Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: brian read on October 22, 2002, 03:10:37 PM

Title: Access to web site externally
Post by: brian read on October 22, 2002, 03:10:37 PM: I am having trouble configuring things to allow access to my SMEserver from the internet.

I have an IPCop firewall on an ADSL line, with an SMEServer on the LAN.

The ADSL line is a dynamic IP, but I have a dyndns domain, which I can ping sucessfully.

VPN from the internet works fine.

I have forwarded port 80 on the firewall to the SMEServer but my browser tells me that it canot find the server. I am testing it from inside the LAN, by surfing to the DynDNS domain.

I ahve also tried another port (8888), just incase my ISP is blocking port 80, but that also doesn't work.

Does it matter whether I have the SMEServer in Server only or Gateway and Server mode? I have tried both.

any ideas?

Cheers

Brian
Title: Re: Access to web site externally
Post by: Jon Blakely on October 22, 2002, 04:15:34 PM: Brian,

I assume from your post that your server domain name and dyndns domain name are different.

If you want external http access to your server, your server domain name needs to be a FQDN ( fully qualified domain name) i.e the same as your dyndns domain name.

You can ping your dyndns domain name but you are only pinging as far as the external interface of your ADSL router or the external interface of your IPcop firewall, depending on whether you have an ADSL router or just a modem.

If you can't change your server domain name you can create a virtual domain with the name of your dyndns domain and point it at an Ibay and put your website there.

Jon
Title: Re: Access to web site externally
Post by: brian read on October 22, 2002, 04:34:02 PM: My Server domain name _is_ the same as the dyndns domain.

However I am not running DNS in the SMEServer, it runs in the Ipcop firewall. Is that the problem? IpCop doesn't seem to have an interface for setting the "local" domain name.

Brian
Title: Re: Access to web site externally
Post by: Bill on October 22, 2002, 04:49:05 PM: Brian,
There are two settings U must make on IPCOP to pass ports
1. Port Forwarding which U did
2. External Service Access MUST have Port 80 Open.

I used both IPCOP and Smoothwall, but it seems IPCOP kinda died, so I went back with Smoothwall. I BETA tested adding 'DansGuardian' to these Firewalls and it worked pretty good, but decided to put back on my SME 5.1.2 at home and SME 5.5 at the office.

BTW Try port scanning your FW to what ports it sees open. USE LANGUARD, GRC.com, NMAP, NESSUS,etc...

Good Luck
Bill
Title: Re: Access to web site externally
Post by: brian read on October 22, 2002, 05:08:25 PM: >There are two settings U must make on IPCOP to pass ports
>1. Port Forwarding which U did
>2. External Service Access MUST have Port 80 Open.

I have done both of these

>BTW Try port scanning your FW to what ports it sees open. USE LANGUARD,
>GRC.com, NMAP, NESSUS,etc...

GRC confirms that port 80 is open.

8-((

Brian
Title: Re: Access to web site externally
Post by: Eerikki Peltokorpi on October 22, 2002, 05:20:16 PM: Hello Brian

Have you tried to connect the webserver truly outside of you network. Sometimes you cannot access internal server from internal network tru outside world.....

Ask someone to try connect to server from internet...

If that work then you have to tell somehow your's dns system that server is in local network. (use e-smiths DNS for primary and IPcop for secondary DNS server.)

Hope this help you out.

-Eerikki Peltokorpi-
Title: Re: Access to web site externally
Post by: brian read on October 22, 2002, 08:31:21 PM: Ok, I have done as Eerikki suggested, and tried it from "outside", and it worked!

How can I get the same URL to work internally as well?

Cheers

Brian
Title: Re: Access to web site externally
Post by: Charlie Brady on October 22, 2002, 09:08:00 PM: brian read wrote:

> How can I get the same URL to work internally as well?

Remove IPCop and configure the server in servergateway mode :-)
[Unless you happen to use a USB ADSL modem, that is. You can blame Alcatel for that.]

Charlie
Title: Re: Access to web site externally
Post by: Bill Talcott on October 22, 2002, 09:12:36 PM: brian read wrote:
>
> Ok, I have done as Eerikki suggested, and tried it from
> "outside", and it worked!
>
> How can I get the same URL to work internally as well?
>
> Cheers
>
> Brian

If you're using the SME for internal DNS, it should route the URL to itself automatically. Otherwise, it's going to the internal router/firewall interface, which isn't being forwarded back to the SME.
Title: Re: Access to web site externally
Post by: Bill on October 23, 2002, 06:18:28 AM: If IPCOP has an internal ip of say 192.168.10.1 and U set primary DNS on IPCOP as 192.168.10.1 then edit the /etc/hosts of IPCOP and type

192.168.10.10 domain.com www.domain.com

where 192.168.10.10 is the Internal ip of your SME Server and domain.com is yor FQDN

I have SW running with SME as Private Server and Using TZO as my DNS Internet Service.

Works 100% for Me

Bill
Title: Re: Access to web site externally
Post by: Tim Perreault on November 07, 2002, 11:01:54 PM: I am nowhere the guru these other guys are, but I had about the same problem. Do you have 2 nics installed on the server? If you do swap them you might be saying that the nic connected to the lan is actually the external interface. I could see the internet, but not my lan. Once i swapped the eth in the setup, both worked fine. I had the firewall restrictions set to the lan nic instead of the external nic for the internet leaving my server open to the internet instead of my lan.

Tim
Title: Re: Access to web site externally
Post by: Actron on December 30, 2002, 09:10:10 AM: try JAP (http://anon.inf.tu-dresden.de/index_en.html&e=747 or http://anon.inf.tu-dresden.de)

it works for me to simple test my SME services on external NIC

(sorry for my short words - i'm a german :-))
actron