP.

I've skimmed the forum and haven't found what I need for these questions, but I haven't looked really in depth, real busy with work.  Hope my questions are clear, any help is greatly appreciated

[brick]

Hey, Welcome aboard!!!

1- Your provider blocks port 80 ! Sorry!
You can access still using https:

Code: [Select]

UltimaZero
 
Under Construction

This site is currently under going construction and will be operational in a few days.


2- You can view all the IPTABLES rules by typing iptables -L on the command line. One of the greatest things of SME7 is that it does things automatically for you, so you don't have to worry about opening unecessary ports.

3- You can install a contrib from Eric, search for NTOP

4- Don't know, the software that comes with SME is so good, I never had to look at third partie's options.

[raem]

sicnus

> How do I configure , or even view the firewall in SME?

iptables -L

To elaborate on the previous answer, you don't really want to play around with the firewall rules unless you are very sure you know what you are doing with iptables. You can easily compromise the security of your server & network.
In most cases you do not need to manually configure the firewall, as when you select various options in server manager, the firewall rules are automatically configured to match your selections, the appropriate ports are opened or closed depending on your selections of functions etc.
So you don't really need to get involved in making changes to the firewall rules unless you have some specific & non standard requirement. The server does have a port forwarding panel included, which you can use to forward ports to other servers or computers on your network.
There is also a proxy pass contrib that will forward http://www or https://www requests to other computers or servers on your internal network or even to external servers.

Either of the above should do most common things needed by admins.


> How do I monitor network traffic , like incoming and outgoing TCP/IP traffic?

Another tool already in sme server is iptraf. Just do
iptraf
at the command prompt

> Also, what is best way to install software with SME?  For example say I > want to install 3rd party Firewall or Virus software?  

Remember this is not a workstation, it is a server.
Firewall is already built in and you would be VERY unwise to install other firewall contribs.
Virus filtering & scanning is also built in, there are multiple layers of virus protection too, clamav, executable content rejection, RBL rejection.
I suggest you use the sme server "as is" for sometime & gauge for yourself how effective the default virus & spam protection is, of course you must enable all of these features first. I don't personally think you wil do any better with other virus alternatives as the sme developers have done a very good job.

The way to implement other alternatives is as "plug ins" for qpsmtpd & sme does cater for this.


> Do I log in as root and install it, will that allow it to work if it sits at the log in prompt?

You usually install rpms using the command
rpm -Uvh rpmname
Check some of the HOWTOs freely available

>  Same question applies to software dyndns.org suggests for updating network's IP.

If sme is configured for gateway/server mode, then sme supports dyndns.org & yi.org accounts without needing additional software, log in as admin and run the Configure this server option.

ddclient is the program you need (search the forums for it), but only if your sme is configured in server only mode or you want to track multiple dyndns accounts (domains).

[sicnus]

Awsome thanks for the help.

I assume command line means log into server manually as root or admin but I'll figure that out once I'm back in town with my network.

Also I need to call my cable provider and somehow show them they are a lowsy bunch of liers.

Good to see that brick could get to my site, my laptop that is in a different city than me network is still having trouble bring up the site using https but now I know it at least works and it's Cox / Sudden Link's fault.

Those of you who run webservers using the free dynamic dns services or ones like it, is the load time fast like a normal website or is it basically "get what you pay for" type of speed , ie slow.  Hopefully any lag is not caused by my ISP or software/hardware , if it's not I wouldn't mind paying $30 a year for better service.

Thanks again for help.

[raem]

sicnus

> I assume command line means log into server manually as root or admin

It means log in as root, not admin


> I need to call my cable provider & show them they are ... liers.

Even if you prove they are liars, port 80 will still remain blocked, you will need to use another ISP and choose one who does not block ports.


>...still having trouble bring up the site using https....

Use
https://ultimazero.homeip.net

You will need to configure (tick) the wildcard setting at dyndns for https://www.ultimazero.homeip.net
to work


>... free dynamic dns services ... is it basically "get what you pay for"

dyndns is OK, they provide free service (up to 5 domains) as a promotion but it is basically the same quality as their pay service, less a feature or two

[sicnus]

It all makes sense now, my page loads fast using https and I have wildcard feature enabled.



Webserver done, soon I tackle email !  See if that one can go off without so many questions hehe.

EDIT :
When I go to my site I get a certificate security notice message.  This is the text that seems to be the problem.  Anyone know how to fix this?  Anyone else get this when they visit my starter site?  https://ultimazero.homeip.net

"This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."

I found how to change port on Dyndns.org, I just hope 8080 isn't blocked also.  At the end of the knowledge base for setting up a redirection it says I need a DDNS update client, does SME come with that?  Is that what you mentioned Ray I believe it was?

[raem]

sicnus
 
> When I go to my site I get a certificate security notice message.

This is normal when you use https:
Click on View Certificate and then click (in IE anyway) Install Certificate.
This will resolve the trust issue, but not the name issue. Search these forums for all the details about this.

>...it says I need a DDNS update client, does SME come with that?

Yes, read my earlier post again.

[sicnus]

Awsome as soon as I get back to my network I'll have a lot more to work on and know what I'm doing too, thanks

One thing that I was concerned with was when I installed my 2 printers (one LPT laser printer and one USB inkjet) and as it says in the documentation I had to install the drivers on the client computers in order to use the printer from that client.  For the sake of knowledge...how would someone using SME for a large network setup SME as a efficient print server?  Is there a way to have the drivers on the SME server and not have to go and install the drivers on all the client machines?

With my network there is no problem with that, I just like to go down all the possible avenues that I know about in order to learn what I can about networking, web design, programming and so on.

Thanks

[raem]

sicnus

> ...how would someone using SME for a large network setup SME as a
> efficient print server?

sme is already an efficient print server.


> Is there a way to have the drivers on the SME server and not have to go > and install the drivers on all the client machines?


The sme server just passes the printer signals straight through.
You must install drivers on workstations.
There is a howto or contrib that refers to saving drivers on the server, but that's just a repository as I understand it, ie somewhere to store the drivers so Windows can use them to install locally. I haven't used it so not totally sure. Search.

There is also a CUPS printing contrib that gives added control etc, but you still need to install printer drivers on workstations.