Topic: Two https servers on local LAN

[bosco555]

Hi all and Happy New year...

I had to install a win-2003 server with an application requiring that the https port (443) be redirected to it.  On the same LAN I have an SME 7.4 in server only mode dealing with email/webmail/etc.

I tried the steps indicated in: http://forums.contribs.org/index.php/topic,40394.msg187403.html#msg187403,
re-directed port 4443 on the router to the SME server and port 443 to the windows box with no joy.  I have searched the forums with no joy either...

Could anyone shed some light please? Thanks in advance

gb

[mmccarn]

I presume from your post that your configuration looks like this:

  Internet
     |
   Router
  /      \
 SME   Win-2003
 
Your router probably has rules like these:

Port    Destination Host:Port    Purpose
====    ======================   ============
443     win-2003:443             special
4443    SME:4443                 webmail
25      SME:25                   inbound smtp
465     SME:465                  authenticated ssmtp for remote users
993     SME:993                  imaps
995     SME:995                  pop3s


And you've followed the instructions at http://forums.contribs.org/index.php/topic,40394.msg187403.html#msg187403 "with no joy".

Questions:
 - Have you updated your SME to include the patches from http://bugs.contribs.org/show_bug.cgi?id=1003 so that port forwarding is active in your server-only SME?
 - Can you access your win-2003 application OK?
 - Can you access webmail from off site using http://my-sme-server.com:4443/webmail?
 - Can you possibly get what you want by configuring your win-2003 server to pass traffic for /webmail to your SME server (I have no idea, I'm just asking)?
 - Can you put the SME in front of your win-2003 server and use "proxy pass" to get the combined functionality you want?
 - Can you get two IP addresses, so your SME and the win-2003 servers can both be accessed at 443?

[bosco555]

Hi there and thanks for the reply

The configuration is as you described..

1) I haven't updated with the patch you described (sorry do I download it as is??)
2) I can access the win2003 box OK (internally and from the outside world)
3) I cannot access webmail from the outside in that fashion (can't access it at all)
4) Not applicable
5) Not applicable

I think that possibly that patch will solve the problem??

gb

[bosco555]

HI All,

I have updated the server to the latest patches/fixes, but the port forwarding in server-manager still refers to the server/gateway mode.  Is there a special way to apply the above patch?

Thanks again

gb

[janet]

bosco555

You probably just did a yum update which does not update your system with the patch provided in the bug report.
I do not yet see a revised rpm in any of the repos, so you need to manually make changes to
/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/portforwarding.pm

See the attachment in the bug report, the - sign means to remove these lines, the + sign means to add those lines.
Then do
signal-event post-upgrade
signal-event reboot

Alternatively wait until a revised rpm is released.

[cactus]

See the attachment in the bug report, the - sign means to remove these lines, the + sign means to add those lines.
Then do
signal-event post-upgrade
signal-event reboot

Please do not provide advice like this, certainly not to people who have little to know knowledge to what that might do. Applying patches to SME Server core is a not supported method of updating and is not foor the noob, if you already would prefer to do so.
If you would like to apply patches then at least use the patch command, makes applying code changes much easier and more transparent. Applying patches to SME Server however most likely will not survive updates and are neither a supported method of updating. There is a reasonable likelihood you might mess up your system.

Alternatively wait until a revised rpm is released.

All packages RESOLVED FIXED should be somewhere on the mirrors, most likely in the *testing repositories. In fact this one is in smeupdates-testing (but only for SME Server 8, do not install that one on SME Server 7.x) and can be installed as root on the command line using this:

Code: [Select]

yum update e-smith-portforwarding --enablerepo=smeupdates-testingDISCLAIMER: All packages in the repositories that end on -testing are not released and are still awaiting testing, verification or official release. Be careful when installing them as they are not officially supported. When having issues with them post in the bugtracker and not in the forums.

Unfortunately since this is a new feeature it is only implemented in SME Server 8. If you desire this fix on SME Server 7.x as well, please clone the relevant bug (if there does not already exist one) and state your plea there.

[mmccarn]

Unfortunately since this is a new feeature it is only implemented in SME Server 8.

Oops; sorry for the mis-direction!

bosco555:

Can your router do port redirection all by itself (some can, some can't)?  That is, can you simply tell your router to redirect port 4443 to port 443 on the SME server?  If so, you don't need to do anything on the SME at all...

Otherwise, you would either need to figure out the required modifications to /etc/rc.d/init.d/masq and create a custom template for them, or you need to switch your SME to "server-gateway" mode.

Here is another forum conversation about this from a while ago: http://forums.contribs.org/index.php/topic,39815.msg183243.html#msg183243

That user modified his router to support port translation (4443 -> 443), but at the time, I'm pretty sure I successfully set up a port forward manually on a server-only SME - that is, the manual command worked, but the web interface refused to do anything due to "server only" mode.

You may be able to get your SME to work in server-gateway mode like this:
- set the current LAN IP as the WAN IP
- set the LAN IP to something innocuous (a private network that you don't use anywhere - such as 10.10.10.0/24)
- add your current LAN as a "local network" in server-manager.
- create the desired port forwarding rule
(warning: this seems to me like it would work, but I've never tried it)

[cactus]

You may be able to get your SME to work in server-gateway mode like this:
- set the current LAN IP as the WAN IP
- set the LAN IP to something innocuous (a private network that you don't use anywhere - such as 10.10.10.0/24)
- add your current LAN as a "local network" in server-manager.
- create the desired port forwarding rule
(warning: this seems to me like it would work, but I've never tried it)

Since I guess the users already behind a firewall the other way around is more sensible as when the network is connected to the WAN side all traffic like windows network shares is blocked., connecting to the LAN side (leaving the WAN side disconnected) would allow for this AFAIK.