Based on current info given...
Since my crystal ball has a (50 mile range limit) please select
1 - SME server only mode (no firewall ahead)
2 - SME server only mode (external firewall ahead, SME on DMZ)
3 - SME server only mode (external firewall ahead, SME on LAN) (Firewall PF 80 to SME,
NO PF on SME)
4 - SME server-gateway mode (no firewall ahead)
5 - SME server-gateway mode (external firewall ahead, SME on DMZ)
6 - SME server-gateway mode (external firewall ahead, SME on LAN) (Firewall PF 80 to SME,
NO PF on SME)
From info given assume # 3 or 6 ???
While 2 or 5 are optimal.
What Firewall is currently ahead of SME.....brick (i.e. linksys etc.) or FOSS (i.e. smoothwall etc.)??
Assume FOSS...?
Is the NEW Host on SME LAN or External Firewall LAN..??
Can we see the results of.... db domains show
Then we can see if the proxy is setup as it should be.
After the second solution, browsing to 192.168.1.1 stopped giving me the "under construction" default web page for the address of my server on port 80
Did you set that P.F. on SME or the firewall or both..?? (
NO PF should be required
ON SME)
Clear indication something is a foobar, the
SME does not need the Fort Porword for #'s 3 & 6 above.
Port Forward ON SME will forward
ALL 80 requests (
including 'www.mySMEserver.xxx' and 'www.mySMEserver.xxx/server-manager')
Don't think that is what your looking to do here..?
Your looking to create a
Virtual Host i.e.
example.mySMEserver.xxx and
direct that (not a redirect) to a remote host (same/different subnet).
If the New Host requires
external (wan) access via SME you need Step 3,.....
internal subnet access only - omit Step 3.
These steps accomplish that and
should not effect/redirect in any way...
mySMEserver.xxx or mySMEserver.xxx/server-manager or xxx.xxx.xxx.xxx/server-manageror their www counter parts that are reflected in the DNS records.
Step 1 >> Test/Verify New Host
Download superscan 3 (windoze) and port scan your new host, port 80 should be open.
http://www.foundstone.com/us/resources/proddesc/superscan3.htmThat will tell you the new host is ping-able and port 80 is open on the new host (
both required).
Step 2 >> Setup Hostnames and addresses select '
remote' option.
Incidentally, the domain that was supposedly created in that solution never showed up in my domain control panel under server-manager.
The new host should appear under Server-Manager > Review configurationTest new host via
NewHostName.mySMEserver.xxx without www. prepended and while on SME's local subnet.
That confirms local access is working.
then
(only if external (wan) access via SME is required to the New Virtual Host)
Step 3 >> Provide for external (wan) virtual host access via SME's proxy
db domains set proxypassdomain.com domain
db domains setprop proxypassdomain.com Nameservers internet
db domains setprop proxypassdomain.com ProxyPassTarget http://xxx.xxx.xxx.xxx/
db domains setprop proxypassdomain.com TemplatePath ProxyPassVirtualHosts
signal-event domain-create proxypassdomain.comPost here the above lines you used so we can see what you setup and also the Hostnames and addresses setup.
It's very hard to offer advice without that imperative info...(shooting in the dark)The above steps assume you have no special requirements.Since the host is on a different subnet you will more then likely need a DNS record,
if you are accessing the New Host externally via SME Server.
Side Note:Set-ups # 4-6 above may be a preferred setup to better control access to the New Host via SME, which is in fact the purpose of the proxy (Hide Me) concept.
Sending the proxy to another subnet adds that subnet to the Hacker's subnet list (which you indicate your doing).
Hack SME and you have two subnet's for the Hacking price of one. (that's 510 possible IP's) when you only need to expose 255 IP's.
That's SME's subnet and the subnet you proxy to, which = 2 subnet's in the sys config on SME.
Proxy to a Client LAN and that's Hacker's Heaven.
Server's and Client Lan all in one shot....bam.
So.... # 5 suddenly becomes the winner.
If your external firewall can proxy then you would proxy to SME and proxy to New Host (different subnets) which provides subnet isolation.
Keep in mind any "Port Forwards" or "Pin Holes" may violate the subnet isolation.
Set-ups # 3 & 6 may not give much joy in the future (your mileage may vary) & (some re-assembly will be required).
Download & install the 4099.funlove virus and you won't fall in love nor have fun, however you will learn about subnet isolation.
In less then a blink of an eye your network clients are wiped out and you won't know it ...until.... it's tooooooooo late.
A good virus want's to propagate itself (in background) by seeding client's on the network, 510 or 255 is your choice...your config.
Hackers & Viruses
EAT what
YOU feed them....like Bear's.
So don't feed the Bear's..!!!192.168.1.1:8080/server-manager
***** Why is that on 8080..??????192.168.1.1/server-manager
#Should just work.Primary domain/server-manager
#Should just work.Both are port 80 to start, SME will redirect 80 to ssh from there (SME default).
Is your ISP blocking 80
and/or your trying to spoof it..????
I must me missing a step or not understanding something.
Possibly...however I see in my crystal ball (50 mile range limit) that you will see great networking joy in the near future..!!
Follow the yellow brick road...!!
hum...interesting....
HTH
Have a good day....
18 Replies
4559 Views