Topic: please help with native dyndns

[janet]

xavier

By default all incoming ports are closed except those that are required for services running on the SME server as configured in the various panels of server manager. Server manager settings control which services are enabled and therefore which ports will be open for incoming traffic.

By default all outgoing ports are open.

The port forwarding panel will both open an incoming port on the SME server and forward it to the specified internal host. You need to have a service running and the port active (open) on the internal host server. Port forwarding only works for traffic coming from an external location, you cannot port forward internal traffic.

To see what rules are set do
iptables -L

Please read the firewall FAQ again, more carefully this time so you understand what the usage is for.

The port blocking commands you refer to are for blocking outgoing ports only.
The IP blocking commands you refer to are for blocking all incoming access from an external IP, irregardless of what port they use.

If you wish to customize your SME firewall you need to create custom iptables rules using custom templates for masq. See the Templates Tutorial Howto for a starting point.
http://wiki.contribs.org/Template_Tutorial#masq
You will need to understand the use of iptables, so search google for iptables and read up.
This may help
man iptables

Note also there are many specific db commands to open ports on SME server for specific purposes, read all the wiki info on contribs.org especially the Firewall FAQ.
http://wiki.contribs.org/SME_Server:Documentation:FAQ#Firewall

[janet]

xavier

Please answer the earlier questions by johnp & myself re your router usage & current configuration settings. If you wish to use your router as a gateway and wireless access point, then you will need to configure SME differently eg setup a DMZ with a static IP pointing to your router.

[johnp]

I would highly suspect that your current sme configuration is nonfunctional. You need to address the basic topology before moving on to other issues.

Once you have that done, most of what I believe you desire is easily accomplished via the server-manager interface.

You may find that assigning fixed internal addresses to your PC's and connecting via a vpn before a RDP session may solve you needs, plus provide more benefits and security.

If you get the basics done and provide a list of desired functionality, there are many here that will assist in achieving your goals.

[xavier]

Current connection

1 internet "programsaremotos.dyndns.org" a dhcp router
2 of the router to assign dhcp sme sever  192.168.2.101
3  sme server eth0 192.168.2.101 of router
4 sme server lan internal  eth1 192.168.1.10
5 sme eth1 to swith
6 swith to pc windows with ip 192.168.1.100 "lan internal" with service Remote Desktop

smeserver binds via putty to ssh, the connection is correct

Remote Desktop is not Internet related "programasremotos.dyndns.org" to internal windows pc "the connection not correct" no connection

configuration in server-manager
----------------port forwarding
----rule     
protocol  TCP
source port 3389
target host ip 192.168.1.100
destination port 3389

no conexion, no gateway.... ayuda....

[CharlieBrady]

You have two levels of NAT between the Internet and your workstation. You either need to configure port forwarding in your router *and* your SME server, or you need to eliminate one level of NAT. You can do that by either:

- configure your router in bridging mode (or eliminate the router, and connect your SME server directly to a DSL modem).
- use your SME server in server-only mode, and configure port forwardings in your router to allow services to reach your SME server.

[xavier]

I connect via ssh "good"
does not ping 192.168.1.100 "internal windows pc"
result of nmap

Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-10-07 10:52 Hora est. del Pacífico de SA
NSE: Loaded 49 scripts for scanning.
Initiating Ping Scan at 10:52
Scanning 201.238.135.164 [4 ports]
Completed Ping Scan at 10:52, 0.16s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:52
Completed Parallel DNS resolution of 1 host. at 10:52, 0.16s elapsed
Initiating SYN Stealth Scan at 10:52
Scanning 201.238.135.164 [1000 ports]
Discovered open port 22/tcp on 201.238.135.164
Completed SYN Stealth Scan at 10:53, 16.00s elapsed (1000 total ports)
Initiating Service scan at 10:53
Scanning 1 service on 201.238.135.164
Completed Service scan at 10:53, 0.22s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against 201.238.135.164
Retrying OS detection (try #2) against 201.238.135.164
Initiating Traceroute at 10:53
Completed Traceroute at 10:53, 1.03s elapsed
Initiating Parallel DNS resolution of 14 hosts. at 10:53
Completed Parallel DNS resolution of 14 hosts. at 10:53, 16.50s elapsed
NSE: Script scanning 201.238.135.164.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 10:53
NSE Timing: About 50.00% done; ETC: 10:54 (0:00:31 remaining)
Completed NSE at 10:53, 31.25s elapsed
Nmap scan report for 201.238.135.164
Host is up (0.12s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 3.9p1 (protocol 2.0)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: WAP
Running (JUST GUESSING) : AVM embedded (87%), Netgear embedded (87%), Linksys embedded (87%)
Aggressive OS guesses: AVM FRITZ!Box FON WLAN 7050, Linksys WAG200G, or Netgear DG834GT wireless broadband router (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 16 hops
TCP Sequence Prediction: Difficulty=189 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE (using port 22/tcp)
HOP RTT       ADDRESS
1   16.00 ms  192.168.1.1
2   0.00 ms   186.69.248.1
3   16.00 ms  200.63.206.49
4   32.00 ms  200.63.206.2
5   141.00 ms 97.trans144.gye.satnet.net (200.25.144.97)
6   79.00 ms  84.16.10.117
7   79.00 ms  94.142.126.30
8   79.00 ms  Xe1-3-0-0-grtmiabr6.red.telefonica-wholesale.net (84.16.14.14)
9   79.00 ms  94.142.127.153
10  125.00 ms 84.16.10.58
11  141.00 ms 201.219.1.141
12  78.00 ms  201.219.0.154
13  78.00 ms  200.55.224.246
14  78.00 ms  200.55.224.246
15  78.00 ms  200.55.224.246
16  110.00 ms 201.238.135.164

Read data files from: C:\Archivos de programa\Nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 73.03 seconds
           Raw packets sent: 2104 (96.164KB) | Rcvd: 90 (5.144KB)

[johnp]

What ip address are you using to connect via ssh?
Have you tried from both eth0 and eth1 interfaces?
Can you ping both interfaces from the root console?
Can you ping the dhcp router's addresses from above?
Does the pc have a firewall blocking ping?

