Topic: Changing server mode

[JoshuaR]

Hi,
I've been using the same SME install since about 6.x or 7, just installing upgrades until now I'm up to 7.3.  Anyway, I've had it set up in Private Server and Gateway mode, but recently I've wanted to provide external web site access, so I've changed the mode to Server and Gateway mode, the problem is that you still can't access the web server externally.  I'm not sure whether it's because I've upgraded it from the last few versions rather than a clean install, but I was wondering if anyone else has come up against this?

[cactus]

Hi,
I've been using the same SME install since about 6.x or 7, just installing upgrades until now I'm up to 7.3.  Anyway, I've had it set up in Private Server and Gateway mode, but recently I've wanted to provide external web site access, so I've changed the mode to Server and Gateway mode, the problem is that you still can't access the web server externally.  I'm not sure whether it's because I've upgraded it from the last few versions rather than a clean install, but I was wondering if anyone else has come up against this?

Is there some other firewall in between your server and you WAN connection perhaps? Any clues in the web server log files?

[JoshuaR]

Nope, there's a router (whoops, meant modem ) in bridge mode, but the SME box is handling the PPPoE connection. I'll have a look at the log files.

edit: Can't really see anything in the log files either...

[janet]

JoshuaR

There were some earlier issues with switching from private to public modes.
Check the actual settings with
config show |more

You may see a setting that is not correct.
Search bugzilla also.


If you can install sme7.3 to another test server in server and gateway mode and compare the settings, you may identify the problem.

[JoshuaR]

Check the actual settings with
config show |more

At initial glance I can't see anything wrong...I'm thinking I'll just go for a clean install...I don't want to lose all my contribs , but I guess it's probably good to start from scratch...

[arne]

To check if there is any open ports: https://www.grc.com/x/ne.dll?bh0bkyd2

Of course it is a good ide to test with another gateway or a workstation if it does not work.

[CharlieBrady]

At initial glance I can't see anything wrong...I'm thinking I'll just go for a clean install...

That is likely to be just a waste of time. Just work out exactly what the problem is and then fix it (if you can - if your ISP is blocking port 80 inbound you won't be able to fix it).

[arne]

Thats true, but forwarding as an example external port 8080 (or some other open port) to localhost port 80 might work. (??!!)

[black_128]

Make two domains, MYFIRM.LOCAL and MYFIRM.COM (for sample). Primary domain is MYFIRM.LOCAL Make in customisations domains similarly:

Current list of domains Domain name Brief description Content Domain DNS servers Modify Remove
impexcl.local Primary domain Primary Resolve locally Modify
impexcl.ru Corporative Domain Primary Internet DNS servers Modify Remove

In customisations "hostnames" make MYFIRM.COM (press "Modify") - REMOTE.

Create local WEB site (below Control Panel SME Server).
Your external site will be accessible.

http://forums.contribs.org/index.php?topic=41934.0

[CharlieBrady]

Thats true, but forwarding as an example external port 8080 (or some other open port) to localhost port 80 might work. (??!!)

You can forward as many ports as you like, but that isn't going to make http://domain.name/ work - that will continue to try to use port 80.

[arne]

Yes, of course you access it like this http://www.domain.com:8080

(Has used to work during the last ten years I have used it, from time to time. Unless it is something special with the sme server, it should work for this server as well. Haven't noticed it until now.) 

For some reason I dont exactely know you can not do the same with https. This will generally not work: https://www.domain.com:445
(Don't know exactely why it does not work, but guess it has something to do with the encryprion. Smoothwall does https for admin on port 441, so it is actually possible to use https on an alternative port, but I don't know excatly how.)

****
Well, I se that /etc/httpd/conf/httpd.conf specifies 443 for https. I guess it could be possible to change this as well, "the sme server template way".

****
By the way .. a practical way of running a web server on an alternative port is to just store only a webpage, on an alternative external server, that contain only a frame that will call up the wep page using the alternative port.

