Topic: sme in gateway-server mode does not connect to the internet

[Agent86]

Hi,

Subject:
SME connection to contrib.org and internet fails


I've been running sme in gateway mode with a public static IP for years and the server almost ran unattended for I'm guessing at least 5-7 years with little or no monitoring
I am now going to experiment with dynamic IP's and currently changed ISP's to fios residential service.

Anyhow the configuration seems straight forward in that I set both internal and external DHCP selections as outlined in the instructions

The fios router is a 4 port/wireless with coax to the internet
 
I have a very basic sme server setup.
---router---sme----switch---clients

I give the sme server an internal ip address that it not in use as defined in the instructions
router DHCP is turned on for internal network,
The only connection on router is the sme server to a lan port on the router, and the coax to the internet
sme is set for DHCP on for internal network IP's as well
sme external DHCP option 2 is selected

Testing of Internet connection to contrib.org fails

Before posting logs and things I was wondering about how the external sme nic works. I had assumed it works like a standard lan device just plug it into the lan on the router should be no big deal ? so I thought ?

When i using the old static IP before I just put the info from the ISP in the external info like IP/gateway/mask etc.
And all the physical connections are the same as they were, only thing that changed is from static to dynamic ISP

Setting external to DHCP option 2 I assumed it would get this info automatically from the router ?

If so ? then I'm sort of answering my own question in that the router does not seem to be distributing this information for my sme server.

If not then I would appreciate more information about this
Thanks

[cactus]

You need to define the external interface as a static IP address on your router and server, then you need to forward all (or only the relevant ports like mail, web and ftp, ssh) to the fixed IP address. Your external IP address is not assigned to SME Server but too your router.

[Agent86]

You need to define the external interface as a static IP address on your router and server, then you need to forward all (or only the relevant ports like mail, web and ftp, ssh) to the fixed IP address. Your external IP address is not assigned to SME Server but too your router.

I think I see
So the router needs to assign a static IP on the lan or a reserved IP for the sme external connected to it right ?
And the sme server needs to be given that same static IP address that you reserve in the router ? and change my selection to static NOT DHCP option #2

And to confirm that no public IP or public gateway info will be configured in the sme server but only a single static IP similar to configuring a printer on the lan and reserving and address if I wanted to use that comparison ?

Thanks for the help on this
I think I get it but need just a little further encouragement in my understanding of this.

[Agent86]

After looking at disabling the dhcp in the router to create a static ip address, I found that this would disable the verizon TV guide, and on demand settings etc. So I have to leave the DHCP server in the router on, but will look into trying to set a static ip or reserve for the sme server. Will that work ?

Also something is confusing me in the sme configuration process -
After I select an external IP address for the sme server it asks for a gateway address to connect to the internet ?
Is this the gateway on the router public gateway or just another IP address within the router IP lan table ?

Sorry about this I'm sure I actually use to know these answers but it's been so long since I setup a server I forgot it all.

[johnp]

Router make and model is always helpful. I'm just assuming this may be your setup.

internet--fios router(performing nat)--outside nic--sme--inside nic

If this is the case, the subnets on the outside and inside need to be different. The outside nic should be set statically with a gateway value of the router. Somewhere in the router should be a spot to open all ports to the statically set value. This is often called default dmz server.

The dynamic dns update will have to be done by the fios router.

[Agent86]

Router make and model is always helpful. I'm just assuming this may be your setup.

internet--fios router(performing nat)--outside nic--sme--inside nic

If this is the case, the subnets on the outside and inside need to be different. The outside nic should be set statically with a gateway value of the router. Somewhere in the router should be a spot to open all ports to the statically set value. This is often called default dmz server.

The dynamic dns update will have to be done by the fios router.

