Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: stocky on February 19, 2006, 01:09:12 AM
-
Hi all,
I have just setup my first SME7 box after using SME6 for a while with good success. SME6 has just started to be a bit flaky recently with me having issues with a few crashes, broken webmail, AV & Spam filter issues etc after the last round of YUM updates.
So far I have been impressed with the improvements in SME7, but have now run into a *minor* problem that has me stumped.
I am using SME 7pre3 as a server gateway and have setup the relevant port forwarding for the services I need to access from the net for my SBS 2003 server.
My current setup is:
(for testing only, MYLAN will be replaced with router later)
MY LAN (10.0.0.1)--------Rest of my network here as well
|
|
|
Remote LAN (10.0.0.26)
SME BOX
Local LAN (192.169.101.1)
|
|
|
Remote Lan (192.168.101.2)
SBS 2003 Svr
Local LAN (192.168.201.2)
|
|
|
Rest of SBS network
Now I also have ANOTHER SBS box on MY LAN and I can VPN that from any of the other machines on MY LAN, so I know I have the clients set correctly ( If I turn of the forwarding of Port 1723 I can VPN the SME box as well). The problem is I can access all the services I want on the SBS 2003 box behind the SME box EXCEPT VPN. When I check the logs on the SBS box it says its a GRE issue (eg the GRE is being blocked by the SME Box).
I am assuming I need to make changes to the SME firewall to allow GRE protocol thru. Can anyone tell me a simple (eg newbie) way to do this, or point me in the correct direction if I am missing something here?
I have looked around hoping to find a contrib that puts in a "firewall config panel" without any luck..has anyone attempted such a thing or is it simply not possible?
Thanks in advance all!
Stocky
-
surely this is possible....
I have searched the forums and found some info that seems to be more router related, but mine is definately the SME box that is the issue, but i just dont know what to do with configuring the firewall.
anyone???
pleez........
:roll:
-
ok, so I am getting used to the search facility now...
Found this "script" that is said to solve the problem on SME6
First time i read the post, i read on to far and thought it WASNT what i was looking for :-(
1) is it safe to try on SME7?
2) what do i do with it? make it into a file with pico? what type of file(blah.sh?)? where do i put it?(root?) how do I run it? (sh blah.sh??)
sorry all for being so hopeless at this......
I guess i replace vpnserver="192.168.10.2" with my MS box's external LAN IP (192.168.101.2)?
and RED_DEV="ppp0" i change to eth1 or eth0 (i will have to check which one is the SME external, sorry havent got that far yet)?? or the SME box external ip? I guess RED_DEV can be something else more descriptive to me? (eg internet or router or whatever?)
vpnserver="192.168.10.2"
RED_DEV="ppp0"
/sbin/iptables -N pptp
/sbin/iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT
/sbin/iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT
/sbin/iptables -I FORWARD -j pptp
/sbin/iptables -t nat -N pptp
/sbin/iptables -t nat -A pptp -i $RED_DEV -p tcp --dport 1723 -j DNAT --to vpnserver:1723
/sbin/iptables -t nat -A pptp -i $RED_DEV -p 47 -j DNAT --to $vpnserver
/sbin/iptables -t nat -A PREROUTING -j pptp
-
Firstly...I am not grumpy..just frustrated
Ok guys....I am really trying my hardest here and not getting ANY help.
I have gone with the script above, which I had to work out how to do on my own as NOBODY replied with even answers to my simple questions.
The result is still not being able to get my internet to M$ VPN working
if I run the IPTABLES command for pptp i get: ( see i have been learning on my own )
[root@mserver ~]# iptables -L pptp
Chain pptp (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere pc-00002.<domain.com> tcp dpt:1723
ACCEPT gre -- anywhere pc-00002.<domainr.com>
which sort of seems right i would have thought...but no luck.
the RASMAN message in event viewer on the M$ box says the connection has been established but cant be completed as most likely the GRE is not gettign thru.
So i need some more commands to allow it back the other way?
Help Please! :cry:
-
ok ok ok...so I am stupid...you can all stop laughing at me now....
I looked at the result of the iptables command and wondered why the 4 refereneces....
then in frustration i rebooted the SME box and tried the command again...NO RESULTS! ARRGGHHHHHH - where did all my settings go?!?!?!
so I ran my script again (this time with eth1 instead of the ppp0) and tried the iptables list command again. Result = 1 reference!
Then i tried the VPN it it WORKED
WOOT WOOT :pint: :pint: /0/ \0\ \0/
BUT....why did my changes to iptables get lost when i rebooted the SME box? How do I make them stay put? what have i not done?
I'm on the home stretch guys.....thansk for putting up with me :-)
-
ok..i scrapped my script and instead entered those lines into my /etc/rc.local
right at this point i dont really care if thats not the 100% correct way to do it as no-one has bothered to help me.
This is a great community, with lots of helpful information for a fantastic product, but linux will NEVER gain full acceptance if the community wont help those of us *trying* to find a better way and learn. In school you ask questions to learn...it seems with linux you ask questions, dont get answers, and beat your head against the wall until you fix it yourself....
Thank you to those of you from who's posts i have gleaned bits and peices of info, your help was appriciated :-)
Sorry for my rant......just EXTREMELY frustrated.... :-x