[arne]

Something like this on the external server that will "hold" your webserver inside a frame (So it will look like your webserver is running port 80, even though it does not.)

index.html

<html>

  <head>
   <meta name="keywords" content="mydomain.com">
  </head>

  <frameset rows="*,0" framespacing="0" border="0" frameborder="NO">
    <frame src="http://myname.dyndns.org:8080" name="mydomain.com" scrolling="auto" noresize>
  </frameset>
 
</html>

[JoshuaR]

Hi,
Thanks for all the responses. 

To check if there is any open ports: https://www.grc.com/x/ne.dll?bh0bkyd2

Yeah I just did a port scan, all commons like 80, 25, 21 etc are stealthed.

That is likely to be just a waste of time. Just work out exactly what the problem is and then fix it (if you can - if your ISP is blocking port 80 inbound you won't be able to fix it).

I'm pretty sure my ISP isn't blocking port 80, I'm using the same ISP/plan at a different site and it's working ok.

Thats true, but forwarding as an example external port 8080 (or some other open port) to localhost port 80 might work. (??!!)

Might do, but that wouldn't really be a solution...

Something like this on the external server that will "hold" your webserver inside a frame (So it will look like your webserver is running port 80, even though it does not.)

Code: [Select]

index.html

<html>

  <head>
   <meta name="keywords" content="mydomain.com">
  </head>

  <frameset rows="*,0" framespacing="0" border="0" frameborder="NO">
    <frame src="http://myname.dyndns.org:8080" name="mydomain.com" scrolling="auto" noresize>
  </frameset>
 
</html>

That could work, but once again it's a workaround for the issue, and although I appreciate it, I'd rather get down to the root of the issue.
 
(and yes, I can see the stealthed ports could present a problem  )

Thanks,
Joshua R

[janet]

JoshuaR

Do
config show masq

If Stealth = yes then do

config setprop masq Stealth no
expand-template /etc/rc.d/init.d/masq
/etc/init.d/masq restart

[JoshuaR]

it says Stealth=no

I've just noticed that all the common ports are stealthed except 113 (IDENT) which is open.

[janet]

JoshuaR

What does this give
config show SystemMode

[JoshuaR]

SystemMode=servergateway

(I have configured it in the right mode )

[janet]

JoshuaR

You could try this to see if it "fixes" your issues ie enables default settings
signal-event post-upgrade
reboot

If that doesn't resolve matters, then you need to issue db commands to enable public access for various services, and/or use the server manager to enable services.

config show |more
(then press space to scroll through the settings taking note as you go)

eg
config show httpd-e-smith

which will give something like

httpd-e-smith=service
    TCPPort=80
    access=public
    status=enabled

In your case I guess access=private

so do
config setprop httpd-e-smith access public

If status=disabled
You may also need to do
config setprop httpd-e-smith status enabled

and so on etc etc for all the other services you want to be publicly accessible, and enabled
and then do
signal-event post-upgrade
reboot

[JoshuaR]

httpd-e-smith=service
    TCPPort=80
    access=public
    status=enabled

In your case I guess access=private

Actually, it's set to public 

signal-event post-upgrade

just tried that, didn't seem to work


Thanks though.

[janet]

JoshuaR

signal-event post-upgrade

plus a reboot I hope.


So you have other issues then (firewall ???).
I suggest you post a bug at bugzilla, but search first as I seem to recall this issue has already been observed/reported. Report it again anyway.

[JoshuaR]

plus a reboot I hope.

signal-event post-upgrade; signal-event reboot
always

So you have other issues then (firewall ???).

I can only assume so.
I've been inclined to think it's because it's such an old install that's simply been upgraded over time.

I think if I get desperate I'll just do a clean install and try to find a way to transfer my contribs.

[JoshuaR]

This is really very embarrassing, but I thought since so many people posted to help me I owed it to them to post back with the result (also that and I'll probably never see any of you apart from on here  )

It was so simple, my ISP was blocking the inbound ports...I know that was one of the first suggested things to check, but since I have another site with the same ISP and exactly the same plan, I assumed they wouldn't be blocking the ports because they aren't at the other site...it turns out because I am a longer standing customer they included the port blocking 'feature' along with free AV etc...

Once again thanks to everyone who helped, and my apologies for wasting time such a noob mistake