Topic: Wierd Setting DNS Problem

[stukirk]

Hi,

Upgrading a 7.1.3 from server only to privateserver-gateway and have encountered some problems....

I can connect to internet on the sme server and the test internet works....  BUT I can't seem to browse internet etc from client Windows machines... email samba etc all working fine....

There is a ip setting in the "Corporate DNS" box of my router's ip address which I think might be part of the problem?  I can't seem to delete this as if I do and reboot etc then the setting is still there after?  I can change it to something else and it stays but then nothing works....

Could this be my problem? if so any idea how I can change this without using the setup screens?  If this isn't the problem any idea where else I can look?  I have a machine working at home with the same settings fine but this client machine is driving me up the wall!!!

This is my first time in posting since using the SME V5 and have always found an answer before but this one has got me stumped...

Thanks,

Stu

[shell]

hey stukirk,

these questions may help you find the fix...

are the ip settings for the client coming from the server?  dhcp?  is your client gateway address the server, and the dns servers also the server?

what about if you fix the ip on the client with the gateway and dns addresses from the server?

how is the server connected to the internet?  if a router can you ping or browse to the router from the client?

some more details might help us help you to identify the problem...

[stukirk]

Hi,

Managed to remove the Corporate DNS setting using the web interface rather than the setup menu.  Unfortunatly it has not helped the situation to help here is the setup:

Code: [Select]



          Modem/router 192.168.1.1 DHCP Server giving fixed IP Address to SME Server of 192.168.1.101  And has a DMZ area given to the SME Server.
                        |
                        |
          SME Server 192.168.0.5 DHCP Server for local network Connecting to router.
                        |
       ----------  Switch-----------
       |         |             |          |
      XP Windows PC's with auto DHCP gateway address set as 192.168.0.5



The problem lies it seems with the seems the server can connect to internet fine send receive emails updates all fine.  The PC's can connect to the server fine for Samba and email IMAP connection but can't browse through to the outside world?  I am assuming all network drivers are working as I have connection etc.  I can ping the router from the SME but not the PC's (Router has security protocol of having to be in the same IP range to connect and ping) can plug direct into the router with fixed ip to administer the router (and at the moment connect to net)....

Hope someone can help shed some light on this as I have the same setup at two sites and one works one doesn't!????

Cheers,

Stu

[stukirk]

Hi,

I have managed to get the xp machines accessing the net but had to get them going through auto proxy on firefox to get access? if I turn off the http proxy setting in admin panel I get no connection??? this proves to be more of an issue as I have some old windows apps that need to access but can't go through proxys.......

Any ideas??????

Stu

[shell]

what is the dns setting on your clients?

can you ping the outside world - maybe try pinging google.com and then 72.14.207.99 (google.com's ip).

do you get responses from either?  what about if you set your dns on the clients to your isp (for testing purposes).

did you install any proxy stuff?  non-standard, i mean.
by default the http proxy on the server is on (this maybe the difference between serveronly and servergateway) - this is transparent and shouldn't affect your applications.

[stukirk]

Hi,

Right, I have tried pinging from the client pc to google.com, google's ip address and also my internet providers dns servers.  and changing over to fixed ip addresses and dns settings for isp and still host not reached.......  I can connect to anywhere on the sme server.  I can browse web on client pc's but have to set the browser to auto configure proxy (rather than direct connection) to work.

I have not installed any special things on this machine.  It is an old server that was v5 e-smith days that had been upgraded normally over time.  When going to V7.1 I backed all up and did a upgrade disk change as suggested in the manual onto a new drive installed with V7.  everything worked fine.... was using only as a server only at that time.  now changing to server gateway something somewhere seems to be blocking traffic.

The only contrib installed is the AFFA backup (this is on a separate stand alone machine backing up from this server).  Everything else is standard.  I just wonder if there was an old setting somewhere for proxy that has clicked in but is now obsolete.  Is there any commands I can run to output any of this to give more detail?

I have been using linux and sme for years but not too familiar with the pure network background as it has just worked fine for years.  I have another machine with same settings that works fine but it was a new machine with V7.1 rather than upgrading older machine.... could this be the problem?  I don't have the option of dropping the old data as there is about 80gb of important company files and emails there and would take a long time to transfer everything and don't want to miss anything!

