Topic: Not possible to access webmail from public IP

[erikindre]

The subject pretty much sums up my problem.
I have enabled public https access from the server-manager. My front page at http://hetlevikaasen.hopto.org is reachable, but at http://hetlevikaasen.hopto.org/webmail the page can not be shown. Everything works from the LAN in which my server is located when I use the LAN-IP.

What could be the problem?

[cactus]

The subject pretty much sums up my problem.
I have enabled public https access from the server-manager. My front page at http://hetlevikaasen.hopto.org is reachable, but at http://hetlevikaasen.hopto.org/webmail the page can not be shown. Everything works from the LAN in which my server is located when I use the LAN-IP.

Is there another firewall between the WAN side of your server and your internet connection? If so did you open port 443 (http over SSL a.k.a. https) as this is required for webmail?
Are you able to view your main site over SSL, https://public-ip from outside your LAN?

Edit: changed url prefix to https

[mrjhb3]

Port 443 is not open.  If I do a

Code: [Select]

telnet hetlevikaasen.hopto.org 80I get a response from your server.  If I do a

Code: [Select]

telnet hetlevikaasen.hopto.org 443 nothing.

John

[erikindre]

Thanks both of you!
My external firewall is a buffalo wireless router running dd-wrt.
The IP of my SME-server is set as DMZ-ip in this router, so everything is accessible from the outside.
I suspect that the problem may has something to do with the internal firewall settings in SME-server (iptables), or could there be something else that restricts the access to port 443?

[mmccarn]

Everything works from the LAN in which my server is located when I use the LAN-IP.

If this includes webmail using https, then your SME should be fine and you should look at the router.

I, like mrjhb3, find that port 443 does not respond at all from outside your network.  If https is working from your local network then something is preventing this traffic from getting to your SME from off-site. 

Is 443 configured as a specific port-forward in your router (a specific port forward will override the DMZ setting in most routers)?

[MasthaX]

have the same problem, i portforwarded everything. but it doesnt work. i just get an 404 meaning it simply isn't there but when i access it from local network it loads the webmail page.

[cactus]

have the same problem, i portforwarded everything. but it doesnt work. i just get an 404 meaning it simply isn't there but when i access it from local network it loads the webmail page.

My guess is you made some sort of error... you did modify the portforwards at the router inbetween the internet access point and your SME Server? Did you restart/reload the settings? Another orion could be that your provider is not allowing https traffic.

Perhaps it is time to look through your log files to see what goes wrong. Start by looking at the httpd log (/var/log/httpd/error_log and /var/log/httpd/access_log) files at the time the error occured.

[mrjhb3]

Both of you go to www.grc.com and run shields up.  That should prove to you whether or not the ports are open for external access.

JB

[cactus]

Both of you go to www.grc.com and run shields up

Or as an alternative: http://www.derkeiler.com/Service/PortScan/

[micropitt]

I had at one time a SME Server connected to the DMZ port from a Linksys Router and I still had to enable port forwarding in the Router.

Is the server running in "Server Only" mode or as "Gateway"?

[erikindre]

Thanks guys! Problem solved!

I had forwarded port 443 to another coputer when I tried out an application called JAP for anonymous surfing, and had of course forgotten to remove the entry....

Sorry for bothering you with my own stupid mistakes

[MasthaX]

This is my report from derkeiler.com

Code: [Select]

Starting nmap 3.77 ( http://www.insecure.org/nmap/ ) at 2007-08-21 00:41 CEST
Initiating Connect() Scan against xxx.dsl.speedlinq.nl (xxx.xxx.xxx.xxx) [1663 ports] at 00:41
Discovered open port 21/tcp on xxx.xxx.xxx.xxx
Discovered open port 80/tcp on xxx.xxx.xxx.xxx
Discovered open port 25/tcp on xxx.xxx.xxx.xxx
Discovered open port 443/tcp on xxx.xxx.xxx.xxx
Connect() Scan Timing: About 47.78% done; ETC: 00:42 (0:00:32 remaining)
Discovered open port 993/tcp on xxx.xxx.xxx.xxx
The Connect() Scan took 56.24s to scan 1663 total ports.
Host xxx.dsl.speedlinq.nl (xxx.xxx.xxx.xxx) appears to be up ... good.
Interesting ports on xxx.dsl.speedlinq.nl (xxx.xxx.xxx.xxx):
(The 1658 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE

21/tcp open ftp
25/tcp open smtp
80/tcp open http
443/tcp open https
993/tcp open imaps

Nmap run completed -- 1 IP address (1 host up) scanned in 56.340 seconds

Where xxx.xxx.xxx.xxx is my IP adres and xxx is my FQDN


edit: my bad, all IP entries are gone now.

[cactus]

This is my report from derkeiler.com

Where xxx.xxx.xxx.xxx is my IP adres and xxx is my FQDN

Nice to know which ports are open, who asked for it? You might want to edit the post again as you still left one instance of your ip number there.