Topic: Proxypass question ??

[cactus]

If you want to make the webinterface from access accessible to the outside world you could use proxypass. The wiki holds the proper commands to do so: http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass

I guess it might not have worked as you have created an ibay for it which is not necessary and could be in the way, so you should remove the ibay using the server-manager, previous to configuring the proxypass.

Furthermore you need to replace the proxypassdomain.com value with your full qualified domain name (FQDN) and point to the ip number of your exchange server (perhaps including the /exchange location).

[steve288]

Cactus (or anyone)
Thank you for your response I have looked at the wiki many times but I have questions that seem to be outside its scope.

In particular Im trying to answer one question regarding, if it needs to be an FQDN or just an IP Address.

My Sme server has a permenent ip address. But It does not have not have a FQDN.  The Ip address will never change. We pay for it. Does this mean that I cant use proxy pass. Does it not work with external IP addresses only FQDN.

If I really do need a domain name, could I use a free service like DynDNS to create a FQDN and would that work in theory?

Regards

[cactus]

Thank you for your response I have looked at the wiki many times but I have questions that seem to be outside its scope.

In particular Im trying to answer one question regarding, if it needs to be an FQDN or just an IP Address.

I do not know, but I guess it needs the FQDN, you could try it by using the IP-number though.

My Sme server has a permenent ip address. But It does not have not have a FQDN.

I seriously doubt that, what does this command yield to you n(from outside your network):

Code: [Select]

nslookup ip-number
You could also test it using this website for instance: http://www.ipaddressguide.com/dnslookup.aspx

[steve288]

I logged on to my home computer using logme in then ran and went to web site you suggested.

the result I got was ...

  207.xxx.xxx.xxx Unreachable....

I tried to putty into from home and got same result basically.

However
When I ran the same command using an ip that we have which is currently our mail gateway I got
207.xxx.xxx.xxx PTR record: mail.abccorp.com

So Im fairly convinced that the ip address for the sme box does not have domain name.

[pfloor]

I logged on to my home computer using logme in then ran and went to web site you suggested.

the result I got was ...

  207.xxx.xxx.xxx Unreachable....

I tried to putty into from home and got same result basically.

However
When I ran the same command using an ip that we have which is currently our mail gateway I got
207.xxx.xxx.xxx PTR record: mail.abccorp.com

So Im fairly convinced that the ip address for the sme box does not have domain name.

Just dawned on me...If you don't have a FQDN, then how does the exchange server get any email?  Is it fetching it from elsewhere?

[steve288]

Here is the thing. This is a test bed with the eventual goal of using it.

Currently we use another sme computer for our spam and virus filter. Mail comes into it which has a domain name of mail.sme6_ourdomain.com then with sme & exchange magic does it picks up the mail from the mail.sme6_ourdoamin.com. This computer is sme 6. We built this new comptuer on sme 7. Eventually we want to swap the 6 for the 7. But we want to set it up and get it to forward the outside users to the internal exchange. We would like to get this working now to see if we can do it. I tried it in the past on our sme6 computer and had no luck. That was 6 or 8 months ago. Now Im making an atempt on sme 7 hoping that the panels and perhaps advancements will make it easier.

Make sense?

Regards

[pfloor]

Make sense?

Regards

Clear as glass.  I'm afraid however you will need to assign a FQDN to your test machine because (AFAIK) you need an FQDN for proxypass to work.  Do you control the DNS records for the primary domain that you currently have set up.  If you do, add a temporary subdomain and point it to the test machine and try again.  Eg:

If main domain is ourdomain.com -> xxx.xxx.xxx.xx1
Then make DNS record of subdomain exchange.ourdomain.com -> xxx.xxx.xxx.xx2

Then get rid of all your old settings, the ibay named "exchange" and make sure there is nothing in the server left over from the previous tests and do the following commands:

db domains set exchange.ourdomain.com domain
db domains setprop exchange.ourdomain.com Nameservers internet
db domains setprop exchange.ourdomain.com ProxyPassTarget http://10.1.0.2/exchange/
db domains setprop exchange.ourdomain.com TemplatePath ProxyPassVirtualHosts
signal-event domain-create exchange.ourdomain.com

Wait 15 minutes to 24 hours for the DNS to populate and point your browser to http://exchange.ourdomain.com (note that I made the directive go directly to /exchange so you won't need to type it in the browser.)

Now let me put my 2c worth on this proposed setup.  Using http for email is highly insecure and I wouldn't recommend it, especially if the company emails ANY personal information.  Using https with proxypass has it's own issues (namely certificate issues).  Have you considered VPN?

[steve288]

Thank you pfloor your answer is clear as Glass.

We are a small outfit and dont know if we control the DNS records. I mean we have a domain name and several static IP's after that Im not sure. Im unfamiler with this area and dont know how to do this ? Do you have any idea how I can find out if we can add a new name?

Secondly regarding the VPN question. This is a good question and indeed that is how we in the It department access our email. First we set up a VPN connection through the sme6 computer then download our mail. However for other end users this is far too cumbersome and complex. I'm open to suggestions, but not sure there are many. Using https may be a slightly better answer at least.

Regards

[mercyh]

Steve,

We are a small outfit and dont know if we control the DNS records.

You should be able to easily find out. Go to:
http://member.dnsstuff.com/pages/tools.php?ptype=free

Put your domain name in the WHOIS/IPWHOIS Lookup box and you will get the contact info for your domain, if that happens to be the person in the next office you may be in luck.

[steve288]

Yes thanks thats a good idea,
thanks