Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: cgetty on January 28, 2006, 12:24:08 AM
-
Hi
New to linux & SME
I have SME Server 7 0pre1 release 4.2
I was running a website out of my house on a windows PC.
It was working ok. Then I switched ISP from Dslextream to Verizon.
My website stopped working. I said No big deal right now as I am going
to try the SME server On a Linux box.
So I loaded SME Server 7 0pre1 release 4.2 in Server & gateway mode.
I also have one of these free domain names from Dyndns .
Its sgetty.ath.cx.
On the SME server I set my primary domain name to sgetty.ath.cx to
match the one at Dyndns. Is this correct?
The SME server-manager, webmail, phpBB2 & logging with ssh on the local
network seem to work ok. There is no access from the outside in.
I scanned this forum and I'm thinking that maybe my ISP is
blocking my access (from the outside in) also the fact that the server running
on windows stopped working after I switched ISPs.
From the ISPs modem to one of the nic cards in the server.
From the SME server the other nic card feeds the WiFi
What I want to know is how should I configure the SME server for a work around?
Do I need to mess with the port forwarding ? If so How?
Thanks
Clark
-
I have SME Server 7 0pre1 release 4.2
I take it you mean SME Server 7 0pre1.
IIRC - you need to disabled http & smtp proxy with that ISP?! disable the settings from the server manager and give that a go
-
Been there ... done that. Switched ISP.
You problem is most likely port blocking by the ISP. They often with block ports 80, 21, etc... for residential internet customers. I found that my local ADSL company did that, but my cable company didn't (although cable seems to be somewhat less reliable).
Back to your problem. There is a work around that I'd used before. Essentially, there's a way to make SME to listen on port 10080, which is probably not blocked by your provider. This worked for me, but I found that certain people, especially those at Educational institutions, were not able to access my server.
See: http://mirror.contribs.org/smeserver/contribs//mblotwijk/Contribs/httpd10080/
Good luck!
Rob
-
Hi byte
I hope its that easy. I did what you recommended.
Now I need to figure out a way to see if my home page
https://sgetty.ath.cx/ can be reached from outside my network.
Thanks
-
On the SME server I set my primary domain name to sgetty.ath.cx to
match the one at Dyndns. Is this correct?
The SME server-manager, webmail, phpBB2 & logging with ssh on the local
network seem to work ok. There is no access from the outside in.
Before you jump to conclusions you should verify that those trying to access from the outside are using the correct address. Hmmm - when I look up sgetty.ath.cx I get 192.168.126.249 - that's not a valid Internet address, so it's no wonder your site is unreachable.
-
Sorry for omitting a rather important part of the solution (assuming it's the port blocking that's your problem). You'll also need to forward the domain to that particular port on your server. With dyndns you can do this in two ways ... first, you can always type that particular port (eg. http://sgetty.ath.cx:10080) or setup a webhop and forward it to that address (ie. http://sgetty.ath.cx:10080).
As Charlie pointed out though, in order for this to work at all, you'll need to point to your internet ip address. The ip address starting with 192.168 is your local address. If you're not sure what your public ip address is, go to http://www.whatismyip.com and it'll tell you!
Good luck!
Rob
-
Sorry for omitting a rather important part of the solution (assuming it's the port blocking that's your problem).
We've seen no evidence of port blocking.
As Charlie pointed out though, in order for this to work at all, you'll need to point to your internet ip address. The ip address starting with 192.168 is your local address.
The question remains as to how a local address would end up in DNS. The SME server's dyndns client should never do that. If SME server's dyndns client put that address there, that would be a bug. Bug tracker links are to the left.
-
With regard to evidence of port blocking, I'm speaking partially from experience with my own former ISP, and the fact that cgetty's problem started after switching ISP's before SME Server was utilized.
-
On another note ... you may want to confirm that your modem is not filtering. A friend of mine was with BellSouth for a while (in Florida) and they have some filtering in the modem. He had to log onto his modem and open the ports he needed.
Aside from the port issue, I'm out of ideas.
Good luck!
Rob
-
Hi Charlie and mackayr
Thanks for taking the time to respond.
On my windows set (before switching to SME) the Linksys wifi router was updating the http://www.dyndns.com/ site. I stopped it from doing that this morning. Seems like the reason for the local address showing up there.
I went to the http://www.dyndns.com/ site and manually updated sgetty.ath.cx to reflect the ip adderss from verizon 71.109.57.6.
I had a friend try to access http://sgetty.ath.cx/. He said he could not reach the web site.
Not sure how to proceed.
Clark
-
A ping of your domain reveals the IP as 192.168.1.1 !! Have a real good look at your Dydns settings. When you friend can ping and resolve your domain to a public IP and not a private IP then you are in a position to do some more experimenting.
