Topic: Multiple IP addresses on one physical interface routed internally to hosts

[f21970]

Hi folks,
Please have patience with me and speak in simple language as I'm a total newbie with sme!

I have an SME server connecting my internal clients to the internet.  I need to enable routing from multiple external addresses to multiple internal hosts. 
e.g. I have an additional external ip address and want clients to be able to attach to that ip address and route through to a terminal server farm internally. 
I have around 3 services which sit behind the SME which I need to provide external access to.

I haven't a clue where to start.  Please help me!

[janet]

f21970

sme server only supports one external IP

[janet]

f21970

Not sure what you exactly want to do, but you can proxypass many domains (via sme server) to different internal or external servers

[f21970]

Is it not possible to configure virtual ethernet cards?  I'm certain I read about it in these forums, but couldn't quite follow the logic of how it's done.

[f21970]

What's proxypass?  I've got an external ip address 10.8.10.1 (for instance) to which I route traffic for webmail.  So the client would type in 10.8.10.1/webmail to access their webmail.  I need to be able enable clients access from the big wide world to a couple of terminal server farms which are hosted internally, and for file access to a server which transmits via secure client on port 45678 (for instance).

[Stefano]

then you need the port-forward panel..

again, as mary said, it will work only for the SME's external ip

anyway, as you define yourself as a newbie, please take some time to read carefully the documentation

hth
ciao
Stefano

[f21970]

So, if I bring all the traffic into one ip address attached to one interface on the SME server, then create port forwarding rules which redirect the traffic to the relevant internal addresses, this then redirects the traffic dependant upon which port it come in on?

[Stefano]

yes..

you can forward
external_ip:44444 to internal_ip1:3389
external_ip:44445 to internal_ip2:3389
external_ip:44446 to internal_ip3:3389

and so on..

Ciao
Stefano

[janet]

f21970

...this then redirects the traffic dependant upon which port it come in on?

yes, see Port Forwarding panel in http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11


re proxypass which is really designed to forward http port 80 and https port 443, see
http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass

[janet]

f21970

Rather than using different external IPs, you can setup multiple virtual domains and use those to connect to different services or hosts.
sme supports unlimited virtual domains on the one external IP, and you can configure the domains panel to redirect where the domain finds its content, or create custom templates to redirect requests (for more specific control).

[f21970]

yes..

you can forward
external_ip:44444 to internal_ip1:3389
external_ip:44445 to internal_ip2:3389
external_ip:44446 to internal_ip3:3389

and so on..

Ciao
Stefano

What happens in the case of two Terminal Server farms running inside the network that I want to bring people through to?  I've got one which should only be used by teachers, and one only by students.  Would I have to give out a registry hack to run to change the port for RDP for one group?

[f21970]

f21970

Rather than using different external IPs, you can setup multiple virtual domains and use those to connect to different services or hosts.
sme supports unlimited virtual domains on the one external IP, and you can configure the domains panel to redirect where the domain finds its content, or create custom templates to redirect requests (for more specific control).

Thanks Mary, you're being brilliant.  I've had a look at the virtual domains section in the user panel, and can only see that I can forward to a website, whereas I need to forward to a server service...  I'm not certain what you mean by custom templates.

[Tib]

f21970

Here is an example

External IP address 203.215.236.25 ---> SME ----> App1 192.168.0.20:562
                                                              -----> App2 192.168.0.30:8080
                                                             -----> App3 192.168.0.40:485

So if you want to access App1 from net then you would enter 203.215.236.25:562 ... you would get the App1 machine here
App2 would be 203.215.236.25:8080 ... and so on.

As long as the relevant ports are forwarded to the correct machine.
You can only port forward a particular port to one machine ... you cannot port forward eg: port8080 to two different IP addresses


Regards,

Tib

[f21970]

Hi Tib,

Thanks for the advice - so, for instance I would add:

Protocol Source Port(s) Destination Host IP Address Destination Port(s) Action
TCP        3389             192.168.110.22              3389                        Remove
TCP        12345            192.168.100.5              12345                       Remove

Have I got the right idea?

[Tib]

f21970

That is correct


Regards,

Tib