Router is Actiontec aka Verizon MI424WR-Gen2

I have a very basic sme server setup.
---router---sme----switch---clients

gateway value of the router ? meaning the public gateway such as 96.240.xxx.x or whatever the router shows
and I'm not sure what opening the ports for the static set value would do ? shouldn't the sme server at the very minimum be able to connect to the inernet just like any PC plugged into the router ?  as long as the external IP address is within range of the router lan table ? Just like any PC ? Or is it because it's more of an acting WAN then a Lan for external nic ?
I would be happy with dhcp turned on in the sme server for the external nic but the sme server could not connect that way ?

I'm trying to understand it and doing lots of reading but I'm obviously missing something and also lost a lot of info since I have not used it in a long time.

Thanks for the help.

[Stefano]

Agent86, connect a windows client directly to the router (with dhcp active) and tell us the ip it gets

[Agent86]

Agent86, connect a windows client directly to the router (with dhcp active) and tell us the ip it gets

I don't have a windows computer here right now but the IP addresses for any client plugged into the router gets and IP address within the range of 192.168.1.2 through 192.168.1.20 because I set the IP range in the router to 2 through 20 but it was set to 250 by default or something like that.

Anyhow any windows computer would get the same IP from the DHCP of the router within this range

However from in the router configuration pages I do not see the sme server on the list of connected devices at anytime for some reason no matter what external IP/gateway/mask I give it or if it's set for DHCP externally the router does not see it on the list unless I plug the internal sme nic to the router and then I see it on the list but never the external connection.
I'll keep reading thanks

[johnp]

Set you outside nic to a value outside your range. Something like 192.168.1.254 255.255.255.0 the gateway will be 192.168.1.1 by default for that router. I don't know if it will show up in the list as I have seen some routers only show what has been assigned dynamically.

Your inside addressing scheme cannot be 192.168.1.X so if that is the case change it. Go to the DMZ host section in the firewall settings and put 192.168.1.254 as the value.

[Agent86]

Set you outside nic to a value outside your range. Something like 192.168.1.254 255.255.255.0 the gateway will be 192.168.1.1 by default for that router. I don't know if it will show up in the list as I have seen some routers only show what has been assigned dynamically.

Your inside addressing scheme cannot be 192.168.1.X so if that is the case change it. Go to the DMZ host section in the firewall settings and put 192.168.1.254 as the value.

OH WOW ! I think i got something here

Thanks

So the nic external has to be outside the router lan ip table, but in the same format such as 192.168.1.x
And the internal IP ranges of the sme lan side must be a totally different format such as 10.1.10.x or something or even perhaps 192.168.5.x or something right ?

Then the gateway must be the actual router IP that you use to login to the router same thing

Ok I am on the Internet through the switch-sme-router-internet   
Thanks a bunch
I will put this in my notes.

Now I can revisit the dynamic DNS topic again
I saw some settings in the router itself to select this so I may not have to do anything special just setup the no-ip or some such service for making the changes

[johnp]

Yes, the setup for dynamic dns is in the router. There is no easy way to do it on the sme since the external address it sees, never changes.

[Agent86]

Now that it's working I want to understand more about why it's working.

Why does the external nic go through the router to the internet when it's ip range is outside that of the lan ip range ?
Is this because once you put that IP in the DMZ that the router's lan IP range does not matter for that connection any longer ?

Additionally, I temporarily changed my domain settings at yahoo to point to the public dynamic IP.I know this will change as soon as I restart the router or maybe sooner but wanted to see if this will provide a temporary fix.

Anyhow can someone test this link to see if it's working

www.foolishlys.com

Should see (This web site is under construction)

Thanks

[johnp]

Your external address, is not outside what your mask allows.  A /24 or 255.255.255.0 , allows for a network with hosts(computers) from .1 to 254.  As the mask is directly related to a binary value, a mask of 255.255.254.0 would double the amount of hosts. The next possible value for the mask would be 255.255.252.0, and this would quadtriple the amount of hosts.

I see the under construction. Starting on an odd value, seems stupid to me. For my customer's. I at the minimum I setup at least a /22 differential between sites.

[Agent86]

Thanks

[Agent86]

I had another question but wanted to delete it because I found the answer but how can I delete it there is no delete feature that I can see