Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: laurie_lewis on July 31, 2005, 01:06:01 PM

Title: Network visibility on internet
Post by: laurie_lewis on July 31, 2005, 01:06:01 PM

Out of curiosity I logged onto Gibson Research and got the result below.  I did a search on this topic and only found some messages about outbound connections.  What I could not find is how do I make the server totally invisible to anyone doing a search for servers connected.  Just thinking that if they can not see it at all you are less likely to have someone try and knock on the door and get in.

**********************
GRC Port Authority Report created on UTC: 2005-07-31 at 10:51:35

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

*****************

Thanks

Laurie

Title: Network visibility on internet
Post by: pfloor on July 31, 2005, 06:12:33 PM

Laurie,

Just out of curiosity...Is your server behind a router or firewall of some kind?

Also, is it set up as server only or server/gateway?

Paul

Title: Network visibility on internet
Post by: laurie_lewis on July 31, 2005, 06:29:50 PM

It is setup behind a router but the firewall features are not turned on.  SME is setup as server/gateway.

I was thinking that SME would be able to act as the firewall and should be able to be not seen from the net?

Laurie

Title: Network visibility on internet
Post by: pfloor on July 31, 2005, 07:17:57 PM

Unless your router is bridged or SME is in a DMZ, GRC is testing you router and not the server.  Your router is probably natting you IP to the server.

An SME set in server/gateway mode connected directly to the internet will actually show several ports as open.  Usually 25, 80, 113 and 443 by default.

If you don't want to offer any services to the internet, put your server behind a firewall as you have it now and seal up your router/firewall.

If you want to offer any services such as a website, you must open port 80 to the internet.  You can't totally stealth your connection and offer services at the same time.

What is your goal here, do you need to offer ANY services to the internet or is this just a private server?

Paul

Title: Network visibility on internet
Post by: laurie_lewis on August 01, 2005, 04:49:32 AM

I want to be able to access my files etc but I do not want anyone else.

Never tried this and just experimenting.

I can see what you mean with the router responding.  I will play with it and see what I can do.

Laurie

Title: Network visibility on internet
Post by: pfloor on August 01, 2005, 05:40:16 AM

Laurie,

If you only want to access files on the server from the internet side I suggest that you leave it behind the router and stealth everything.

Then foreward your VPN connection (port 1723 if I remember correctly) from your router to your server.

Next, make good STRONG password(s) for the user(s) allowed access via VPN and give them VPN access in the server manager.  You will also need to set the number of concurrent PPTP connections in the remote access panel.

This configuration will only leave one port open and it will be STRONG password secured.

Good Luck,

Paul