Topic: Server only?

[Joseph]

Hi
My question is how do I configure my server to allow everything both ways.  Basically I'm setting the sme server inside another lan.  This might be confusing but I'll try anyway.
wl= Work Lan
sl= SME Lan
The sme server is in between and was installed as server gateway.  Computer inside the sl is able to access computers in the wl (which is the goal).  But not the other way around (which is something i don't want).  Even though the computers inside the sl can see the computers in the wl they can not authenticate to the PDC (which is on the wl, another thing I don't want).  Is there a way to change all of these problems?  Does installing it under server only mode do the trick?  All I want out of the sme server is to provide another lan but have everything remain as transparent as possible.

Thanks in advance and I hope i didn't confuse too many people.

[Jeff C]

Server only mode should be what you are looking for.

-jeff

[Joseph]

thanks for the response jeff but it doesn't look like it'll work.  Server only mode only uses one ethernet adaptor.

[Scott Smith]

If I'm understanding you correctly, you want two separate nets, but with a wide open bridge between them. I guess the question is, why? If you just want to use the SME server's applications, put it in single user mode and have the whole thing on a single net.

However, if you truly want to have separate nets, but full two-way access, SME is not going to do it for you OOTB. You would have to redo (ie, eliminate) the integrated firewall. Not a simple task. You can, however, purchase a LinkSys or D-Link two-port router for less than $100 that will create an open bridge for you. That might be the easier thing to do.

Scott

[Joseph]

It;s a very long story Scott.  The company I'm at is very old school and each computer uses a real routable IP.  And they're in no rush to change this.  However, I'm constantly running out of ips.  That is why I thought of this.  I thought that i can just mingle with the config file and basically allow everything inbound and out and that would be it.  But I'm fairly new to the *nix world and don't know the correct syntax.

[Kelvin]

Hi Joseph,

Here's a suggestion from left wing.

There is a how-to in the contrib section of this site about adding a 3rd NIC to your SME server (ie. a second LAN side NIC - you end up with 1 x WAN side nic and 2 x LAN side NICs). Using this, you can have one network one NIC and the other on the second NIC. I think, not for sure though, that you can route between the two LAN side NICs and just ignore the WAN side NIC.

Just a thought.

Kelvin

[Alexander Ziemann]

1. Do all your machines have internet access?

2. If so, is there reasonable protection to "outside world"?

3. Do all your workstations need access to the mitel servers services?

My suggestions:

1. NO: If you are in a local subnet, any switch/router would do, because you can use private IPs then at least for a part of the net.
1. YES: You put the mitel server in "server/gateway mode", enter the firewall/proxy as outside gateway and connect the local machines, that need private IPs AND sevices from mitel-server  via switches to the mitel-server. Add additonal networks/private networks there if needed. Connect the rest of the network to the firewall and other services offered by other servers. But you need 2.

2. I hope so. Is there any "non historical reason" for doing so? I personally would not like the accountants PC beeing visible in internet.

3. If you have a protected network AND need services by one server to all of your network (public and private IPs), then you better would build up a real file and print server, e.g. a RedHat system. There you can add NICs as much as you want and serve to local networks.

hth
Alex