-
On my windows set (before switching to SME) the Linksys wifi router was updating the http://www.dyndns.com/ site. I stopped it from doing that this morning. Seems like the reason for the local address showing up there.
On the contrary your router modem is most likely to update the dyndns name correctly (it knows your external ip, and also when the ip is changed). Check that is was using the correct login etc for dyndns.org, and re-instate the facility.
The 192.168.1.1 (which I am also getting) is probably created by the dyndns faclity in the SMEServer which does not work if you behind a NATing router modem. 192.168.1.1 will be the Ip of the WAN side of the SMEServer I expect. You should turn this off in the console configuration.
-
Hi brianr
When I ping the address sgetty.ath.cx I also see 192.168.1.1. This is what is being feed to the SME server from the ISPs modem. Dose that mean the modem from the ISP is a NATing router modem??
thanks
Clark
-
Ok I have a westel 6100 moden from my isp.
Cruising the web I figured out how to access the
westel 6100 from my isp.
Now I need to come up with the settings that
will work with the SME server.
Ok I changed one setting on the westel 6100, Now my IP from the
web should be "Your IP Is 71.109.57.6"
am I on the right track?
Any ideas
Clark
-
You changed your DNS record and then seconds / minutes later had someone check your web site??? WOW, your DNS provider is fast :-D :-D :-D
Mine takes a few hours to change :hammer: :hammer: :hammer:
Good luck!!! :pint: [/i]
-
Hi Every body
In review: I was under the impression that my port was being blocked by my ISP.
It was pointed out to me that there was no evidence of that. It was also pointed out
that the SME server will not work if the modem from the ISP is acting as a nat /
router. I hope I got that straight
I was able to reconfigure the ISPs modem (feeding the SME server) From a
Nat / router (which it was configured as) to a plane old dumb bridge.
The old ISP was serving me PPOE. The new one is DHCP. So after I
reconfigured the ISPs modem to a bridge and my ISP updated the DHCP IP address
feeding their modem I re-established my Internet connection.
Then from the outside (now @ work) tried to ssh sgetty.ath.cx -l admin to the server.
Not able to login. Below are the messages I got after my login attempt.
ssh: connect to host 63.168.104.2 port 22: Connection refused
An error occurred while loading http://sgetty.ath.cx/
Could not connect to host sgetty.ath.cx.
At the DynDNS web site it looks ok.
No problem in the inside.
I'm hoping that it just a simple miss configuration on my end. I fell I'm stepping into the
world of the big boys now by running SME server. Lots of network administration to learn.
I suspect that after I get this thing up & running (see I have hope) It will get the crap
beat out of it from the dark side. Since this is my test / learning server that just part of the
way it goes. Gota learn some time.
Also I would like to thank everyone for their help so far.
Clark
-
there are a couple of things we can look at:
first give us a little diagram of your network (eg internet==>modem/router==>SME==>internal network) or what ever you have, that would help us
understand how to answer your questions.
second if your SME external ipaddress is a 192.168.x.x one then your SME is behind a nat firewall, which means you not only have to forward
port 80 and port 443 (and what ever port you need) from your router that's doing the NATing to your SME server, but you will also have
to disable the dyndns update feature on the SME, because it will update dyndns with the wrong ip address.
to me it sounds like you've got the correct IP address sorted but you're router isn't forwarding port 80 to your SME server (although it could
be the ISP that's doing that, but check the router first and get back to us)
cheers
-
Hi funkusmunkus
I posted a flash file of some of the screen shots of my configuration.
http://scmug.azusalw.com/scmug/sme.swf
Thanks for offering to take a look.
Clark
-
Just an observation. Don't you have residential ADSL? If so, shouldn't PPPoE be selected rather than DHCP with ethernet address in your configuration?
-
Also, I noticed that all of your ports are filtered (as reported by nmap). Have you confirmed that your modem is not filtering (blocking) your ports? You made some configuration change to the modem, which I didn't exactly understand, but I'd recommend just leaving the NAT operational and just open the ports you need. I'd start with port 22 to allow remote SSH access to your server. I'd make sure you use certificates to prevent unauthorized access as well. Some months ago (and probably ongoing) there were many many attacks on SSH ports. Once you get that open and operational, you can continue troubleshooting.
Trying to help ...
-
Hi mackayr
Don't you have residential ADSL? If so, shouldn't PPPoE be selected
rather than DHCP with ethernet address in your configuration?
My DSL service is residential. My old ISP served me
PPPoE. My new ISP is Verizon in my neck of the woods
(Calif) DHCP is my only option.
These are the settings before I configured
the modem as a bridge.
http://scmug.azusalw.com/scmug/6100.swf
On the Westell forum (makers of the modem) these are the
instructions for changing the modem configuration to a bridge.
http://text.dslreports.com/forum/remark,14770977
After the reconfiguration I still have the same problem.
