Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: MrGeezer on May 04, 2006, 09:24:53 PM

Title: Newbie question - safe to trust a remote IP?
Post by: MrGeezer on May 04, 2006, 09:24:53 PM

Hi all - wonder if anyone can help a first time server admin...

I've had SME 7 up and running for a week or so now, and succeeded in getting my mailserver and local filesharing sorted, with SME playing as "server only", providing no DHCP or NAT functions but sitting behind my DSL router. So far so good. But I've been having all kinds of problems getting my VPN access working. Part of the problem is that to test it, I need to go to work - only I only go there once a day, and if it don't work then I can't alter anything till I get home.

So while I'm figuring it all out, I was wondering if I could just add my work's fixed IP to the local networks (with a subnet of 255.255.255.255 and my router's IP) so that I could access the I-bays and IMAP server. Would this be a safe practise? I already have my router set to forward ports 25, 80 & 443, and I would also allow 143 for IMAP. What port would I have to forward to get to browse the i-bays?

Thanks in advance for any thoughts...

Title: Newbie question - safe to trust a remote IP?
Post by: gizzmo2k1 on May 04, 2006, 11:03:14 PM

Why don't you use SSH (Port 22) so you can access the SME box.  I would, however, change the port number to something other than 22.

Title: Newbie question - safe to trust a remote IP?
Post by: pfloor on May 05, 2006, 03:36:58 AM

Part of the problem is that to test it, I need to go to work - only I only go there once a day, and if it don't work then I can't alter anything till I get home.

You can establish a vpn connection to the server on the local network at home.  Test and get it working there first then try to go external.

I already have my router set to forward ports 25, 80 & 443, and I would also allow 143 for IMAP. What port would I have to forward to get to browse the i-bays?

You don't need any of those ports forwarded to make a vpn work.  You need to forward tcp port 1723 (and GRE if you router has that option) for the vpn connection and then you will be on the local network from work and have access to all local services from your work without forwarding or opening any other ports.  If you don't use those other services to the external world, then don't forward the ports.

If you forward port 1723 and it still doesn't work then make sure your DSL router supports vpn passthrough.  If it does not, then you will need to get another router.