Topic: Trouble Configuring SME Server for Remote Management

[EScottH]

Hello, all!  I am new to the community and Linux in general.  I DO have some VERY old UNIX, XENIX & VMS experience, but it is 20 years out of date.  I have searched the forums for a solution to my problem, but I haven't been able to make heads nor tails of what I have found.  With your indulgence, I will explain my setup, my goals and the problem I am having.

I noticed a drastic increase in network traffic at my residence over the past few months.  I spoke to my kids and asked them what they were doing that was causing so much usage, as I was worried about crossing my ISPs (Comcast) bandwidth threshold (250 GB/mo).  They all played dumb, even after I specifically asked them if they were using Torrent clients.  About a week later I received a DMCA complaint from Comcast, listing my IP address and a filename.  I confiscated the hard drives from all the computers on the network and found out that my daughter and her boyfriend were both using µtorrent.  The file was on his harddrive as well.  As I am sure you can imagine, I dressed them down and removed the torrent software and and files that had related torrent seeds/links.

After some research, I found out that I couldn't block torrents with my router (Linksys e2500).  Since I had an extra computer lying around, I decided to set up an SME server as a gateway with the ultimate goal of using it to monitor all network traffic, act as a firewall and possibly set up as a media server at some point in the future.

At 2:00 AM this morning I was able to successfully deploy phase 1 of the project.  This consisted of setting up the server with the default Server & Gateway options, connecting the cable modem to eth0 and the router to eth1.  Even though I have DHCP setup on the server, I am still using the router in it's default mode of providing all the networked computers with IP addresses.  I will eventually get it so the server is taking care of all the DHCP duties, but I am taking baby steps right now.

The server is running great, is attached to a dedicated UPS, along with the cable modem and router.

My issue right now is that I was under the assumption that I could access the server remotely while I am at work and that it was configured by default.  Obviously I am mistaken.  I have tried accessing it via my Windows 7 machine using a VPN, but it will not connect.  Neither can I access it via https://myipaddress/server-manager/ (403 Error).

Sorry for being so long winded, but I noticed that many of the forum questions here do not get answered immediately because people tend to be specific as to their goals.

So my question here is what am I doing wrong and/or how do I need to set the server up to accomplish remote management via browser?

Thanks so much for your patience.

Scott

[cactus]

I assume you are using the following network topology, correct?

Code: [Select]

WAN --- ROUTER --- SME Server --- LAN
My guess is your router is unable to pass through the VPN. Do you have the correct port forwarding rules in place on your router? Does your router support forwarding of GRE Protocol 47 packets?

[TerryF]

My issue right now is that I was under the assumption that I could access the server remotely while I am at work and that it was configured by default.  Obviously I am mistaken.  I have tried accessing it via my Windows 7 machine using a VPN, but it will not connect.  Neither can I access it via https://myipaddress/server-manager/ (403 Error).

Remote access via server manager - have you enabled Remote management in the server manager?

For VPN and  this is also useful

I beleive your layout is WAN -> SME Server -> Router -> LAN..

and you are right Remote Access is not set by default...

I have SME server setup as my home server using my home connection and DynDNS to overcome the issues with my dynamic IP, host a basic website, shared iBays etc etc..works great locally and remotely

You will also find it beneficial to you for the future to install SME server 8.0b6 instead of the 7.5.1 realease, 8b6 although still beta works very well in just about all situations, I am yet to have a hiccup with it as a home server and a production server in a not for profit situation..just needs a bit of reading to find out whats what

Good Luck

[EScottH]

The network topology is as follows:

WAN -- SME Gateway -- Router -- LAN

Scott

[TerryF]

The network topology is as follows:

WAN -- SME Gateway -- Router -- LAN

Scott

Have you setup remote management as described above and VPN as described above..

