Topic: HELP:Sme Server - Web Server

[rockyoyster]

I have installed the SME Server for personal use. I want to take
advantage of the web server and FTP features. I installed it in SERVER ONLY MODE. I access everything from the local network fine. But when I try to access it from outside the network, I get no response. Previous to this setup I was running Apache in Debian and it worked fine. So I know the equipment is good. I think I'm missing some security settings somewhere. I was under the impression that in server only mode, the Primary directories would have no security, hence the need for it to be behind a firewall/router. Is this correct? If not, can someone point me in the proper direction as far as how to edit the HOSTS file and/or httpd.conf files; if that is where the issue is? I am able to ping everything from within the network. When I pingfrom the server to the  outside the network it doesn't give me an Unreachable destination, I just get no reply. As if all incoming traffic is being blocked. But I'm not sure where or how to unblock it properly.


Broadband Modem connected to Linksys Router.
Linksys Router connected to Server.
Linksys Connected to a laptop and dekstop as well.
Port 80 is being forwarded to the server.

Any suggestions? I don't necessarily need answers, just directions. I've done fairly well in the past debugging something like this, but I'm just a bit lost this time...

Thanks!!!!!

[hordeusr]

I assume you are trying to reach http on that server via your verified external IP address from a different Internet connection that the one hosting the server (if your router can do loopback and you have it enabled you can hit the external ip from inside your network).  I also assume you aren't using DNS for testing yet.  http (port 80) should work from any network that can reach your server without modification.  If the port 80 forwarding to the SME server on the router is working and your ISP isn't blocking port 80 it should work.  I have the same setup (different router).  As a test I would setup a simple web server on a different computer on the network, and change the port forward to that ip address...to verify the port foward is working as it should.  If you are using dns to hit the server, make sure you have an entry in the "domains" on the SME server.  As far as pinging goes, some ISP's also block ping....mine does.  Your router may also be stopping the ping on the way back.  Also verify internet access on the SME box via lynx

Simple web server for windows if you need it....
http://www.analogx.com/contents/download/network/sswww.htm

[rockyoyster]

I assume you are trying to reach http on that server via your verified external IP address from a different Internet connection that the one hosting the server

Yes, that is correct. What do you mean by verified? I used my neighbors wireless connection.(with permission of course!) And I also tried from work. All of which worked with my previous setup.

[rockyoyster]

I installed the simple server for windows on the laptop and sent port 80 over to it and it appears to be working fine. Page loads right up.. I really think that the SME server is blocking the port. How can I test the ports on the server? I ran i beleive netsta and it shows port 80 as listening.... the hosts.allow and hosts.deny appear to be ok.. but I'm not sure.. I think I'm off for a Hosts 101 course... any more input would be appreciated.,
thanks!!

[hordeusr]

It really should just work...on an unaltered SME install.  Have you done any unusual configuration changes?  Any information in the log files?  I've set-up many of these as a server-only with a simple port forward of 80/25/whatever else I need and it works flawless.  If you are really stuck you can try:

signal-event post-upgrade
signal-event reboot

This worked one time for me when I had a strange problem.  Why it works locally and not via the port forward is a mystery to me.

[rockyoyster]

I am going to try those two, then I will re-install from scratch. I hadn't changed anything. I'm gonna try hooking it up direct to the modem without the router and see if it works. Otherwise I think I will do a clean install and see what happens. If no go, I will install XAMPP on it and see if it still works. I let you know..

Thanks!!

[rockyoyster]

I burned a new image of the server and reinstalled and the exact same thing happens. I can not access anything from outside my network. Now i'm sad.

I did server only.
I didn't turn on DHCP.
I changed the mycompany.local to a XXXXXX.COM
The IP I changed to 192.168.1.100
Netmask is 255.255.255.0 (default)
The gateway is 192.168.1.1
I named it server
I did not specify a DNS server.

Works fine from home.. I'm real sad now.

[bpivk]

1.) go to shields-up and check your ports (www.grc.com)
2.) report your findings here
3.) if you didn't try it yet: try to connect from another location trough your ip not dns

[rockyoyster]

That was exactly something that I was looking for. It appears that it confirms my thoughts. But I don't know how to open the port. All config file that I look into appear to show port 80 open, but it's apparently not?


----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2007-06-12 at 18:57:48

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

[rockyoyster]

I am able to access the internet with lynx. So the ETH0 is working. I am also able to update the software with YUM through Server Manager. But I simply can not access under construction web page outside of my local network. I am no Linux wiz, and this is by far my worst experience with anything linux. I'm sure it's an operator idiocy. Perhaps I should go back to Debian/Xampp and try to be merry... I'm sure glad I out grew the Monitor Through The Window stage.

Thanks!!

[bpivk]

I think that it's something to do with the router (wrong ip maybe) because i never had all the ports stelthed unless i used my router.
Use the "ifconfig" command. You should get some info about your nics and their ip's. Then use the apropriate ip in your router to forward the ports.
Repeat the shields up test after you're done with configuring the router.

[rockyoyster]

Maybe the router is no good. But when I replaced the server with my laptop running a simple www server it worked fine. It also worked fine when I had Debian and XAMPP running on the same box, same router settings. All I did was install a fresh SME on there. The actual error is that the server is taking too long to respond. Would it be possible to turn off any and all firewall settings and leave it more open then it should allready be? As much as I'd like to walk away from these; I really need to know why this doesn't work. Maybe I just need a lobotomy. Anyhow, lemme know what you think. I did the IFCONFIG and the port is being forwarded to that IP. The gateway is correct as well.

[bpivk]

SME (in gateway mode) shouldn't have any firewall so that shouldn't be a problem (and it shouldn't be even if he had it's firewall enabled).

Did you try a small test. Put your server's on DMZ and check if it works. It's not recomended but well se what happens when you do that. Then you'll know if your router is blocking the ports. But i agree it should work if you're routing the correct ports but i had a similar problem with my belkin router which wouldn't route SME traffic and even the tech support didn't know why.

[rockyoyster]

I also DMZ'd the IP and still nothing. I tried running the ShieldzUp with Lynx and it is still bringing up port 80 as stealth.

[rockyoyster]

I truely feel it's something in the Iptables. Which makes no sense.   Unfortunately, I'm not too swift with deciphering the MASQ file. I can forward that port to anything else and it works fine. I'm gonna try to connect to it with HttpS( that's secure connection right?) When I DMZ'd my laptop port 80 came through stealth but port 403 was open. 403 is the https port i beleive?

It works with the https. yee haw!?

Perhaps my ISP is stealthing the ports for me? even so, I have and am
still able to run apache here and have it accessible from outside the network. Would that lead to a configuration/rules issue?