Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Steve Garratt on March 11, 2002, 05:49:41 AM
-
I have installed the dmc-mitel-portforwarding-0.0.1-4.noarch.rpm module and tried to configure port forwarding using both the menu based system and the command line to enable port forwarding but it doesn't seem to work. I am trying to setup pcAnywhere on one of our customer's servers. When I use pcAnywhere on the LAN directly at the server's IP address, it works fine. But when I try to configure pcAnywhere to use the external IP address of the e-smith server (which acts as the firewall), no port forwarding is being done. I set TCP ports 5631 and 5632 to port forward to 192.168.0.1 (these ports are the standard ones used for pcAnywhere found in tools -> options). I also tried setting up the UDP ports for 5631 and 5632 but it didn't help.
I also tried setting up port 80 to port forward to the IIS server but it doesn't work either.
I have tried using the rpm module on both SME Server 5.0 and 5.1.2 but can't get it working on either.
-
It is working fine for me, using the webmanager interface.
I am remotly controling an interior machine (using RA) in and e-smith protected network.
-
I think that PCA use UDP traffic. If I remember, dmc-mitel-portforwarding don't forward UDP traffic.
-
Garret,
what exactly is RA...a URL perhaps.
thanks,
stitch
-
http://www.famatech.com/
-
The orginal post said you where forwarding to 192.168.0.1. Is this the IP address of the machine you have PCAnywhere installed on? 192.168.x.1 is usually the gateway (SME) server.
-
I tried using the same rpm to forward http requests to an internal IIS machine. I forwarded port 80 (both TCP and UDP) and it doesn't seem to work. What am I missing?
-
Ryan,
> The orginal post said you where forwarding to 192.168.0.1. Is this
> the IP address of the machine you have PCAnywhere installed on?
> 192.168.x.1 is usually the gateway (SME) server.
I have the e-smith using 192.168.0.254 (internal IP address) as the firewall/gateway server and a Windows 2000 server using 192.168.0.1. I am wanting to access the Windows 2000 server which has pcAnywhere installed on it from outside the office. To do this I have tried using the dmc-mitel-portforwarding rpm to allow ports 5631 and 5632 to port forward to the Windows machine through the e-smith server.
When I try to use pcAnywhere using the external IP address of the e-smith server from outside the office, it does not work. I have also tried port forwarding port 80 to an IIS server on another network and found that it doesn't work either. What am I doing wrong?
Regards,
Steve Garratt
-
Is all this being set up thought the admin interface in the web manager?
If so, please explain your exact settings.
Thanks
Garret
-
I have successfully used both the old command line portforwarding and the server manager version to port forward the following:
5900 VNC
5901 VNC
6969 Napster/winmx mp3 sharing
515 TCP printing
I would research using a port scanner on your SME server. You might find a hacking tool to do this as well. As far as forwarding ports 25, 80, and 110, I have not been successfull, but I suspect I need to kill the server aps on SME that use these ports in order to allow the port forwarding to work??????? I have not taken the time to get 25, 80, and 110 forwarded. If anyone knows how, please post.
-
Ryan,
I have tried setting up WinVNC as you suggested on port 5900 or 5901 but WinVNC wouldn't accept those port numbers. When I tried something like port 2, I could connect to the WinVNC server directly but still not through the e-smith.
- Steve
-
Garret,
Using Ryan's suggestion of port 5900 for WinVNC:
Protocol = TCP
Ext Port = 5900
Dest IP Address = 192.168.0.1
Dest Port = 5900
I've also tried using Ext Port 5900 with Dest Port 2 on the same Dest IP Address and that doesn't work either.
- SteveGarret wrote:
>
> Is all this being set up thought the admin interface in the
> web manager?
>
> If so, please explain your exact settings.
>
> Thanks
>
> Garret
-
I had to open both 5800 and 5900 to get VNC to work. I am not using SME as my firewall but I am sure it will be the same ports. When connecting with VNC on your local lan run netstat -a -p tcp on the VNC server system. This will show you what ports tcp is listening on. If you are connected with VNC you should see the ports that VNC is using.
Tony
-
Remember to read up on WinVNC on the web. I suggest using TightVNC instead of WinVNC, but they work the same and are compatible.
You determine the WinVNC (TightVNC) port number by choosing the "display number" when you configure WinVNC server (application). If you choose a "1", the port that WinVNC will use is 5901. If you leave the display number a 0, WinVNC will use port 5900.
Using Port Forwarding for TCP 5900 and 5901 on SME: (for example I will use sme.dyndns.org as hostname for your SME server) NOTE: You can use the ext. IP address of your SME instead of a hostname.
If you have a computer "A" running WinVNC server with a display number=0, you would connect to "A" by entering "sme.dyndns.org" as the VNC server in the WinVNC Viewer box. Note, VNC uses display numbers of 0 by default. Note that sme.dyndns.org=sme.dyndns.org:0
If you have another computer "B" running WinVNC server with a display number =1, you would connect to "B" by entering "sme.dyndns.org:1" as the VNC server in the WinVNC viewer box.
Setting each computer on your lan with a different display number will allow you to access up to 100 computers through the firewall. Display numbers values are between 0 and 99. So, you have to plan your VNC computers with your portforwarding....for example:
Computer "J" will have display number=10
WinVNC will be listening to port 5910 on computer J
SME: port forward TCP 5910 to computer J internal IP address.
EACH VNC MACHINE WILL HAVE ITS OWN UNIQUE DISPLAY NUMBER AND PORT FORWARDING ENTRY ON SME. Port forwarding works great for several machines.
VNC also works through a web browser and uses port 5800 (display number=0) as default. I prefer using the VNC Viewer to a web browser to connect. If you use the web version, all the above is the same except you have to use 58xx instead of 59xx for port forwarding. xx=display number.
Another option:
Connect to your lan by vpn. Set up all computers with VNC display number=0 (0 is default setting). You would then connect to a computer by first connecting the vpn, then using the internal computer name or ip address in vncviewer. This option is better if you want to be able to connect to lots of computers from outside the firewall as you don't have to set a port forward and display number for each machine. I use this method on all computers at work. I use portforwarding for 2 computers at home.