Topic: Remote Access from WAN

[ronaldson40]

I would like to know if this sort of a setup is possible....

I have a USR 9108  router which is also a gateway

http://www.usr-emea.com/products/p-broadband-product.asp?prod=bb-9108&loc=unkg



and my computers are connected this way


SME is one of the clients of the USR and is in server mode.

I am using No-Ip.com services which helps me by reporting my WAN Ip.

Presently when I enter my WAN IP in the IE, I get the USRs login page.
I am able to login and configure the settings of my USR. I am also able to SSH and telnet to the USR.

What I want to do is I want to be able to access the server manager of SME server and possibly SSH to the SME from any computer in the world...i.e from WAN....

My LAN Ip addresses are of the range 192.168.1.x/255.255.255.0
and 192.168.1.1 is my USR address.

The SME has an ip 192.168.1.2.

How should I proceed so that I am able to access the SME server from WAN since I travel a lot...

I am aware of something called Port Forwarding which is achieved through Virtual Server concept in USRs.

How should I proceed if possible?

[Stefano]

How should I proceed if possible?

reading user's manual of your router.. I'm sure you'll find everything you are looking for

Ciao

Stefano

[imcintyre]

I have a similar set up and do this all the time. A solution is to set up VPN access through your router, VPN into your network and then connect. There may be other solutions but I am not an expert.

I am not certain if this is the most secure method either but I think any exposing of your server or network has issues. You might want to give this some thought.

I don't know anything about us robotics routers so I can't advise you on "how to", but as previously noted it is probably in the manual.

[ronaldson40]

I tried it by setting up a virtual server in USR

Server       IP ADDRESS         External Port      Internal Port
SME           192.168.1.2          1022                         22
I soft booted the USR and went to Putty entered my WAN IP and port as 1022... I even tried switching on the DMZ to 192.168.1.2
However no luck..

I checked if my port was open.... I verified using the Shields-up page
https://www.grc.com/x/ne.dll?bh0bkyd2

It reported that the port was open.

[imcintyre]

<~~ not an expert but, a reminder that telnet is not secure, you want to disable telnet at least from the outside world.

comment re vpn deleted

Ronaldson; never mind my comments re vpn, I see that the device supports vpn passthrough not offering vpn

[OzMoosis]

I tried it by setting up a virtual server in USR

Server       IP ADDRESS         External Port      Internal Port
SME           192.168.1.2          1022                         22
I soft booted the USR and went to Putty entered my WAN IP and port as 1022... I even tried switching on the DMZ to 192.168.1.2
However no luck..

I checked if my port was open.... I verified using the Shields-up page
https://www.grc.com/x/ne.dll?bh0bkyd2

It reported that the port was open.

It looks to me like you're using the correct method for forwarding the ports. Are you testing the access to your server-manager / SSH from inside your own LAN? Maybe that's why you're having problems. I know that I can't access my S-M from inside my own LAN either if I use my WAN IP-address.

Also, (silly question, maybe...) have you configured your SME-server to allow remote secure-shell access from the internet?

Oz

[ronaldson40]

Yes..

[Brave Dave]

That isn't how I would do it;

Set the Server to Server-Gateway, connect the router to the public network card, allow PPTP connections and pass the pptp port through to the public side of the server

then just vpn in

This is the standard setup, you are asking advice for setup that is against the design principals

[ronaldson40]

Do I need to install anything on the sme for vpn?

How should I do the vpn part? I will be using xp laptop to access sme from WAN?

[Brave Dave]

You probably should start here - the PPTP part
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11

[ronaldson40]

Thanks for your reply...

In the Manual, it has been said that use the SME instead of your router.
This is my PC config
3.2 Dual Core
1GB RAM
2 NIC
1 DLINK PCI MODEM
1320 GB HDD

=======
So should I use DMZ on the USR to the SME for this? or should I connect the ISP telephone line connected to the USR ADSL to the fax modem??
My ISP uses PPPoA

[socate]

I think you SME is define as a standalone server and not as a gateway, so I think you will have only one NIC with local IP 192.168.1.2. So, if you want to access your WEB UI from internet forward necessary ports (443, 80, 81) to 192.168.1.2 and access from Internet with https://your_public_ip/server-manager

or, you can redirect some ports (for example port 12345) to 443 to "complicate" the access!

[ronaldson40]

I tried this... not workin....

I put a fwd rule i.e port 80,81,443 to 192.168.1.2. This gave me a msg saying that the router 80 has been moved to 8080, restarted my router, and checked the Shields up site, said the port 80 was open...

so I used http://myWANIP/server-manager

I am getting IE cannot find the page...

What I am thinking is to connect my CPU directly to the ISP line and removing the USR which I have seen on other boards has a lot of complaints regd its rigid firewall and stuff...

If SME server handled my router's activities I would have fine-grained control, plus I could run a fax server also.

I have heard of something called smoothwall, but it allows you to use your comp only for firewalling, nothin else can be run. SME is better that way... u cud have a firewall, a webserver, fax server,etc....

Is there a HOW-to to convert a CPU to a router... I could implement the same thing using the SME.

Initially I used to use a Linksys router WAG54Gv2 which easily allowed me to setup these services.. USR is a failure at this....

[socate]

I tried this... not workin....


so I used http://myWANIP/server-manager

Try https and not http

[bpivk]

I tried this... not workin....


so I used http://myWANIP/server-manager

Try https and not http

It won't make a difference. And wan doesn't work if you're on the same line with SME. You'll have to test wan access from a different internet line.