Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: dexter on October 19, 2004, 09:03:41 AM

Title: Server (only) mode
Post by: dexter on October 19, 2004, 09:03:41 AM

Hello everybody!

I have some restrictions from my ISP, so I CAN NOT USE SME as Server & Gateway, becouse of some rules etc.

My connection looks like:

Inet (Cable) <> Cisco 1710 router with IOS <> Cisco Catalyst 2950 switch with WLANs and DMZ.

My question is:

It is safe to run SME in ServerOnly mode, connected directly to the Inet ???

Tx,

Title: Server (only) mode
Post by: mbachmann on October 19, 2004, 01:52:00 PM

Depends on how you define "safe". Better to use an extra firewall before the server.

Title: Server (only) mode
Post by: Boris on October 19, 2004, 07:21:16 PM

Cisco 17xx routers have firewall option. Is it used?
Will your SME server be used as Internet server or its conflicting with ISP rules?

Title: Server (only) mode
Post by: dexter on October 22, 2004, 11:32:24 AM

Tx, Guys!

Yes, Cisco has IP plus SW installed and it is enabled. All I allow are ports: 80, 25, 110, 22 (from known IPs), 143 , 433 for now. For samba I must add ports 137-139 for my C-class only.


Yes, my SME will be used as Internet server (no conflicts with ISP) There is only one rule. NO NAT on server...

I am looking forward for all comments.

Title: Server (only) mode
Post by: Boris on October 22, 2004, 08:25:38 PM

I would strongly advise you against opening smb ports through the firewall. Keep windows sharing on the local LAN only. If you need file access, consider VPN.

80, 25, 110, 22 (from known IPs), 143 , 433 (you meant 443 https:?) you can leave forwarded from Internet. Relatively safe if pay attention to what is in your "local networks"

Title: Server (only) mode
Post by: dexter on October 23, 2004, 12:42:46 AM

Yes of course Boris, I mean https (lapsus). Yes It is safer NOT to open samba ports on Cisco Router, but I must enable access for this ports through for LAN only. Router and swith is manageable and if i close smb ports I can not access SME from my LAN neither. So I am going to allow smb from my C-class only. What do you think?

Title: Server (only) mode
Post by: Boris on October 23, 2004, 05:59:04 AM

I am not clear on your configuration then. Is your Cisco router not your main Internet gateway? If it is and LAN is on the same subnet as SME, you don't need to open SMB ports on the Ethernet interface of the router, just rest of the ports (80, 25 etc..)for inbound access from Internet.

Title: Server (only) mode
Post by: dexter on October 23, 2004, 07:26:32 AM

Yes, you are wright. I am also confused. The same problem was with SSH. If I DO NOT open ports (set filter) in Cisco, I can not access my SME frm my LAN neither. This is strange, but I can not manage this router my myself, so I don't know exactly how it is configured. Tx, till monday when I am going to set some new config. I will make a report on forum.