Topic: New Server being setup

[RKB]

Good Morning,
It's a typo,
I have eth0 going to the Modem and Eth1 going to the network switch

[electroman00]

Good Morning,
It's a typo,
I have eth0 going to the Modem and Eth1 going to the network switch

Should be eth1 going to the Modem and eth0 going to the network switch

[RKB]

Hi,
Well I rarely do this, I have given up trying to install SME in Server/Gateway mode.

I ditched the Cisco Switch and the NetGear DG834 Modem Router, replaced them with a Belkin modem and a Belkin Switch.

I could get the the Network leg of the Server \ Gateway working fine.
I could get the External Leg to connect to the Internet, but I am incapable of getting the Network to connect to the Internet through the server.

I am using SME in server only mode and I hope that this will not compromise this great product.

I would like to thank all of those that posted info in an effort to help me.

Cheers

Ron

[mercyh]

Be sure that you do not forward all ports to the server from the router in this setup. You should forward only the ports that you need.

[mercyh]

The most secure setup possible is to have the server in server/gateway mode on an entirely separate segment of your network (not physically connected) with a connection made to the LAN side of the server only when administration tasks are performed. This is true of any server or workstation that is directly accessable from the Internet (not just SME).


That being said, you need to assess your own risks on your network and balance risk/ease of use. As per SMOLT here: http://smolt.contribs.org/stats.html more then 1/2 of all SMEs are deployed in server only mode. (This may just mean that more then 1/2 of the SME admins don't fully understand the risks but I do not personally know of anybody that has had their network compromised because of this configuration.)

Good luck and welcome to the community

[Agent86]

Hi,
Well I rarely do this, I have given up trying to install SME in Server/Gateway mode.

I ditched the Cisco Switch and the NetGear DG834 Modem Router, replaced them with a Belkin modem and a Belkin Switch.

I could get the the Network leg of the Server \ Gateway working fine.
I could get the External Leg to connect to the Internet, but I am incapable of getting the Network to connect to the Internet through the server.

I am using SME in server only mode and I hope that this will not compromise this great product.

I would like to thank all of those that posted info in an effort to help me.

Cheers

Ron

Assuming you have the DHCP setting enabled on your SME Gateway/Server and no internet access to local network.
Turn off the DHCP services on the router if it is turned on and see if you can access the internet.
Considering that your setting a static IP on your external SME ethernet connections then I believe the DHCP of the router should be turned off in order that the router will not try to provide an IP to the external connection of the SME ethernet port.
The static IP and Gateway IP settings of the external SME ethernet should match the static IP and Gateway IP provided by your ISP and this will be 2 separate addresses.

I hope this helps.

[RKB]

Assuming you have the DHCP setting enabled on your SME Gateway/Server and no internet access to local network.
Turn off the DHCP services on the router if it is turned on and see if you can access the internet.
Considering that your setting a static IP on your external SME ethernet connections then I believe the DHCP of the router should be turned off in order that the router will not try to provide an IP to the external connection of the SME ethernet port.
The static IP and Gateway IP settings of the external SME ethernet should match the static IP and Gateway IP provided by your ISP and this will be 2 separate addresses.

I hope this helps.

Thanks for the reply,
I have had the DHCP shut down, but problem lies here;
The static IP that my ISP has given me is 60.240.199.106 / 255.0.0.0
The ISP Gateway IP 202.7.162.157

The external leg of the SME Ethernet will not take these numbers it changes the Gateway IP to 60.240.199.1, therefore I can not match up the details as you suggest. I have tried a number of options that I can not get to work. I know it's not the program as many have gone before and made it work. It's me or my hardware.

[Agent86]

It's likely a setting in the setup, I recall this subject when installing SME server on a new server recently.Some setting turned on, or off, I'll install SME on a desktop to see if I can duplicate this again to find out what setting you can change. So that the Gateway does not adjust itself. I can't remember what caused this on one of software installs,but I do remember I changed a setting and it stopped doing that.
I'll post back later today sometime. While I diagnosing a problem with my restore job.

[electroman00]

The static IP that my ISP has given me is 60.240.199.106 / 255.0.0.0
The ISP Gateway IP 202.7.162.157

That information from your ISP does not get entered into SME.
SME will need a STATIC IP ASSIGNMENT

Can you provide us wit this information....

ifconfig

[Agent86]

Good Morning,

Thanks for your questions,

Here's the picture,
When in Server only mode;
Router
to
Cisco Switch and it has the Computers on the network and the SME (external) Ethernet Cable plugged in.

When in Server Gateway mode
Router
to
SME Server (External) ethernet card
from
SME Server (Network) ethernet card to Cisco Switch
The rest of the network in also into the Cisco Switch.

For some reason when I use the SpeedStream Router the Router can not be seen on the Network, but the NetGear router can be seen, I do not believe this is a SME issue just something in the hardware.

When in the Server / Gateway mode I think the settings in the router 'fight' the settings in the SME Server /Gateway.

Are you saying to me 'forget' using SME in Server / Gateway mode, just use it in Server Mode

I believe your problem is that you have your router going to the external SME ethernet port. And if you turn off the router DHCP and do not assign a static IP to the router to get out to the modem/internet.
You need to test your configuration setup.
I'm assuming you can turn on DHCP in the router and plug a computer into the router and connect to the internet ?

And if you turn off DHCP to the router, then you have to assign a Static IP and Gateway for that router which is connecting to the modem.

Try pluging the external SME ethernet diirectly to the internet/modem, and the internal SME to the switch just to test your Static IP configuration.
If you cannot get to the internet with that configuration, then likely your static IP setting for your internet connection are not configured properly.

And in addition as the other poster mentioned the Gateway (202.7.162.162) is suspect.
Typically the Gateway should be something similar to the IP perhaps something like 60.240.199.1 or perhaps 60.240.199.107 or something.

I would start with the simplest configuration of external SME to modem, And internal SME to switch (standard port not link) And get things working from there.

If you cannot get access to the internet from there I would call your ISP and confirm your Static ISP configuration.
Also is your modem a standard modem with no other ports or is this modem also a router ?

Here is a sort of sample similar to the other poster:
Usable IPs:              89.124.86.66 to 89.124.86.78
Subnet Mask for all IPs: 255.255.255.240
Gateway for all IPs:     89.124.86.65
Primary DNS:             62.231.32.10
Secondary DNS:           62.231.32.11

I used Subnet Mask of 255.255.255.252 for external submask

And DNS I leave blank, cause I allow the DNS to be resolved locally etc.


Anyhow I hope this helps.

[Agent86]

One last note you may check as well.

Your Setup for the beginning of the DHCP range of your internal network also should have a IP address for the SME server outside that range for example:

Beginning of DHCP address range   10.1.10.65
End of DHCP address range   10.1.10.250

Then under Server Names in your SME config should be the location and domain of your SME server such as:

DNS server   10.1.10.15
www.myserver.com

Note the address should be outside the DHCP range as shown above.

You probably already knew this, but it's worth mentioning, along with your other hardware config, and checking your ISP static assignment from your ISP.

But in anycase I would keep the hardware configuration simple just to test the connection, and access to the internet, then you can add routers etc. in order to diagnose things a little easier.


Anyhow hope this helps.