Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: WACOMalt on March 02, 2006, 03:20:52 AM
-
ok, I have a pretty long, but probably easy to fix, problem. I got a temporary domain, http://wacomalt.no-ip.org which points to the external IP or my server, which will work for you, but not me. Now I can type in the internal IP of my server, and it will work (192.168.1.xx), but the external one will not. Not if Im inside my network.
now, where do I look to try and fix that? I was told by another forum to do the following Okay basic idea:
1. Forward no-ip.org domain to your external IP
2. Forward web page request from the external request on port 80 to Apache running on local IP (127.0.0.1 likely)
If you have a router, you will need to configure the port routing. See your rotuer's docs for more info.
now with that can you guys point me exactly what to try? my router is just like any router, so I know how to open ports and add virtual servers and stuff.
thanks in advance, this is the last problem before I can finish and go public.
-
Im not sure if you can do that. I think its called spoofing and is normally blocked by any kind of server/router with half a brain. Other than testing external connection to your website why wouldnt you just use the internal ip?
-
well, when I set up the domain for the forum, it will use that for everything, even if I access it via the internal IP address. so if I wanted to moderate my forum, Id have to leave my house...
or use a proxy to access the internet I suppose
-
I have been running phpbb for years on a SME server/gateway and never had any of the problems you are posting about. What EXACTLY is your network configuration?
Paul
-
Do you have the server in gateway/server mode?
Now I can type in the internal IP of my server, and it will work (192.168.1.xx), but the external one will not. Not if Im inside my network.
Are you trying to access the IP address or the Domain name?
If your accessing the Domain name then the behaviour your seening is expected.
When you send a request from your internal network to your web server, the DNS on the server will resolve that address to the local internal IP address.
When you set up the domain on the SME server, you shouldn't be giving it an IP address. The DNS lookup on the internet will need that link between domain name and external IP.
-
Ther SME server is in server only mode, is this the problem?
My Network Configuration is as follows
Cable Modem
|
HUB
/ | \
My PC Server another PC
The Hub is configured as follows:
I have it set so that all traffic for the external IP of the network, is sent to my server's internal IP, so outside traffic to the Ip > Hub > Directed to server
If anyone can talk to me in an instant messenger or email I will give out more information. My hub is a pretty old one, but I know it supports what needs to be done, just the names for everything is weird, for example, port forewarding is called something else.. so its hard to find my way.
basically the onlything I need, is to be able to access my site, via http://www.wacomalt.com (my new domain name) from anywhere. right now it only works outside of my network. Inside, a blank page comes up. it doesnt time out or anything, just a blank page.
-
Are you trying to access the IP address or the Domain name?
If your accessing the Domain name then the behaviour your seening is expected.
depends which IP you are talking about. inside my network, if I type 192.168.1.76 it works, outside I have to type 71.67.137.222 for the IP
inside, I can also type http://wacomalt01, outside I can type www.wacomalt.com
can someone please talk to me on an instant messenger?
my names are:
AIM: WACOMalt
YIM: WACOMalt
MSN: guru9898@woh.rr.com
Email: guru9898@woh.rr.com
heck, if you PM me Ill give my phone number, I really need help with this, detailed help.
thanks though for all who are trying to help me already
-
Ther SME server is in server only mode, is this the problem?
My Network Configuration is as follows
Cable Modem
|
HUB
/ | \
My PC Server another PC
The Hub is configured as follows:
I have it set so that all traffic for the external IP of the network, is sent to my server's internal IP, so outside traffic to the Ip > Hub > Directed to server
If anyone can talk to me in an instant messenger or email I will give out more information. My hub is a pretty old one, but I know it supports what needs to be done, just the names for everything is weird, for example, port forewarding is called something else.. so its hard to find my way.
basically the onlything I need, is to be able to access my site, via http://www.wacomalt.com (my new domain name) from anywhere. right now it only works outside of my network. Inside, a blank page comes up. it doesnt time out or anything, just a blank page.
SHUT THE WHOLE THING DOWN RIGHT NOW!!!
You are exposing your server in server-only mode to the entire world. This is not how it is entended to be set up.
Does you server have 2 nics in the server or do you own a router (or is what you are calling a hub really a router)?
Your problems are most likely due to the way you have it set up. Here are 2 ways to go about it correctly:
Cable Modem
|
SME Server (with 2 nics and in Server-Gateway mode)
/ | \
PC#1 PC#2 PC#3
OR
Cable Modem
|
Router-Firewall
/ | \
PC#1 PC#2 SME Server (with 1 nic and in Server-Only mode)
In the second example, you must forward port 80 (and whatever other ports required) on the router to your SME server.
