cipandales
It seems to me that the easiest and simplest approach would be to just use 1 external IP for your common gateway/firewall, then share that to your two local networks, and reconfigure your SME server to server only mode.
Alternatively use the one SME server as gateway & firewall connected to a bridged modem, and then add your second network to the list of trusted local networks.
If you want to continue using both external IP's for reasons not revealed, then you will need to look at iptables.
Playing around with iptables rules and making changes to your existing gateway/firewall SME server, can create an insecure server, so you really need to know what you are doing with iptables before doing anything. There have been discussions in these forums by the user arne re how to completely remove the default iptables settings and replace them with something different. This approach is certainly not recommended and you are bound to have issues later, but those posts may assist you to understand the nature of the issue, so search on that author.
You can review the existing default iptables settings with
iptables -L
do this on a server gateway and a server only configuration, and you will see the differences between modes, but these differences are not really what you want as you still need firewall in place for your SME server.
Have a google and do a lot of reading on iptables before you do anything.
If you do not implement the rules in the right order you may appear to have achieved what you want, but have actually created an insecure server.
I have not looked closely, but most likely the existing template structure can be utilised via custom templates to create different rules for local versus external.
Read the Developers Manual for more understanding.
http://wiki.contribs.org/SME_Server:Documentation:Developers_Manualand see
http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual#Managing_the_firewall
7 Replies
2278 Views