Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Archangel on October 26, 2005, 11:13:52 PM
-
Can this be done? I would like to set up a computer, 192.168.X.X, in DMZ. Please advise on how to do this.
Thanks
Archangel
-
(I believe I know why you do not get a reply...)
...at least /me=mortal would need to know more before attempting to help :-D
Please rephrase/describe in (more) detail what you want to do ?
Guessing is always so painful! 8-)
Regards
Reinhold
-
I too have tried to set up an SME-SERVER in a DMZ. I was using IP-COP with a red, green and orange interface. The PC could connect direct to the internet using the Red interface but I could not access the SME SERVER in the DMZ.
I set the SME SERVER up in server only mode, but I could never even get it to ping successfully. I tried to find if it was a problem with IP-COP or the SME SERVER config.
I looked around a little bit, and found that other people had succeeded at this; but I gave up and went back to connecting to the internet directly through the SME SERVER.
I have had no problems so far (quickly touch wood !?!)
If anyone has any tips on how to do this I would be really keen to try this again.
Mudra
-
OK, here is what I have and want to do. I have set up SME as server-gateway and it manages all my computers and IP cams and VOIP. I want to take the VOIP out of the clutches of my SME server-gateway and make it stand on its own, alone out there in cyberspace. i.e. internal IP 192.168.2.xxx. The reason being is that VOIP going through SME server-gateway creates a delay in phone conversation especially evident in overseas calls. It doesn't really matter what device I decide to put out side of SME server-gateway responsiblity, rather can this task be done at all. I hope this is detailed enough of what I was trying to do and I hope someone can help me clears this thing up.
Sincerely,
Archangel
-
I set the SME SERVER up in server only mode, but I could never even get it to ping successfully. I tried to find if it was a problem with IP-COP or the SME SERVER config.
Hi Mudra,
using the same config as discribed, I have my SME in the DMZ working on the orange netcard of the IPCop, while the IPCop is providing the access to the internet.
IT's not a problem to get this configuration working:
1. Use the IP of IPCop's green netcard as gateway and DNS for your LAN PC's.
2. Use the IP of IPCop's orange netcard as gateway for the SME in the DMZ.
3. Attention: Use not the IPCop for DNS! You must use a public DNS server for this.
When configuring the SME as server-only in the serverconsole, there must be a special windows for an external (public) DNS-Server.
That's it, so you will be have an SME in server-only mode in the DMZ.
OK, but in server-only mode there is no firewall-support as in the server and gateway-mode!
My Question is:
What to do to provide the same firewall-rules as in the server and gateway-mode
on a SME with one single netcard in the server-only mode?
Rgds.
Dietmar
-
Thanks Dietmar,
I will give your settings a try over the weekend.
Mudra
-
... SME as server-gateway and it manages all my computers and IP cams and VOIP.
I want to take the VOIP out of the clutches of my SME server-gateway and make it stand on its own,
... reason being is that VOIP going through SME server-gateway creates a delay in phone conversation
IF the SME stays put as your gateway/router, I doubt you could get any faster by routing a DMZ through ... this will only add time to the delayline...
The netfilter page does however give a seemingly easy tutorial to implement.
Example for this see: http://www.netfilter.org/documentation/tutorials/lw-2000/tut-3.html
(http://www.netfilter.org/documentation/tutorials/lw-2000/serious-ex.gif)
The place to put this into SME is:
/etc/e-smith/templates/etc/rc.d/init.d/masq
...daunting task all in all 4me ... there is something more simple Id think.
While I doubt that a fast SME is slow in this respect, you should ask the asterisk people here "how they do it".
- Putting IP-cop (or any other router) in front of SME will present some tough challenges in itself (as a myriad of posts in here are proof of).
- Plain Forwarding a couple of UDP/TCP ports to a 2nd dedicated server-only-SME always seemed simple and fast for me (Ive done it personally up to 30ports in one case - and it seemed "delayless"). I dont know what you VOIP does include but isnĀ“t it possible to reduce you problem to just that?
Regards
Reinhold
-
Reinhold,
By analyzing the diagram and calculating the expected bandwidth throughput I have come to conclude that it is best to let SME server-gateway manage the voip and not let it hang out there in DMZ.
Thanks for a great and detailed response.
Archangel.