In either case, turn on the DHCP server in the Server and off on everything else.
Paul
-
Ok, wow I feel like a moron, I made TWO mistakes, the second is much larger. First off, on my network I showed, it IS a gateway/firewall, not a Hub. And the big mistake, which makes this whole topic useless, is that I went into the configuration setting on my server, so see what I could have messed up, and the domain name was set to wacomalt.local
so I changed that to wacomalt.com, and lo and behold, I can get to my wacomalt.com ANYWHERE.
thank you all for the help, it at least got me to where I needed to go to find that mistake.
-
actually, now another question, can I have one of you see if my server is safe?
obviously ne of you realised something was unsecure, so if theres any way for you guys to try to "hack" my site.. please do
... dont actually hakc it, just see if its possible please.
-
I am reopening this thread as I am having a rehash of a similar problem (I think).
Since my last posts, I have moved, and with that so has my server. First let me give you a new diagram of my network setup:
INTERNET
|
WIFI Router--->(wireless) ----> [Windows and OSX computers]
|
V
(wired)
|
V
[ SME SERVER (server-only mode) ]
OK, this is at an apartment. As you can see, we have a wireless network set up with out wireless router.
The SME server is directly wired to the Router.
Connecting wirelessly, we have a Macbook pro (with OSX and a bootcamped windows XP installation) we have another Macbook pro set up the exact same way. then we have my MAIN DESKTOP PC, which is running windows XP 64 bit edition.
the server is set up to use the Workgroup "HOME" and it does have access to the internet. Outside traffic as well as inside traffic can view my webpage at www.wacomalt.com. However, only the OSX machines can see the server in the network as far as file sharing goes.
I could manage over my OSX laptop, but all of my resources for the site are on my MAIN DESKTOP PC
I hope this explains my issue enough. I can give any extra info needed.
I searched the forums and couldn't find this issue.
-
the server is set up to use the Workgroup "HOME"
What is the workgroup name on xp?
I had problems with lan on my xp computer and it happened because windows was set on mshome and SME was set on workgroup.
-
the server is set up to use the Workgroup "HOME"
What is the workgroup name on xp?
I had problems with lan on my xp computer and it happened because windows was set on mshome and SME was set on workgroup.
The workgroup on my XP desktop is also "HOME"
-
I have sometimes found that even if you set XP to exactly the correct setting it still does not work. My solution which always work 4 me is to run the network setup wizard. It sounds stupid but it really works. After you re-boot you will probably find it magically connects.
-
You're problem is going to be with your DESKTOP as everything is setup fine. So, you need to be looking in that direction.
since this isn't a sme problem, you're not going to get much response.
don't forget the shutoff your firewall on the DESKTOP. It may be blocking all communication to other pc's.
-
I Agree with Khrum, it's probably your winblows firewall.
Also, I hope you are only port forwarding the ports you need to your SME server from the WiFi Router? (80 & 443)
As Pfloor told you before, you shouldn't EVER just forward everything to an SME in Server-Only Mode.
-
My windows firewall is turned off, and yes, all of the port forwarding (only the ports used for specific services) are being forwarded by my wifi router.
Anyways, I found the issue was with my DHCP settings. I turned DHCP serving off on my router, and on on my server. it was the other way around.
now the only issue is incoming traffic cannot see my website. I have port 80 forwarded to my server, but no go. I was looking in the config settings on SME, and wondered: right now, the gateway IP address is set to 192.168.1.1, which is how I connect to my router (or the gateway in this case... right)
but then, on my router's configuration page, it lists the gateway IP address as something else (and is is able to be inputed by the user as something else)
my router is set to a static IP, which rather than getting the IP settings from the ISP, lets you type stuff in.
anyways, should SME be using THAT gateway IP address?
-
No your SME's Default Gateway should be your router.
Your routers default gateway will be at your ISP.
If you can get on the net, then your routers DG is correct.
OK, Network troubleshooting goes like this.
Step1 - Check LAN
How to test : Ping your router from your SME Server.
[root@aquarius ~]# ping -c4 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.720 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.240 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.223 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.199 ms
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.199/0.345/0.720/0.217 ms, pipe 2
[root@aquarius ~]#
Step2 - Check Routing
How to Test : Ping a known working IP address that is Off-LAN e.g. ping 216.239.59.103 (That's google.com)
[root@aquarius ~]# ping -c4 216.239.59.103
PING 216.239.59.103 (216.239.59.103) 56(84) bytes of data.