Hope someone can help?????

Stu

[CharlieBrady]

I have managed to get the xp machines accessing the net but had to get them going through auto proxy on firefox to get access? if I turn off the http proxy setting in admin panel I get no connection???

That's a pretty clear indication that they are not using the SME server as their default gateway. They either have static IP settings, are using a DHCP server other than the SME server, or the SME server is issuing DHCP leases with the wrong default gateway setting. You need to work out which is true.

[stukirk]

Right...... my SME Server Private Gateway is IP 192.168.0.5

Windows Client Connection status is:

Physical Address: 00-16-D3-27-5A-3D
IP Address: 192.168.0.96
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.5
DHCP Server: 192.168.0.5
Lease Obtained: 08/06/2007 09:38:32 am
Lease Expires: 09/06/2007 09:38:32 am
DNS Server: 192.168.0.5
WINS Server: 192.168.0.5

I am not an absolute expert but that seems to be right by me?

I have managed to dump all settings with a db configuration show command and have removed any big sections I know can't effect anything (clamd etc) and attach below:

It looks like there are some old legacy settings in there in places and don't know if that might be affecting things????

Hope someone can help me decypher this????

Not sure if this should be registered as a bug???????

Cheers,

Stu

Code: [Select]


REPLACED ANYTHING SECURE/SENSITIVE WITH ********************

AccessType=dedicated
ActiveAccounts=11
ConsoleMode=login
ContactEmail=********************
ContactName==********************
ContactOrg==********************
DHCPClient=d
DelegateMailServer=
DialupConnOffice=medium
DialupConnOutside=short
DialupConnWeekend=short
DialupFreqOffice=every15min
DialupFreqOutside=everyhour
DialupFreqWeekend=everyhour
DialupModemDevice=/dev/ttyS0
DialupPhoneNumber=9,08089933275
DialupUserAccount==********************
DialupUserPassword==********************
DomainName==********************
DynDNS=service
    Account=dnsaccount
    Password=dnspassword
    status=disabled
DynDnsAccount=dnsaccount
DynDnsPassword=dnspassword
DynDnsService=off
EmailUnknownUser=admin
EthernetAssign=normal
EthernetDriver1=dl2k
EthernetDriver2=e100
ExternalDHCP=on
ExternalIP=192.168.1.101
ExternalInterface=interface
    Broadcast=192.168.0.255
    Configuration=DHCPEthernetAddress
    Driver=e100
    Gateway=
    IPAddress=192.168.1.101
    Name=eth1
    Netmask=255.255.255.0
    Network=192.168.0.0
ExternalNetmask=255.255.255.0
InternalInterface=interface
    Broadcast=192.168.0.255
    Configuration=static
    Driver=dl2k
    IPAddress=192.168.0.5
    NICBondingOptions=miimon=200 mode=active-backup
    Name=eth0
    Netmask=255.255.255.0
    Network=192.168.0.0
LocalDomainPrefix=
LocalIP=192.168.0.5
LocalNetmask=255.255.255.0
