Topic: SME Server - Multiple domains, multiple gateways

[TrevorNWatson]

We currently have 4 servers in our back room that we are hoping to replace with a single SME Server. 

I've set up the server, configured the domains, moved the sites, moved some of the email via imapcopy, but am running into an issue when I try to make the websites live.

I'm currently only attempting to make the websites live (port 80 in all cases).  We currently have a modem that goes to a switch, plugged into the switch are 4 routers, each with an external static IP address and a different internal address.

                        -> Router A -> Server A
Modem -> Switch -> Router B -> Server B
                        -> Router C -> Server C

When installing SME server, I used Router B as the Gateway and when I change the port mapping on Router B to point to the new server, it works fine (I'm guessing because SME Server sends all traffic through Router B since it is it's gateway).

However, when I attempt to change Router A or Router C to point to the SME Server, it does not serve up the web-page.  (I'm guessing still because SME Server is trying to send through Router B, but could be wrong).

I've changed my host file on my laptop to point to the internal address with the domain names and the server will serve the pages fine in that case, but when attempting to set up the routers, it fails.

All 3 routers can see the new SME server (via ping).

Is there a way to configure SME Server to serve the web-pages to all routers?

If SME Server is always going to send through the gateway, would it be possible (not logical ) to go modem -> router A,B,C -> SME Router -> SME Server and use a new "SME Router" for the gateway to the server?

Any assistance would be greatly appreciated.

[purvis]

Your initial way is what i am doing at one location. I have only two routers with two servers and each are on their own separate wired lans and each have their own wan ip address.

Do each of your servers have their own wan ipaddress.
Are your user account names on each server the same.
Which server do you use as email server or how do you use email servers.
It would be probably better to say a little more in detail what you actually want to do.
There are ways to do things and each has it pros and cons.

[TrevorNWatson]

Each server currently has it's own external IP address that each router routes to the correct server (which will all be the new SME server at some point).

On the old servers, the usernames varied depending on who was doing IT at the time (being an inherited network). it could be first initial/last or just first.  On this server, each domain gets a prefix and then the initial/last name (so bus_twatson, bus2_twatson).  Then each user gets pseudonyms for their accounts (so twatson@bus1.com goes to bus_twatson and twatson@bus2.com goes to bus2_twatson)  (that's from another post found on these forums).  So email _SHOULD_ be okay.

Right now, the biggest issue I'm having is that only one website can be hosted by the server successfully (the one that uses the gateway).

Right now, we want to go from

          -> (external IP 1) Router 1  -> Server 1
Modem -> (external IP 2)  Router 2  -> Server 2
          -> (external IP 3)  Router 3  -> Server 3

to

          ->  (external IP 1) Router 1
Modem ->  (external IP 2) Router 2  -> New Server
          ->  (external IP 3) Router 3

[purvis]

From what i understand and not have done, is that you could setup the server to be used as gateway and smeserver could handle the separate ip addresses to point to different servers.
Which is what i was trying to do without smeserver being setup in gateway mode. I prefer the cheaper consumer routers in my smaller office setups and run smeserver in server mode.
I think there are routers you can buy(likely very expensive) the will transfer different wan ip addresses to different sme servers.  I know that you do not want this either.

i am no suggesting you to do this but i figured i would just through this in
to redirect webserver2 to the internal web site of 192.168.1.102    1921.168.1.102 is the location of webserver2 from a sme server in server mode.

Code: [Select]

db domains set webserver2.com domain
db domains setprop webserver2.com Nameservers internet
db domains setprop webserver2.com ProxyPassTarget http://192.168.0.192/
db domains setprop webserver2.com TemplatePath ProxyPassVirtualHosts
signal-event domain-create webserver2.com

to delete a domain
db domains delete webserver2.com
signal-event domain-delete webserver2.com


i had problems with the above on accessing any port not being 80

But to the poster, if you are NOT going to use the smeserver as a gateway computer and wanted to use the 3 routers for forwarding 3 external ipaddresses.
It would seem to me that it would work.

FYI get Proxmox VE virtual server software and a computer with a blank drive and do some testing on virtual machines.

[janet]

TrevorNWatson

Is your sme server configured in "Gateway & Server" mode, or in "Server only" mode ?

In Gateway & Server mode sme server only supports one WAN IP.

You would need to use a Modem/Router that supports multiple incoming connections & mutiple public IP's, and routes them to one WAN IP that connects to the WAN port/NIC on sme server.

Alternatively reconfigure external DNS records to point multiple external IP's to one IP that sme server uses. sme server is capable of managing and resolving multiple hosted domains that use one WAN IP. That's what it is designed to do.

[CharlieBrady]

You would need to use a Modem/Router that supports multiple incoming connections & mutiple public IP's, and routes them to one WAN IP that connects to the WAN port/NIC on sme server.

