Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Richard Warwick on May 19, 2002, 12:37:41 AM

Title: remote administration using web interface
Post by: Richard Warwick on May 19, 2002, 12:37:41 AM

Hi,

I've got an e-smith box at a different location from where I normally work.  For purposes of discussion - call the remote location "Branch", and my office "HQ"  
I need to administer the "Branch" firewall/server over the internet, but don't want it "wide" open - I wanted to limit it to the address range at HQ.  I can SSH to Branch from HQ, but the Web interface doesn't work - I get "forbidden".

I tried activating the "additional local networks", but that has side affects at that location - I.E. when the windows users need to get to resources at HQ, it doesn't work.  I'm guessing, but,I think, from reading the masq file in etc/rc.d/init.d that it is trying to route directly between the local net and the HQ address range on the internet without using masq'ing.

so, How is the best way to allow administration without breaking everything else?

Eventually, I'm going to get VPN going, but (because of HQ issues) that may be months away.

Thanks
Richard

Title: Re: remote administration using web interface
Post by: Michael Smith on May 19, 2002, 03:49:11 AM

Get VPN going now.  When you establish your VPN to your e-smith box you can use the e-smith-manager and/or SSH (assuming you're permitting SSH).

Title: Re: remote administration using web interface
Post by: Andy MacDonald on May 19, 2002, 06:11:23 AM

Or read the howto's about using the Server-Manager page over ssh

Title: Re: remote administration using web interface
Post by: jesus on May 19, 2002, 06:24:24 AM

http://www.carrollweb.net/putty/putty-howto.html

Title: Re: remote administration using web interface
Post by: Jon Blakely on May 19, 2002, 06:25:00 AM

Or another option is to use SSL.

Read this

http://www.e-smith.org/docs/howto/remote-mgr-access-howto.html

Jon

Title: Re: remote administration using web interface
Post by: Jeff C on May 19, 2002, 07:13:03 PM

You could simply add the HQ IP address to your "Local Networks" panel in the server-manager and be done with it until you build your vpn.

-jeff

Title: Re: remote administration using web interface
Post by: Richard Warwick on May 19, 2002, 10:04:12 PM

did that, it causes side affects breaking access from branch workstations to hq resources.  please see original message.

Thanks, though, for replying

Title: Re: remote administration using web interface
Post by: Boris on May 20, 2002, 11:36:12 AM

I added only my managements workstation to local network list (subnet mask 255.255.255.255). "Branch" office loses connectivity  due incorrect routing to  resources on my workstation only (and they have no need to anyway), but rest of the "HQ" network is available.

Still the best way is direct VPN over PPTP to e-smith server :-)
Good Luck.

Title: Re: remote administration using web interface
Post by: bob on May 20, 2002, 09:38:36 PM

Did you try this?

http://geocities.com/mrfragger/e-smith/ssh-remotewebadmin.html

Title: Re: remote administration using web interface
Post by: Rob Wellesley on May 22, 2002, 04:18:03 AM

>
> so, How is the best way to allow administration without
> breaking everything else?
>

I do remote admin this way

on the remote machine

/sbin/e-smith/db configuration setprop httpd-admin ValidFrom

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

/etc/e-smith/events/actions/restart-httpd-graceful

this opens up the server admin for external access over SSL

For commandline I install Darrell Mays Webconsole on the remote server and access via https

http://www.myezserver.com/downloads/mitel/contrib/webconsole-0.0.1/

Remote access settings on the remote server are

Secure shell (ssh) access: public
Allow administrative command line: yes
Allow ssh access using standard passwords: yes

Works fine


Rob