If filtering is going on I don't see any thing in the westell modem that is doing it.
Also being new to SME server I'm not sure that the initial settings are correct.
http://scmug.azusalw.com/scmug/sme.swf
Thanks
Clark
-
Hi mackayr
On the last slide of the modem flash file it states that
inbound traffic can be controlled by port forwarding.
Dose that mean like finding my web site??
http://scmug.azusalw.com/scmug/6100.swf
I can try port forwarding. I'm looking for a step by step
( I'll even make a flash file for the next newbee).
The link you referred me to did not have any info in it???
http://mirror.contribs.org/smeserver/contribs//mblotwijk/Contribs/httpd10080/
Do you know of any other links?
Thanks
Clark
Like this ?
(http://sgetty.ath.cx/16.jpg)
-
Yeah ... that last screen looks like your problem. It appears that it's currently configured to block everything. You could try the next setting up. I'm not sure what ports they consider to be high risk though. If you can manually configure portwarding, I'd do that. That's what I have to do with my SME behind my router. I just forward port 80 (internet side) to my SME server IP port 80. Try that. If that doesn't work, perhaps try some odd port number for the outside, and forward to port 80 on your SME. Post the port number here, and I'll test it for you.
Good luck!
Rob
-
perhaps try some odd port number for the outside, and forward to port 80 on your SME. Post the port number here, and I'll test it for you.
Rob
Sorry that won't work.
If you could post the output of ifconfig then we all would be able to better help
you, that's the first step to diagnosing network connection problems.
Without that info were just shooting in the dark, not enough information
to acurately help you.
-
cgetty
Hey....I just checked and it looks like your on the air.
So I guess it was a "Faulty Operator" and not port blocking as Charlie
had indicated.
Charlie is the man to listen to for sure.
BTW....nice site.
-
Sorry that won't work.
Actually, yes ... it will work! SME port forwards work quite well, and so do those of most routers. You can easily set a router to "listen" on one port (eg. 10080) and forward traffic to port 80 on a lan machine. I've done it! I had an ISP that blocked port 80 and used port 10080 to access the web server.
Indeed his problem wasn't port blocking as I had suspected, rather it was the modem (with built in router functionality) that was blocking the traffic. To view the ifconfig output would certainly assist identifying SME Server configuration issues, but his problem started before switching to SME! In any event, yes ... he's successfully up and running now!
Regards,
Rob
-
mackayr
Bear with me hear, lets say you that you are as green as green can be about networking, you have no idea what a PF is and for that matter what
an IP is. Now that's pretty green wouldn't you agree.
You just came to this forum for help and you read the following.
Sorry that won't work.
Actually, yes ... it will work! SME port forwards work quite well, and so do those of most routers. You can easily set a router to "listen" on one port (eg. 10080) and forward traffic to port 80 on a lan machine. I've done it! I had an ISP that blocked port 80 and used port 10080 to access the web server.
Indeed his problem wasn't port blocking as I had suspected, rather it was the modem (with built in router functionality) that was blocking the traffic. To view the ifconfig output would certainly assist identifying SME Server configuration issues, but his problem started before switching to SME! In any event, yes ... he's successfully up and running now!
Rob
Question is will it help or compound an existing situation?
Then I will let you ask yourself the second question....
Charlie....I'm learning teach.
-
Well I just re-read my own post above.....it sucks.
Surely doesn't read the way I intended.
Let's try this
Bear with me hear, lets say someone (newbie) is as green as green can be about
networking and that someone has no idea what a PF is and for that matter what an IP is.
Now that's pretty green wouldn't you agree.
That's a little better but no cigar...
mackayr
I wasn't speaking of you directly (meaning green) although that's the way it read and I'm sorry for that.
Open mouth insert foot.....works for me.
-
haha ... that's a bit better.
I certainly may not know what port forwarding is "for", but I sure know a way to use it. Since my (former) local ISP indeed engages in port blocking (follow the link on http://www.ualberta.ca/HELP/www/telus.html ), I used it to facilitate serving a web site from my SME box.
I set up a port forward on my router to redirect any inbound traffic to my external IP address (the unique four segment number representing my computer on the internet) on a given port (port 10080 in my case - it wasn't blocked) to my SME box, local IP address (192.168.X.X), port 80. And voila! My website was live on the internet, though users had to add ":10080" to the end of my domain name. Needless to say, I've since left this provider for a more expensive alternative that doesn't block ports, so this isn't an issue for me any more. Maybe port blocking is not common elsewhere, but it sure is prevalent in western Canada, since Telus is one of the two major high speed providers!
Regardless, thanks for the "softening" of your post, electroman. Much appreciated!
Rob