Topic: Want to get to server-manager from outside router

[steve288]

Im testing the SME8 (although Im sure this relates to other versions).
I want to get to the server manager from the outside. What I mean by this is ..

[MyRouter doing DHCP] ----- sme server (server mode)
[MyRouter doing DHCP] ----- other devices
[MyRouter doing DHCP] ----- blackberry etc.

This sme only has one Nic.
I can port forward port 22 from router to sme, works fine.
I can port forward the PPTP vpn port 1723, works fine.

However I'm kind of confused. If I want to go to my router eg http://100.100.100.100/server-manager to get to my gui, what do i need to portforward on my router.
I dont want to conflict with my router gui which is http://100.100.100.100:8080

I can connect using pptp and then type in
http://192.168.1.45/server-manager
And this works but how can I directly connect to the interent, via port forward. (asuming that is what I would use.)
Thanks.

[stephdl]

You need an internet static ip or a free service as dyndns.org, no-ip.org and a vpn service activated (as pptp or openvpn bridge contrib) service activated on your smeserver.

Then with port forward to your smeserver (1194 for openvpn) and a vpn client  configured (as networkmanager) on your computer  you should use the server manager outside of your network with an url like this

https://yourdyndns.dyndns.org/server-manager
or
https://your-internet-static-ip/server-manager

[steve288]

I think I may have explained what I want poorly.
I understand getting to my IP address from the outside would.

I think I understand the vpn aspect of the server.

Although I have not used openvpn, I have set up a vpn from my windows 7 to the sme computer by forwarding port 1773 at the router.
This is the port that the vpn software built into sme uses is based on Please see ...
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#PPTP_.28VPN.29
It is not openvpn, but I think it is the same thing, well at least it does the same thing basically. Please correct me if Im wrong.

I think you have asked me to do essentially what I have already done. And I'm also not sure what you have pointed out will work.

If you use vpn software to connect to your computer then you need to use your local IP address like 192.168.1.1 to connect to the sme. An "outside" ip I'm not sure will work. Having said that its not what I want as I dont want to have to start a vpn connection everytime I want to look at the gui.

What port does the server-manager use. It is not 1773 or 1194 I don't think. It is I assume 8080 or some web type port.
I don't want to forward my web port because that means I think I will not be able to connect to my router Gui from the outside eg 8080. I think if I did forward 8080 to the sme then If i did type http://100.100.100.100/server-manager it would work but what would happen if I then used 100.100.100.100:8080 to connect to my router.
I suppose I will just have to try it out and see.

Im open to you or anyone else saying IM wrong. (as if I could stop you Incorrigible lot).
Regards

[crazybob]

Try forwarding port 443 to your server. You will also have to add your remote pc public ip in the remote access panel in server-manager.

[steve288]

I think you are right.

I started doing
[root@testy ~]# sudo netstat -tulpn |egrep http
tcp        0      0 127.0.0.1:942               0.0.0.0:*                   LISTEN      2987/httpd
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      2957/httpd
tcp        0      0 127.0.0.1:980               0.0.0.0:*                   LISTEN      2934/httpd-admin
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      2957/httpd

Of course I thought to self. there are other ports like 443 that could be used.
I added it to the router to port forward.
Then added my https://domain.com/server-manager and it worked.
It HAS to be https not just http.
I need to see however when I'm not inside the network tomorrow. Sometimes I have been fooled into thinking things work when they do not because IM behind the network. As I am right now.
Thanks.

[TerryF]

I use a VPN to connect to all the servers I help with, it is only three , simple, secure and it works.

Make sure the VPN port is forwarded to the server, you said 1773, it should be 1723

Simpley connect to the server manager using the local lans ip for the server https://192.168.x.x/server-manager

This is an excellent doc http://wiki.contribs.org/VPN_practical_tips on setting up a VPN

**after reading again added this

However I believe you want to do this:

http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11

[mmccarn]

Using Putty:
http://forums.contribs.org/index.php/topic,36055.msg160779.html#msg160779

Using a VPN:
http://forums.contribs.org/index.php/topic,36055.msg160771.html#msg160771

[steve288]

TerryF
Yes your right Port 1723, might be confusing to others following this. I miss typed 1773. I think I was getting mixed up with  with US history and 1776.
thanks.

[steve288]

mmccarn
Thanks. Always helpfull as usual.
Yes never thought of that. Have not really used tunneling but I will explore that option.

I have discovered that by forwarding port 443 I can also look at horde mail.
eg https://mydomain/horde
Not that it sends or receives any mail tot he world but I can see the administrator emails remotely.

Thank you.

[hawk]

hi
for quick easy connection to server-manager, i use putty and log into the admin account then option 6. Access Server Manager.

thanks john

[stephdl]

mmccarn
Thanks. Always helpfull as usual.
Yes never thought of that. Have not really used tunneling but I will explore that option.

I have discovered that by forwarding port 443 I can also look at horde mail.
eg https://mydomain/horde
Not that it sends or receives any mail tot he world but I can see the administrator emails remotely.

Thank you.

indeed with 443 forwarded to your sme internal ip you can use this outside of your network for playing with ssh tunneling.

Do this in a root terminal of your computer outside of your network

Code: [Select]

ssh -L 443:localhost:443 root@your-static-external-network-ip-or-host.dyndsn.org
then in firefox the url to see the server-manager will this

Code: [Select]

https://localhost/server-manager

[p-jones]

Steve288,

If you set it up as a server-gateway with two NICs the whole task becomes so much more simple and reliable.

[steve288]

TO: stephdl
So if I use the tunneling procedure, does that mean I dont need to port forward?
Im sort of confused on why to use this process, since I can access the server-manager  with a port forward.
Or does this tunneling method mean I can do it w/out the port forward as its setting up the port 443? Sorry perhaps for asking an obvious question.

TO: p-jones
Yes you are right thanks.
What I'm doing now is just testing sme8 at home, not at work where I have a 7.6 doing a fine job for the organization.  But at home I have this spare computer which strangely has NO bus slots. (Yup) so Im stuck with the nic port on the MB and cant add any more. That's why its in server mode only.  I tried to use a Wifi USB but many posts seem to indicate that SME does not seem to support that. I may have a USB nic but because I was out of luck with the wifi I thought I would be with the usb nic as well.(?) However this has been all a fun educational experience.
Regards.

[stephdl]

TO: stephdl
So if I use the tunneling procedure, does that mean I dont need to port forward?
Im sort of confused on why to use this process, since I can access the server-manager  with a port forward.
Or does this tunneling method mean I can do it w/out the port forward as its setting up the port 443? Sorry perhaps for asking an obvious question.

With the tunneling procedure you have to forward the port 22 and 443 to your sme internal ip else you can not reach your server outside of your network.
With a sme in server mode you must forward at least 993/995/22/443/80. In a server/gateway mode it is a different approach, it depends if you have a router or a modem in front of your sme.

In all events you need some port forward, if you want to be accessible outside of your network, exept for if you are in a server/gateway private mode.

[steve288]

Thank you for that.

The question I was confused on was what is the difference between not using the ssh commands you have suggested and ONLY using port forward, since it works with or without your command to get to my server-manager. And I think (correct me if im wrong) is that if I just use portforward I have to access it with the address "mydomain/server-manager" as opposed to "mylocalip/server-manager", if I use the tunneling method right ?
Regards