64 bytes from 216.239.59.103: icmp_seq=0 ttl=247 time=30.9 ms
64 bytes from 216.239.59.103: icmp_seq=1 ttl=247 time=34.9 ms
64 bytes from 216.239.59.103: icmp_seq=2 ttl=247 time=31.9 ms
64 bytes from 216.239.59.103: icmp_seq=3 ttl=247 time=33.3 ms
--- 216.239.59.103 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 30.916/32.796/34.961/1.534 ms, pipe 2
[root@aquarius ~]#
Step3 - Check DNS
How to Test : On your server, do dig www.google.com
[root@aquarius ~]# dig www.google.com
; <<>> DiG 9.2.4 <<>> www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14879
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 524500 IN CNAME www.l.google.com.
www.l.google.com. 300 IN A 216.239.59.104
www.l.google.com. 300 IN A 216.239.59.103
www.l.google.com. 300 IN A 216.239.59.147
www.l.google.com. 300 IN A 216.239.59.99
;; Query time: 318 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Feb 14 19:43:19 2007
;; MSG SIZE rcvd: 116
[root@aquarius ~]#
If the above three work then there is no problem with the setup on your internal network.
Next you need to troubleshoot your incoming connection.
Step 1 - Verify your Public IP Address
Go to http://www.whatismyip.com
Step 2 - Verify your Public DNS records.
Go to http://www.dnsstuff.com
Scroll down and put your FQDN into the DNS Lookup Tool.
If the IP address that is being resolved does not match your public IP address then your DNS setup needs fixing.
Test the above, then come back if you still aren't getting anywhere.
-
Assuming that your LAN tests Ok and your DNS Records are OK then your firewall isn't configured correctly:
[root@aquarius ~]# dig www.wacomalt.com
; <<>> DiG 9.2.4 <<>> www.wacomalt.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54854
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.wacomalt.com. IN A
;; ANSWER SECTION:
www.wacomalt.com. 1776 IN A 68.202.60.164
;; Query time: 13 msec
;; SERVER: 192.168.30.1#53(192.168.30.1)
;; WHEN: Wed Feb 14 20:03:45 2007
;; MSG SIZE rcvd: 50
[root@aquarius ~]# nmap 68.202.60.164
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2007-02-14 20:04 GMT
All 1660 scanned ports on 164-60.202-68.tampabay.res.rr.com (68.202.60.164) are: filtered
Nmap run completed -- 1 IP address (1 host up) scanned in 243.889 seconds
[root@aquarius ~]#
-
wll all of the server side tests went propperly, there were a couple fails on the DNS test though. My external IP is configured correctly with my DNS settings.
http://www.dnsstuff.com/tools/dnsreport.ch?domain=wacomalt.com
what should I check on my firewall? I have the propper ports forwarded... but just to check.. could someone list all the ports that should be forwarded?
-
Please see my previous post.
If your public IP address truly is 68.202.60.164, then your firewall is incorrectly configured and is not forwarding the ports to your server properly.
Either that or your ISP is blocking you.
For a standard Website you should have only TCP Port 80 forwarded to your Server.
TCP Port 443 is also required if you have secure pages (i.e. https://)
-
is there any way I can check if my ISP is blocking me? all of the ports are correct, I have triple checked that. However this is the exact same ISP and exact same connection I had last time the server was working.
-
Try Opening TCP Port 5800 (That's usually used for VNC) and forward it to your servers port 80.
Your ISP Definitely shouldn't be blocking that.
I'll check from here once you've done that
-
Try Opening TCP Port 5800 (That's usually used for VNC) and forward it to your servers port 80.
Your ISP Definitely shouldn't be blocking that.
I'll check from here once you've done that
hmm. I actually have VNC setup on my windows PC, but I will try this anyways.
um.. how do I make it take 5800 and go to 80? would that be starting port of 5800 then ending port of 80?
wait.. should all of this be under port "triggering" rather than forwarding?
-
hmm. I actually have VNC setup on my windows PC, but I will try this anyways.
That doesn't matter, your PC doesn't come into the equation in this instance.
um.. how do I make it take 5800 and go to 80? would that be starting port of 5800 then ending port of 80?
It sounds like you need to do some reading of your Firewalls manual..
You are forwarding External Source port TCP 5800 (ANY IP) to Inside Destination TCP Port 80 (SME Server Internal IP - i.e. 192.168.whatever)
wait.. should all of this be under port "triggering" rather than forwarding?
Port triggering sounds like setup you'd need to run non-passive FTP and the like - if you are running a web server, don't worry about it.
I have come across Broadband routers that have separate sections for Port Forwarding and Firewalling, so if yours is like that, then you may have to open the firewall port AS WELL AS doing the port forwarding.