Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Ashley on September 17, 2003, 11:55:16 PM

Title: IP Forwarding
Post by: Ashley on September 17, 2003, 11:55:16 PM

How can I turn off IP forwarding in SME v5.1.2? I have dual nics and want my internal scheme to stay private, but e-smith keeps forwarding my private IP externally.

Thanks

Ashley

Title: Re: IP Forwarding
Post by: Kevin Tollison on September 18, 2003, 01:28:57 AM

Shouldn't be unless somehow you have the cables reversed.  But it shouldn't be working at all if that is the case.

Title: Re: IP Forwarding
Post by: Jan on September 18, 2003, 01:47:41 AM

Could it be you DIDN'T set your server in Server/Gateway modus?

regards,

Jan

Title: Re: IP Forwarding
Post by: Ashley on September 19, 2003, 11:32:07 PM

I have set up my server in Server/Gateway mode, and I currently use a straight thru cable Cat 5e to connect internally and a crossover to my router. They can still see my internal IP externally, and that leaves my students un filtered by my external filtering service.

thanks for the help

Ashley

Title: Re: IP Forwarding
Post by: Greg Zartman on September 19, 2003, 11:42:15 PM

> I have set up my server in Server/Gateway mode, and I
> currently use a straight thru cable Cat 5e to connect
> internally and a crossover to my router. They can still see
> my internal IP externally, and that leaves my students un
> filtered by my external filtering service.

What you explain here doesn't seem possible.   If I understand you correctly, your highspeed modem is connected directly to your SME box via one of your two NIC adapters.  Your LAN is then connection to the other NIC adapter.  Further, I am assuming:

- You have a public IP address via the highspeed modem assigned to the external NIC.
- You have a  local IP address assigned to the second NIC that is not part of the external IP subnet,
-  You have good LAN communications (i.e., you can ping other machines and what not).

If all fo the above is true, then it almost impossible that an external source could see you LAN.  First, the two IP pools (WAN and LAN) are, and should be, on seperate subnets.  Second, SME is firewalling the external IP.  

What makes you think exernal users can see your LAN?

Greg Zartman

>
> thanks for the help
>
> Ashley

Title: Re: IP Forwarding
Post by: Dan Brown on September 20, 2003, 12:22:59 AM

Actually, it is possible--if the transparent proxy is turned on (or, probably, if it's turned off but the user is using the regular proxy), external sites can see your internal IP address--or at least I've seen it at some point.  Doesn't mean they can see the LAN, just the internal IP address.