Topic: Setup Question

[gavan_white]

Hi, I am new to the forum. I have used SME Server for some years as a server-gateway after my modem. Unfortunately, after an upgrade to VDSL, I can't get a modem that will bridge properly, also running all traffic through SME seemed to be a bottleneck.

I have changed the server to server only and forwarded the ports I need to it and use it as a proxy for other computers that need to access these ports. This works well, but I am unsure about the safety of this. The rest of my network gets direct access to the modem otherwise.

My problem is that I don't know whether I am safe port forwarding to the SME in server only mode (single ethernet) or whether I should set it up as sever gateway mode for these port forwarded events eth0 to the modem and eth1 to the rest of the lan. I assume the firewall is best in the latter setup.

Thanks for any help.

[Stefano]

Which version are you running?
I'll move this post in the right place once you answer

[gavan_white]

Thanks. I am using 9.1.

[Stefano]

Moving to SME Server 9.x section

[Stefano]

I don't see any security issue.. there are zillions of SME running like yours out there

[janet]

gavan_white

My problem is that I don't know whether I am safe port forwarding to the SME in server only mode (single ethernet) or whether I should set it up as sever gateway mode for these port forwarded events eth0 to the modem and eth1 to the rest of the lan. I assume the firewall is best in the latter setup.

Either server only or server gateway mode is OK, they both expose ports/services on your sme server to the Internet.

In server only mode you rely on the modem/router to do the firewall functions, whereas in server gateway mode, sme server acts as the firewall.

Which firewall is better, opinions will vary. A regularly updated sme server will use the latest kernel version & likely be more secure as a result, whereas many users may not update their modem firmware.

Better is an interpretive word, in some ways the sme server firewall could/would be considered better than a regular modem, but if your modem/router is a specialised firewall device, then that may well be better.
Functionality & ease of use will also affect a users determination of which is better.
Where sme server requires more expert knowledge to configure the firewall for specialised requirements using a command line interface, a modem with a nice GUI interface may well do the same thing but be easier to configure, & therefore be considered better, due to the GUI interface being easier for a non expert to use.

[gavan_white]

Thanks every body. This does make me feel more relaxed. My concern was that port forwarding from my modem would mean there was no firewall on those ports and wasn't sure if the server only mode did any checking of LAN traffic.

I think I might feel "better" (more comfortable) going server-gateway giving me a firewall to include the forwarded ports.

I honestly believe that SME server is the best thing I have ever added to my home network. I have been using it since the e-smith days and relied heavily on the contribs and howtos to make things work. I just have never posted. Will be donating soon.

Thanks.

[janet]

gavan_white

The modem has a firewall, you used it to forward the ports.

[gavan_white]

Thanks Janet. That is correct, my mix up.