[axessit]

WAN -- SME Gateway -- Router -- LAN

This is incorrect, you need to use your router to connect to the internet, then connect your Windose PC to the LAN of the SME. If you want to keep your current config of PC's uninterupted to the internet while you're setting things up, just connect your PC via a crossover cable to the SME LAN and connect the SME WAN to the router. This way, the SME will respond to your PC on the private (LAN) network adaptor - it will not repsond on the WAN adaptor 'out of the box', so you can't get to the server manager to start changing the default settings for remote access etc etc. Do this before worrying about doing any router PPTP passthrough.

You should be able to test the SME internet connection from the console menu. Log in as admin on the text screen and you'll get a basic menu.

[kmccarn]

You might try opendns... opendns.com

That's how I block utorrent at my house and several businesses...

 

[EScottH]

Cactus & axessit,

My topology is WAN --> SME Server/Gateway ROUTER/AP --> LAN

I am using the SME Server/Gateway as the 1st line to monitor/regulate traffic.  All the computers on the network attach to the Router/AP.

The setup so far seems to be meeting my Phase 1 deployment goals so far.  I AM having an issue with Skype crashing on one of the computers on the network, but after reading the Skype community forums, I think it is a recent (last 3 days) Skype development.

Trex,

Thanks for the links.  I will be trying it out today.

Once I have remote management working, I am going to try switching the DHCP duties for the entire network over to the server.  Right now the Router/AP is doing that for me.

Thanks everyone for all the advice!

Scott

[cactus]

Once I have remote management working, I am going to try switching the DHCP duties for the entire network over to the server.  Right now the Router/AP is doing that for me.

I would do that earlier (and as one of the first steps), it is much easier to setup remote access (less port forwarding hassle and route additions on devices) with out the additional router in there. SME Server does a perfect job of providing DHCP.

[EScottH]

Thanks, everyone, for all the help so far.

I have made a few changes to the network and I'm going to move over to the v8 beta.  Hope to see you all over in the v8 forums.

Scott

[MSmith]

You might also look at using the free version of Untangle.

[EScottH]

I guess I spoke too soon...  I decided to keep my setup on SME 7, but I made some changes.  Here is the new network topography:

Comcast Residential 30mbps WAN :: MOTOROLA SB6120 :: SME SERVER GigaLAN (eth0) :: SME SERVER GigaLAN (eth1) :: D-Link DGS-1005G 5-Port Gigabit Desktop Switch Switch

          D-Link DGS-1005G 5-Port Gigabit Desktop Switch Switch - Port 1 :: Main Desktop System

          D-Link DGS-1005G 5-Port Gigabit Desktop Switch Switch - Port 2 :: SimpleServe 250 GB NAS / Print Server :: Samsung CLP-300

          D-Link DGS-1005G 5-Port Gigabit Desktop Switch Switch - Port 3 :: Linksys E2500 in Bridge Mode as AP

I have it set up in private server mode and everything seems to be working great.  The only issue I have now is that when I run a ShieldsUp! test, two of the ports are coming up as 'closed', not stealthed.  One is an https port, abd I can't remember the other.  I am at work until 8 AM tomorrow and I will post the actual port numbers so I can get some help closing them.  I am no longer worried about remote administration... I'll figure that out later if I REALLY need that functionality.  I'd rather have the security of a closed system.

Thanks, again, for all the assistance.  You guys are the BEST.

Scott

[MSmith]

Don't worry about the closed ports, you won't get hacked with a default SME install (i.e. no contribs). It's been well thought out by some pretty clever folks. With the setup you're describing (and I assume eth1 is the Internet-facing interface, as that's how SME does it), you should be able to enable VPN and thus connect from work and do your remote administration.

[janet]

EScottH

...or better still, create a tunnel using Putty, then connect to http://localhost/server-manager.
Very secure this way.
Search forums for how to do this.

[MSmith]

I might have been a bit terse in my "use VPN" statements ... to expand a bit, you enable PPTP VPN, connect from outside, then you're participating in the LAN and can use the server manager at http://(SME internal IP)/server-manager.

Also very secure.