That wouldn't help, because SME server has no way to use different (WAN)  default gateway depending on which hostname was accessed.

Alternatively reconfigure external DNS records to point multiple external IP's to one IP that sme server uses.

I think you mean "multiple names to one IP".

[janet]

CharlieBrady

I think you mean "multiple names to one IP".

Yes Charlie that's what I meant to say, the brain & the fingers got disconnected temporarily.

TrevorNWatson
There is no real need for seperate external IP's, as sme server can provide what you are after using one WAN IP (which is all it supports).
Add your additional domains in the Domains panel & sme will resolve those domains correctly.

[TrevorNWatson]

Thanks for all the responses so far!

If we do move all the domains back to a single IP address, can we still have reverse DNS entries for all the domains?  We've had issues with some of our clients refusing emails based on the reverse DNS lookup not being set-up.  So we've set them up for each domain/IP combination. 

Additionally, if the servers had different IP addresses, I could easily switch back to an old server in case of emergency, crash or me breaking the current server by switching the internal router rather than updating a DNS entry and waiting for it to proliferate.



The server is currently set to Server-Only

The domains are set up as follows (i-tools is the one that is working):


The network settings are as follows (i-tools is the domain that uses the router assigned 1.16, the other 2 are 1.1 and 1.3  (the ones that don't work))


The local network is set up as follows (and the routers CAN ping the server, so it's not a bad netmask (which i usually get wrong, but the 1.x network is fully available)

[CharlieBrady]

If we do move all the domains back to a single IP address, can we still have reverse DNS entries for all the domains?

Reverse DNS is not for domains. It's for IP addresses. An IP address can only have a single reverse lookup.

[TrevorNWatson]

Reverse DNS is not for domains. It's for IP addresses.

Bleh, that's what I meant to type.  Too early in the morning yet.

An IP address can only have a single reverse lookup.

So if we switch back to a single IP address for all domains, we may not be able to send email out to all of our clients.   I wonder if we even deal with the people that were giving that grief anymore >.>

[TrevorNWatson]

I just found this forum post that details how to set up a single router for multiple IP addresses using DD-WRT.
http://www.techenclave.com/guides-tutorials/multiple-public-ips-one-router-37283/

I think I'm going to dig up a router that will support DD-WRT and see if I can get it to work that way.  This way, I can have a single internal IP address that acts as the gateway and the router will deal with the proper routing hopefully.

I'll let you know how it goes.

Thanks again for your time.

[jameswilson]

I use the rdns for a server we have in a data centre. We have multiple domains on it. I think the rdns check just checks it has an entry etc not that it matches. Else i would have problems with emails which i dont

[CharlieBrady]

I just found this forum post that details how to set up a single router for multiple IP addresses using DD-WRT.

That's only part of the puzzle. That recipe only allows you to forward each external IP address to a different LAN address. If you point them all to the same LAN address, it won't work.

What you want is very difficult, and probably beyond your capabilities, and if not, then almost certainly more trouble than it is worth.

[purvis]

Charlie,
He wants to try. I am interested in his out come. Even though telling him it is likely difficult might be the right thing to say.
Good Luck to him and looking for a response some time in the near future Trevor.

[TrevorNWatson]

Thanks for all your help on this.  It looks like I will have to either look for another Linux distro that isn't quite as locked down as SME Server or *shudder* go to IIS (this is surprisingly easy on IIS, but licensing can be expensive).

We really like the way SME Server works and looks, but there's something in it that's stopping me from figuring it out.

Just for the record, the last thing I tried, which seemed logical to me, but I guess still runs into something in SME server (what, I don't know and can't find).

I bound the ethernet card to a 2nd ip address using

Code: [Select]

ifconfig eth0:0 192.168.1.31 broadcast 192.168.1.255 netmask 255.255.255.0then tried to route it through the 2nd router by using

Code: [Select]

ip route add 192.168.1.31 via 192.168.1.2 dev eth0:0
I then cleared all iptables rule

Code: [Select]

iptables --flush
and added 3 rules that allow all traffic

Code: [Select]

iptables -I FORWARD -s 0.0.0.0/0 -j accept
iptables -I INPUT-s 0.0.0.0/0 -j accept
iptables -I OUTPUT -s 0.0.0.0/0 -j accept
At this time, I can ping both IP addresses and visit the sites ON THE INTERNAL NETWORK at http://192.168.1.30 AND http://192.168.1.31

I switched the port forwarding on the routers and still had the same issue, the main gateway allows the sites to be visited, the 2nd gateway doesn't allow traffic through.

I don't know where the rule or setting that is blocking that traffic (maybe in masq somewhere?) or if it's even possible.

I wonder if I put the server directly online and just didn't use the hardware firewall if that would work.

Oh well, I guess I'll have to leave it at this.

Thanks again for your help.