Read what Charlie said, if you intend to use current configuration something needs to happen in your router. Also if you want dyndns to update, this would have to take place there. I don't know why you are hesitant to try using the sme as your gateway/firewall.

One other thing I though of is if you are trying to access the sme lan from a device attached via wireless of wired on the wan side, you will need a static route in your dhcp router to tell it where 192.168.1.0 is something like 192.168.1.0 255.255.255.0 via 192.168.2.101

[janet]

xavier

I connect via ssh "good"
does not ping 192.168.1.100 "internal windows pc"

Keeping in mind that your network is not configured correctly.

On your workstation, go to a DOS prompt and do
ipconfig /all

Please paste the output (in full) here


Also on your server do
ifconfig
and show the full output here

[xavier]

the connection is
by (dns or ip) the router     (dns or ip)=dhcp = external ip
the router to sme server
sme server firewall gateway to internal computer with windows server 2008 "Remote Desktop Services" = "RemoteApp, only to open an application"

ipconfig /all in windows server 2008
C:\Users\Administrador>ipconfig /all

Configuración IP de Windows

   Nombre de host. . . . . . . . . : SERVER-W
   Sufijo DNS principal  . . . . . :
   Tipo de nodo. . . . . . . . . . : híbrido
   Enrutamiento IP habilitado. . . : no
   Proxy WINS habilitado . . . . . : no

Adaptador de Ethernet Conexión de área local:

   Sufijo DNS específico para la conexión. . :
   Descripción . . . . . . . . . . . . . . . : Controladora Gigabit Ethernet PCI
 88E8001/8003/8010 Marvell Yukon
   Dirección física. . . . . . . . . . . . . : 00-11-2F-E0-3C-AD
   DHCP habilitado . . . . . . . . . . . . . : no
   Configuración automática habilitada . . . : sí
   Vínculo: dirección IPv6 local. . . : fe80::592:fbdd:ae4a:1a6a%10(Preferido)
   Dirección IPv4. . . . . . . . . . . . . . : 192.168.1.100(Preferido)
   Máscara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . :
   Servidores DNS. . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado

Adaptador de túnel Conexión de área local*:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS específico para la conexión. . :
   Descripción . . . . . . . . . . . . . . . : isatap.{9F0B80AF-7B1E-4341-A978-D
E235E05D5C4}
   Dirección física. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP habilitado . . . . . . . . . . . . . : no
   Configuración automática habilitada . . . : sí

Ping in windows server 2008
C:\Users\Administrador>ping 192.168.1.10

Haciendo ping a 192.168.1.10 con 32 bytes de datos:
Respuesta desde 192.168.1.10: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.1.10: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.1.10: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.1.10: bytes=32 tiempo<1m TTL=64

Estadísticas de ping para 192.168.1.10:
    Paquetes: enviados = 4, recibidos = 4, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mínimo = 0ms, Máximo = 0ms, Media = 0ms

ifconfig in linux
[root@servidor1 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:E0:7D:A8:41:28
          inet addr:192.168.2.101  Bcast:255.255.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:818 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20852 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:184137 (179.8 KiB)  TX bytes:1723280 (1.6 MiB)
          Interrupt:209 Base address:0xd800

eth1      Link encap:Ethernet  HWaddr 00:40:F4:2F:5F:30
          inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:80 errors:0 dropped:0 overruns:0 frame:0
          TX packets:158 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6870 (6.7 KiB)  TX bytes:16326 (15.9 KiB)
          Interrupt:217 Base address:0xd400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1641 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1641 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:173605 (169.5 KiB)  TX bytes:173605 (169.5 KiB)
Ping in linux
[root@servidor1 ~]# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.

remains and not connecting for ping

[johnp]

Puerta de enlace predeterminada (that would be default gateway) seeing as you have non...how can the pc respond to any other subnet?

In your case, it should be 192.168.1.10

[xavier]

sorry for the grammar........

dyndns domain is not updated ip the router dhcp 192.168.1.103 and not the internet
any scrip for updating the ip automatically, only works once the update last week, no longer updates
dyndns domain the connection setup to install, with the respective data is not connected.
any recommendations, thanks .......

[xavier]

note:  if the page the domain is updated,,,, only with the ip 192.168.1.103 (router ip),,not with the internet ip..........

[janet]

xavier

Does your router have a dyndns client ?
If so you need to configure the routers dyndns client to update dyndns with your dynamic IP.

If your router does not have a dyndns client, then you need to install ddclient on your sme server, and reconfigure your sme server in "server only" mode.

Read Charlies earlier post re your two options.

[xavier]

thanks ...... configuration in the router of the dyndns, operation good
connection and gateway and ssh, good!!!!!
thanks friend's...............................

[xavier]

...........................................