Topic: Access server manager from internet

[cipandales]

Good Day !

I want to acces my server with server manager interface from outside (internet).
And i want to make acces for any ip adresses.

Can you help me and tell me how i can manage this ?

Thanks

[mercyh]

Use VPN.

http://wiki.contribs.org/VPN_practical_tips

[cipandales]

Thank you !

Is there any other method ?
I mean, to ad/modify a firewall rule to have external access to server manager ?
Is to complicated to make vnc to work.

Thank you !

[mercyh]

Is there any other method ?

RDP in to an XP/Vista workstation is another option.

I mean, to ad/modify a firewall rule to have external access to server manager ?

I don't think it is that hard to do. I would never recommend it for security reasons. You would have to add the WWW to your list of trusted networks and that opens up everything.

Is to complicated to make vnc to work.

If your server is the gateway/router it is very simple.

[Igi2003]

Yes, you can change the configuration db to enable public httpd-admin service easy.
Just change the string "httpd-admin=service|PermitPlainTextAccess|yes|TCPPort|980|TKTAuthSecret|don't-change-your-crypt-string!!!|access|public|status|enabled"

then make signal-event post-upgrade and signal-event reboot

After that, the server-manager Panel and the Password-Change Panel is accessible from extern (Internet Gateway or IP)

Mfg Igi

[Stefano]

Yes, you can change the configuration db to enable public httpd-admin service easy.
Just change the string "httpd-admin=service|PermitPlainTextAccess|yes|TCPPort|980|TKTAuthSecret|don't-change-your-crypt-string!!!|access|public|status|enabled"

then make signal-event post-upgrade and signal-event reboot

After that, the server-manager Panel and the Password-Change Panel is accessible from extern (Internet Gateway or IP)

Mfg Igi

this is, IMO, very dangerous..

in this way everyone out there colud access your server.. is this REALLY what you want?

if you want to access your server-manager in safe mode without vpn, you can take a look at ssh and ssh-tunnels (google for it)

My 2c

Ciao
Stefano

[cipandales]

Thank you !

How exactly i can change the string ?

This line below doesn't work !


"Yes, you can change the configuration db to enable public httpd-admin service easy.
Just change the string "httpd-admin=service|PermitPlainTextAccess|yes|TCPPort|980|TKTAuthSecret|don't-change-your-crypt-string!!!|access|public|status|enabled"

then make signal-event post-upgrade and signal-event reboot

After that, the server-manager Panel and the Password-Change Panel is accessible from extern (Internet Gateway or IP)

Mfg Igi "

[Stefano]

cipandales

don't play with the db/config commands if you don't know what you are doing.. you could break your server.

and, I repeat, opening the server-manager to the wan in that way is bad.

ciao
Stefano

[cipandales]

Thank you, Stefano, but i need to work with server manager from another location.
It is a must.

So, maby you can help me to do this safe !

Thanks

[Stefano]

ok

what part of

you can take a look at ssh and ssh-tunnels (google for it)

didn't you read?

btw, read this:
http://www.gb.nrao.edu/pubcomputing/tunnel-howto.shtml

HTH
Ciao
Stefano

[cipandales]

 

That's a misunderstanding:
i must make the changes on sme server because i can't use any programs on workstations i'll use except ie/firefox/whatever.
And, also, it will be necessary to make changes for users, i-bays etc. even from the phone (iphone and others).

Thank you !

[Stefano]

That's a misunderstanding:
i must make the changes on sme server because i can't use any programs on workstations i'll use except ie/firefox/whatever.

putty doesn't require setup so you can simply drop it on your desktop and double click on it

And, also, it will be necessary to make changes for users, i-bays etc. even from the phone (iphone and others).
Thank you !

I use an HTH smartphone with wm2003.. I use putty on it..

btw, please explain why you can't use anything different from a browser..
there's no safe way without ssh/vpn

Ciao
Stefano

[Igi2003]

I understand it, he has a workstation on work without any rights to change a network configuration or make an VPN dialout. Then he can only make changes over the server-manager who is accessible from the Internet.
It is dangerous, yes, but it is his own risk, and when he ask for a method to access the server-manager from the Internet an opened it, thats his problem.

My httpd-admin is open for public access because my OX User must change their password themself. And, do you know on whitch dynamic IP is an SME?
My SME is open for the last six months, and till today, there's no security problems. Only on FTP Port my SME register requests, but not on Port 443.

Changes in configuration db directly, you made with vi or mc.

Mfg Igi

[cipandales]

Yes, Igi has right.

So, how can i make the firewall changes ?

Explain me like i'll be a novice user (i have switched from bsd - os x server to sme).

Thanks a lot

[janet]

cipandales

...how can i make the firewall changes ?

Don't make any changes using db commands as suggested in this thread, or templates either.

If you are really desperate to open your server manager to ANYONE, and willing to take the BIG security risk, then look in server manager, as the facility is already there in the Remote Access panel under Remote Management.

I'm not going to tell you what to enter there to achieve what you want, but if you search these forums on one of those names you will find what you want.
Make sure you have a really strong and long password on your server manager.

It would be a much better (safer) option to install the user manager contrib and restrict the access that various users have to limited panels via user manager (which is a cut down server manager panel) for users, rather than for admin.