Topic: Local Networks and Port Forwarding [solved]

[kozel]

I have a network that has an SME server 7.4 running as a gateway.  There are 2 physical locations with a leased T1 point to point line connecting them. The gateway is on subnet 192.168.1.x and the other subnet is 192.168.2.x.  The subnet 192.168.2.x is defined in the local networks panel. 

We added 2 DVRs, one at each location.  Within either network we have no problem seeing either DVR.  The DVR are access by an HTML page and you can specify the port.  At the SME server I've port forward 2 ports (8088 & 8089), 1 to each DVR as configured.  From outside the network I can attach to the DVR on the subnet local to the gateway but I can't connect to the DVR on the other subnet.  Doesn't port forwarding allow reference to devices located on defined local networks?

[CharlieBrady]

Doesn't port forwarding allow reference to devices located on defined local networks?

It does. Check the default gateway configured on the DVR which is not reachable via the port forward. It needs to point back to the router by which it can reach the SME server (and the Internet).

[electroman00]

You would need to proxy pass the dvr's.

http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass

Remove the port forwards and proxy pass.

[kozel]

Thanks Charlie.  The default gateway on the device is set to 192.168.2.1 which is the router at the remote side.  A trace route from the workstation on that subnet to the sme server on the other subnet correctly find it.  What am I missing?

Proxy pass, okay, I'll look at that.  The DVR on the primary sunbet works, why is the secondary different?

[electroman00]

Since the instructions in the wiki are not quite complete....

Assuming the dvr is on the local sme network 192.168.2.1

In Server-Manager select...Hostnames and addresses

Create or modify hostname
The hostname must contain only letters, numbers, and hyphens, and must start with a letter or number.

Set the following...

Hostname    dvr1
Domain    yourdomain.com
Comment    DVR1
Location    Local

Substitute dvr1.yourdomain.com & IP as needed below and run the script.

Save script proxy_dvr1.sh

Code: [Select]

#!/bin/bash
clear

# You shouldn't need to change ports if the dvr is reponding on 80 which most are.
# Substitute 192.168.2.xxx for dvr IP.

# Substitute dvr1.yourdomain.com as needed

proxy="dvr1.yourdomain.com"

db domains set $proxy domain
db domains setprop $proxy Nameservers internet
db domains setprop $proxy ProxyPassTarget http://192.168.2.xxx/ # Substitute 192.168.2.xxx for dvr IP.
db domains setprop $proxy TemplatePath ProxyPassVirtualHosts
signal-event domain-create $proxy

echo -e "proxy setup complete\n"
echo -e "In your browser you may now type $proxy"
Do the same for dvr2.

HTH

[Stefano]

Since the instructions in the wiki are not quite complete....

... you could spend some time to improve them, don't you?

[electroman00]

Don't have access or I would have...

[electroman00]

 Not sure we're clear on this...

The DVR on the primary sunbet works, why is the secondary different?

Assuming you only have one subnet per each SME's (Green) Lan Zone (no vlan).
Only way you can have 2 subnet's on one SME eth0 is to vlan.

Have you setup a vlan on eth0 ??

Otherwise...

If SME1 subnet 192.168.1.x is on one server and SME2 192.168.2.x on the other server then one is local and one is remote
from the perspective of each server.

IOW
From the SME1 192.168.1.x perspective SME2 192.168.2.x is remote and you would need to proxy to 192.168.2.x from SME1 .

While from the SME1 192.168.1.x perspective SME1 192.168.1.x is local.

Questions...

Does each server have their own registered domains???
Are you VPN'ing between them???

[kozel]

Mr. Electro:

I was in the middle of responding when you posted an update.  I think I was not clear.  There is only 1 sme server on 192.168.1.x with a 'local network' set for 192.168.2.x accessible via 192.168.1.1 (3rd party leased T1 line) to the other segment.  The other segment has 2 w/s, dvr and another router 192.168.2.1 (3rd party leased T1 line).  My original response follows.....

Thank you for your effort & the detail.  I will look into your recommendations.  If this is just to alleviate the need to port forward, it is not an issue, specifying the port for the dvr is not a problem.  It's not for public access.

At the risk of sounding argumentative, I don't understand why it is not working as is.  The dvr on the main segment is visible from outside, both are visible from within the network from either side but the dvr from the secondary segment is not visible from outside. 

One observation. The workstations on the secondary segment have never had access to the internet.  We've never complained about it because that has been a good thing.  It is as if traffic from the secondary sub net has never had access to anything outside of the combined 2 subnets.  The provider for the leased T1 line configured the routing equipment between the 2 sub nets and that is where the problem may lie.

[johnp]

Where does route 0.0.0.0 go in the router at address 192.168.2.1? Sounds like a routing issue and is likely off topic for this forum.

[CharlieBrady]

One observation. The workstations on the secondary segment have never had access to the internet.

The DVR will need to have internet access if you expect port forwarding to work.

[CharlieBrady]

Thanks Charlie.  The default gateway on the device is set to 192.168.2.1 which is the router at the remote side.  A trace route from the workstation on that subnet to the sme server on the other subnet correctly find it.  What am I missing?

How about traceroute to an Internet address?

[kozel]

I think it is becoming obvious.  Thanks all for the help. 

Z:\>TRACERT YAHOO.COM

Tracing route to YAHOO.COM [69.147.114.224]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.2.1
  2    17 ms    16 ms    18 ms  192.168.5.5
  3    46 ms    41 ms    42 ms  192.168.5.2
  4  192.168.5.2  reports: Destination host unreachable.

Trace complete.

Z:\>

[Stefano]

mmmh.. who is 192.168.5.2?

[kozel]

We have a leased T1 point to point line; I assume it is one of the routers on that line.