Topic: Network security

[leiw]

Hello

We have two subnet 192.168.0.0 / 27 and 172.16.0.0 / 23, our smeserver at 192.168.0.0 subnet, we want 172.16.0.0 to access smeserver via web, so I add 172.16.0.0 / 255.255.254.0 in Local Network option but failed, please see the following image:

[jysse]

Hi,

I think that that you have to give router's ip. In other words what is the ip of gateway that is between 172. & 192. networks.

jysse   

[janet]

leiw

The Local Networks panel is for adding "local" networks, not remote networks.

You say "we want 172.16.0.0 to access smeserver via web", which sounds like it is remote to me.

You need to setup OpenVPN or similar see
http://wiki.contribs.org/OpenVPN_Bridge

[CharlieBrady]

You say "we want 172.16.0.0 to access smeserver via web", which sounds like it is remote to me.

172.16.x.x is not an intenet address. As OP says, it's another subnet, so presumably local - he/she just needs to provide the router address, just like the red text says ("must contain a valid IP number and must not be blank"). It actually needs to be a 192.168.0.x address (directly reachable from the SME server).

OP will probably have fewer problems if he/she uses /24 and /16 netmasks.

[leiw]

172.16.x.x is not an intenet address. As OP says, it's another subnet, so presumably local - he/she just needs to provide the router address, just like the red text says ("must contain a valid IP number and must not be blank"). It actually needs to be a 192.168.0.x address (directly reachable from the SME server).

OP will probably have fewer problems if he/she uses /24 and /16 netmasks.

Here is simple diagram:
Lan (172.16.0.0 / 23) > 172.16.0.1 Firewall 192.168.0.1 > DMZ (192.168.0.0/27)

Which router address have to provide ?

Thanks !

[byte]

Here is simple diagram:
Lan (172.16.0.0 / 23) > 172.16.0.1 Firewall 192.168.0.1 > DMZ (192.168.0.0/27)

Which router address have to provide ?

Neither, you will need to set up a router designed for this task, in the past I have used Coyote linux for this purpose.

[mmccarn]

Router address:

If your SME *is* the firewall, then the 'router address' should be the WAN ip (assuming the WAN ip is 172.16.0.xx).

If your SME is behind the firewall then the router address will be 192.168.0.1.

There are two issues here:
1) The SME web panel *requires* you to enter a router address when adding local networks, so you must enter one.
2) IP requires that a route be defined for any address that is not 'local', as defined by an adapter's IP address / netmask combination

Basically, what is the first stop for a packet returning from your SME server to the 172.16.0.x network (possibly the same as your default gateway)?

[CharlieBrady]

Here is simple diagram:
Lan (172.16.0.0 / 23) > 172.16.0.1 Firewall 192.168.0.1 > DMZ (192.168.0.0/27)

Which router address have to provide ?

Your firewall here is your router (between the two networks). You have shown us its two IP addresses (172.16.0.1 and 192.168.0.1). Only one of those addresses is of the form 192.168.0.x.

[leiw]

Hi

I just added the following to local network:


It is has error:

[CharlieBrady]

At the start of the thread, you tried to add 172.16.0.0, and we told you what you were doing wrong.

Now you are trying to add 192.168.0.0. SME server is quite correctly telling you that that is *already* a (in fact, the) local network.

Go back and try to add 172.16.0.0. Use router address 192.168.0.1.

And then please go and read the User Guide at least twice. If you ever get a red error message, *read* it, and try to understand it.

[ltwally]

leiw,

Here is a screenshot of what I believe you are trying to do. 

In this example, the SME server is on the subnet 10.0.200.x / 24.  (It's the second one on the list.)  As you can see, there are a number of additional "local" networks added that access it through DMZ or hardware VPN connections.

The additional networks should use the same gateway that the SME server is on.