Topic: Changing server mode

[JoshuaR]

Hi,
I've been using the same SME install since about 6.x or 7, just installing upgrades until now I'm up to 7.3.  Anyway, I've had it set up in Private Server and Gateway mode, but recently I've wanted to provide external web site access, so I've changed the mode to Server and Gateway mode, the problem is that you still can't access the web server externally.  I'm not sure whether it's because I've upgraded it from the last few versions rather than a clean install, but I was wondering if anyone else has come up against this?

[cactus]

Hi,
I've been using the same SME install since about 6.x or 7, just installing upgrades until now I'm up to 7.3.  Anyway, I've had it set up in Private Server and Gateway mode, but recently I've wanted to provide external web site access, so I've changed the mode to Server and Gateway mode, the problem is that you still can't access the web server externally.  I'm not sure whether it's because I've upgraded it from the last few versions rather than a clean install, but I was wondering if anyone else has come up against this?

Is there some other firewall in between your server and you WAN connection perhaps? Any clues in the web server log files?

[JoshuaR]

Nope, there's a router (whoops, meant modem ) in bridge mode, but the SME box is handling the PPPoE connection. I'll have a look at the log files.

edit: Can't really see anything in the log files either...

[janet]

JoshuaR

There were some earlier issues with switching from private to public modes.
Check the actual settings with
config show |more

You may see a setting that is not correct.
Search bugzilla also.


If you can install sme7.3 to another test server in server and gateway mode and compare the settings, you may identify the problem.

[JoshuaR]

Check the actual settings with
config show |more

At initial glance I can't see anything wrong...I'm thinking I'll just go for a clean install...I don't want to lose all my contribs , but I guess it's probably good to start from scratch...

[arne]

To check if there is any open ports: https://www.grc.com/x/ne.dll?bh0bkyd2

Of course it is a good ide to test with another gateway or a workstation if it does not work.

[CharlieBrady]

At initial glance I can't see anything wrong...I'm thinking I'll just go for a clean install...

That is likely to be just a waste of time. Just work out exactly what the problem is and then fix it (if you can - if your ISP is blocking port 80 inbound you won't be able to fix it).

[arne]

Thats true, but forwarding as an example external port 8080 (or some other open port) to localhost port 80 might work. (??!!)

[black_128]

Make two domains, MYFIRM.LOCAL and MYFIRM.COM (for sample). Primary domain is MYFIRM.LOCAL Make in customisations domains similarly:

Current list of domains Domain name Brief description Content Domain DNS servers Modify Remove
impexcl.local Primary domain Primary Resolve locally Modify
impexcl.ru Corporative Domain Primary Internet DNS servers Modify Remove

In customisations "hostnames" make MYFIRM.COM (press "Modify") - REMOTE.

Create local WEB site (below Control Panel SME Server).
Your external site will be accessible.

http://forums.contribs.org/index.php?topic=41934.0

[CharlieBrady]

Thats true, but forwarding as an example external port 8080 (or some other open port) to localhost port 80 might work. (??!!)

You can forward as many ports as you like, but that isn't going to make http://domain.name/ work - that will continue to try to use port 80.

[arne]

Yes, of course you access it like this http://www.domain.com:8080

(Has used to work during the last ten years I have used it, from time to time. Unless it is something special with the sme server, it should work for this server as well. Haven't noticed it until now.) 

For some reason I dont exactely know you can not do the same with https. This will generally not work: https://www.domain.com:445
(Don't know exactely why it does not work, but guess it has something to do with the encryprion. Smoothwall does https for admin on port 441, so it is actually possible to use https on an alternative port, but I don't know excatly how.)

****
Well, I se that /etc/httpd/conf/httpd.conf specifies 443 for https. I guess it could be possible to change this as well, "the sme server template way".

****
By the way .. a practical way of running a web server on an alternative port is to just store only a webpage, on an alternative external server, that contain only a frame that will call up the wep page using the alternative port.

[arne]

Something like this on the external server that will "hold" your webserver inside a frame (So it will look like your webserver is running port 80, even though it does not.)

index.html

<html>

  <head>
   <meta name="keywords" content="mydomain.com">
  </head>

  <frameset rows="*,0" framespacing="0" border="0" frameborder="NO">
    <frame src="http://myname.dyndns.org:8080" name="mydomain.com" scrolling="auto" noresize>
  </frameset>
 
</html>

[JoshuaR]

Hi,
Thanks for all the responses. 

To check if there is any open ports: https://www.grc.com/x/ne.dll?bh0bkyd2

Yeah I just did a port scan, all commons like 80, 25, 21 etc are stealthed.

That is likely to be just a waste of time. Just work out exactly what the problem is and then fix it (if you can - if your ISP is blocking port 80 inbound you won't be able to fix it).

I'm pretty sure my ISP isn't blocking port 80, I'm using the same ISP/plan at a different site and it's working ok.

Thats true, but forwarding as an example external port 8080 (or some other open port) to localhost port 80 might work. (??!!)

Might do, but that wouldn't really be a solution...

Something like this on the external server that will "hold" your webserver inside a frame (So it will look like your webserver is running port 80, even though it does not.)

Code: [Select]

index.html

<html>

  <head>
   <meta name="keywords" content="mydomain.com">
  </head>

  <frameset rows="*,0" framespacing="0" border="0" frameborder="NO">
    <frame src="http://myname.dyndns.org:8080" name="mydomain.com" scrolling="auto" noresize>
  </frameset>
 
</html>

That could work, but once again it's a workaround for the issue, and although I appreciate it, I'd rather get down to the root of the issue.
 
(and yes, I can see the stealthed ports could present a problem  )

Thanks,
Joshua R

[janet]

JoshuaR

Do
config show masq

If Stealth = yes then do

config setprop masq Stealth no
expand-template /etc/rc.d/init.d/masq
/etc/init.d/masq restart

[JoshuaR]

it says Stealth=no

I've just noticed that all the common ports are stealthed except 113 (IDENT) which is open.