MinUid=5000
PasswordSet=yes
PreviousConfiguration=/home/e-smith/configuration.previous
SMTPSmartHost==********************
SquidParent=
SquidParentPort=
StatusReports=off
SystemMode=servergateway-private
SystemName=fileserver
TimeZone=Europe/London
UnsavedChanges=no
WebServerName==********************
acpid=service
    status=enabled
apmd=service
    status=enabled
atalk=service
    InitscriptOrder=91
    MaxClients=20
    status=enabled
backup=service
    BackupType=desktop
    Program=flexbackup
    backupTime=23:55
    reminderTime=13:00
    status=enabled
blades=service
    Host=service.e-smith.com
    status=enabled
bootstrap-console=service
    ForceSave=no
    InitscriptOrder=35
    Run=no
    status=enabled
cpuspeed=service
    status=disabled
crond=service
    InitscriptOrder=40
    status=enabled
ctrlaltdel=service
    status=enabled
dhcpd=service
    Bootp=deny
    InitscriptOrder=65
    end=192.168.0.99
    start=192.168.0.50
    status=enabled
dnscache=service
    Forwarder=
    Forwarder2=
    TCPPort=53
    UDPPort=53
    access=private
    status=enabled
dnscache.forwarder=service
    status=enabled
ftp=service
    LoginAccess=private
    TCPPort=21
    access=private
    status=disabled
haldaemon=service
    status=enabled
horde=service
    DbPassword==********************
    imp=installed
    status=disabled
httpd-admin=service
    InitscriptOrder=86
    PermitPlainTextAccess=no
    TCPPort=980
    TKTAuthSecret==********************
    ValidFrom=
    access=localhost
    status=enabled
httpd-e-smith=service
    InitscriptOrder=85
    TCPPort=80
    access=private
    status=enabled
hwconfig=configuration
    CPUFamily=6
    MemTotal=196173824
    SMPCapable=no
imp=service
    access=SSL
    status=disabled
ippp=service
    InitscriptOrder=55
    status=disabled
irqbalance=service
    status=enabled
isdn=service
    Protocol=2
    UseSyncPPP=yes
    UserSyncPPP=yes
    status=disabled
klogd=service
    status=enabled
lilo=service
    AddressMode=linear
    DefaultKernel=Mitel-SME-up
local=service
    InitscriptOrder=99
    status=enabled
lpd=service
    InitscriptOrder=60
    status=enabled
masq=service
    DenylogTarget=drop
    InitscriptOrder=06
    Logging=none
    Stealth=no
    Trace=disabled
    pptp=yes
    status=disabled
maxAcctNameLength=31
maxGroupNameLength=31
messagebus=service
    status=enabled
microcode_ctl=service
    status=enabled
modPerl=service
    status=disabled
modSSL=service
    CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
    TCPPort=443
    access=private
    status=enabled
mysql.init=service
    InitscriptOrder=99
    status=enabled
mysqld=service
    InitscriptOrder=90
    LocalNetworkingOnly=yes
    status=enabled
named=service
    RndcKey=sulqdNAocXDpJHsCwfSZpjGyhEoOr0hdNxdzPJGSSLmwB0hPsrpHmcrOiX0q

    chroot=yes
    status=enabled
network=service
    InitscriptOrder=10
    status=enabled
nmbd=service
    UDPPorts=137,138
    access=private
    status=enabled
ntpd=service
    InitscriptOrder=55
    MemLimit=12000000
    NTPServer=
    SyncToHWClockSupported=yes
    status=enabled
nut=service
    MasterPass=GgK0Caff+fm8rF+D1X5ZZo/7n6QDrgPvVa3hEbNmF4TVwpRXFdrr5od55WbYPf35tHGxG59XWO+C
    Model=newhidups
    SlavePass=nlxRFGf0Duqs9oPY1m3TVJL/BL4hAHD157qxOB1ggqv6XBARiIysikYJ6u6/gA+4GfGxFt5Owfub
    status=disabled
oidentd=service
    TCPPort=113
    access=private
    status=enabled
pam_abl=service
    status=disabled
pam_tally=service
    status=disabled
passwordstrength=configuration
    Admin=none
    Ibays=none
    User=none
    Users=strong
php=service
    AllowUrlFopen=Off
    status=enabled
pppoe=service
    DemandIdleTime=no
    InKernel=no
    InitscriptOrder=57
    SynchronousPPP=no
    status=disabled
pptpd=service
    TCPPort=1723
    access=public
    sessions=1
    status=enabled
qmail=service
    InitscriptOrder=80
    MaxMessageSize=15000000
    status=enabled
qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled
    LogLevel=8
    MaxScannerSize=25000000
    RBLList=sbl-xbl.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
    RHSBL=disabled
    RequireResolvableFromHost=no
    SBLList=dsn.rfc-ignorant.org
    access=public
    status=enabled
radiusd=service
    status=enabled
raidmonitor=service
    status=enabled
random=service
    InitscriptOrder=20
    status=enabled
serial-console=service
    BaudRate=19200
    Device=ttyS1
    status=disabled
smb=service
    DeadTime=10080
    DomainMaster=yes
    InitscriptOrder=91
    KeepVersions=disabled
    OpLocks=enabled
    RecycleBin=disabled
    RoamingProfiles=no
    ServerName=fileserver
    ShadowCount=10
    ShadowDir=/home/e-smith/files/.shadow
    UnixCharSet=ISO8859-1
    UseClientDriver=yes
    Workgroup=e-smith
    status=enabled
smbd=service
    TCPPorts=139,445
    access=private
    status=enabled
smtp-auth-proxy=service
    Debug=0
    Passwd=
    Userid=
    status=disabled
smtpd=service
    Authentication=disabled
    ExternalInterfacesFilter=/var/qmail/bin/qmail-spamc
    Instances=40
    InstancesPerIP=5
    InternalInterfacesFilter=/var/qmail/bin/qmail-spamc
    MaximumDateOffset=0
    PatternsScan=disabled
    Proxy=enabled
    RBLList=bl.spamcop.net:dynablock.njabl.org:sbl-xbl.spamhaus.org
    TCPPort=25
    TCPProxyPort=25
    VirusScan=enabled
    access=private
    status=enabled
    tnef2mime=enabled
sqpsmtpd=service
    access=public
    status=enabled
squid=service
    EnforceSafePorts=no
    InitscriptOrder=90
    SafePorts=21,70,80,81,119,210,443,563,980,1024-65535
    TCPPort=3128
    TCPProxyPort=80:3128
    TransparentPort=3128
    access=private
    status=enabled
sshd=service
    InitscriptOrder=85
    MaxAuthTries=2
    PasswordAuthentication=yes
    PermitRootLogin=yes
    Protocol=2,1
    TCPPort=22
    UsePAM=yes
    access=private
    status=enabled
ssmtpd=service
    Authentication=enabled
    Instances=10
    TCPPort=465
    access=private
    status=enabled
statusreport=service
    DayOfWeek=5
    Hour=9
    Minute=40
    status=enabled
sysconfig=configuration
    InstallEpoch=1178723698
    KernelArch=i686
    KeyboardType=pc
    Keytable=uk
    Language=en_US
    PreviousSystemMode=servergateway-private
    Registration=none
    ReleaseVersion=7.1.3
    SoftwareRaid=no
    SystemID=0CC5F12A-FE40-11DB-BA78-FF7BBC73046B
syslog=service
    InitscriptOrder=05
    LogAll2VT6=no
    status=enabled
telnet=service
    PermitRootLogin=yes
    access=private
    status=disabled
testing=service
    destruction=0
tinydns=service
    UDPPorts=53
    access=localhost
    status=enabled
viewlogfiles=configuration
    DefaultOperation=view
wan=service
    status=enabled
xinetd=service
    InitscriptOrder=50
    status=enabled
yum=service
    AutoInstallUpdates=disabled
    EnableGroups=0
    GPGCheck=0
    PackageFunctions=disabled
    RandomDelay=120
    status=enabled


[stukirk]

Just to also clarify, I have another SME server on the network set to server only as an AFFA machine with fixed ip and gateway of the SME 192.168.0.5 and it too can't ping the outside world?

It is almost like there is something blocking direct access unless I use a browser and autoconfigure the proxy settings in it????

I am getting quite lost here, any suggestions????

Stu

[pfloor]

192.168.1.X on external interface and 192.168.0.X on internal interface.  I tried this myself once and it looks like it should work but I also had connection problems.

Re-configure the server through the admin console and try totally different IP's like:

192.168.1.101 on the external interface and
10.0.0.5 on the internal.

[stukirk]

Right.... been trying things to no avail so switched that server back to server only mode.  Installed SME7.1 on a new machine, ran all the updates configured just as the other machine but with no email, no ibays, no users apart from admin and the same networking details as before.  all works fine....????

this brings me back to thinking it is a legacy setting coming through on the update/restore......???

Is there a simple way of restoring users/email/ibays without all the rest of the config or am I just better off setting up the users again and copying the data across?  I want to avoid as much manual copying as possible as it could go screwwy and is 80gb and I don't have time to down the server for a few days I seem to only get a couple of hours max for any downtime....

Ideas? on how to sort the config on the old machine or copy the data across???

Cheers,

Stu