Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: dallas on July 15, 2006, 01:12:31 PM
-
Hi,
I have upgraded to SME 7.0 via the forklift method. While I can browse web pages, I'm unable to ping internet hosts and I cannot connect to FireFly or my Domino server, which is outside my network on the web, from my PC on my internal network. It looks like outgoing traffic is being blocked.
How do I allow outgoing connections to be estabished as happens in SME 5.6? In the meantime I have reverted to the old (5.6) server.
Dallas
-
I have upgraded to SME 7.0 via the forklift method.
I have no idea what that is.
How do I allow outgoing connections to be estabished as happens in SME 5.6?
Outgoing connections are allowed by default, as before.
My guess is that the default route on your client PCs isn't correct. Did you set up the new server with a different local address than your old server?
-
Sorry Charlie,
forklift upgrade = complete hardware replacement.
This is what I did.
1. I built a new SME70 and put it on my network with a temporary IP address and with DHCP disabled.
2. I manually copied all my port openings and port forwardings to the new server
3. I created the users on the new server
4. I used imapcopy to copy email folders.
5. Shutdown old (SME56) server.
6. I started new server and change it's IP address and enabled DHCP then
rebooted
7. On the local lan pc I did ipconfig /release, ipconfig /renew, ipconfig /flushdns.
At this point the local lan pc can browse the internet, and resolve host names. ie ping telstra.com returns the IP address but times out. The same command on the SME70 console get ping responses.
On the SME70, could the original (temporary) IP address I use on the lan side be stored somewhere and be causing my problem?
Dallas
-
If you can see the Internet from the server but still can't see anything from your workstations you might want to try disabling one or both of the proxy servers under "Security" "Proxy settings" - perhaps one of these is causing problems for you.
-
Well... I haven't done anything other than I shut the SME70 machine down (and power it down) last night and booted it up today and it is now working ???
Sorry for the unnecessary question. :-)
Dallas
-
Spoke too soon. It appears that port opening isn't opening the ports at all. :-(
Time for a new search. (I've seen a few post on this.)
Dallas
-
I believe the "port opening" panel in server-manager only applies to in-bound traffic in a SME box setup as a server-gateway system - traffic from addresses on the WAN interface intended for addresses on the LAN interface. I've never had any trouble opening ports on SME 7 alpha 8 through 7.0 Final...
I *have* had some odd DNS behavior, where "ping telstra.com" would return the WAN address of my SME server (probably due to some idiosyncracy of DynDNS...). Every now & then I need to add a trailing "." to the host address I'm trying to reach: "ping telstra.com."
I haven't seen any restrictions on *outbound* traffic except for the HTTP and SMTP traffic that is intercepted by default by the proxy servers.
You may want to use "config show InternalInterface", "config show ExternalInterface", "config show dhcpd" to do a sanity check on what's actually in the configuration database. I've never seen it, but perhaps something has gotten confused during your IP change...
If you haven't done it at some point, be sure to do a "signal-event post-upgrade" and "signal-event reboot" to make sure all the appropriate config files get re-generated...
-
mmccarn
I've tried the examples in the doco... (from the FAQ)
http://no.longer.valid/phpwiki/index.php/SME7FAQs#Firewallx2f.Portx20.Fowardingx2c.Openingx2c.Blocking
config set myservice service UDPPort 4571 access public status enabled
But this only opens the WAN port the to the SME server and does not allow traffic to pass to PCs on the LAN
I've had no success with the swerts-knudsen portopening contrib. I see errors in the log when it tries to modify iptable.
Dallas
-
But this only opens the WAN port the to the SME server and does not allow traffic to pass to PCs on the LAN
I think you may be wanting to Port Forward not Port Open if you want the port to point to a local PC.
Regards,
Tib.
-
I think you may be wanting to Port Forward not Port Open if you want the port to point to a local PC.
No. I want to open a port - in my case 4571 to allow firefly to work from any PC on the LAN. In SME 5.6 there was a contrib and this worked fine. (I port forward port 4569 to my Asterisk box.) I found a custom template and modified it to do what I wanted.
Dallas
-
dallas
Are you using firefly or cubix ... if it's cubix to connect to asterisk then you don't have to open any ports as far as I know.
I have tried out over ten different softphones as well as cubix(firefly) and I didn't have to open or port forward any ports.
The main 2 I stayed with are X-Lite and IDEFisk ... I found these 2 to be the most reliable.
Regards,
Tib
-
Tib
I use the firefly softphone (actually it's Virbiage Soft Phone) to connect to the freshtel network. In my Asterisk box I have freshtel trunks so I can call in from anywhere (via the freshtel network) and use DISA. It worked well when I was overseas recently.
You may be correct about port opening because the firefly clients register to freshtel using the outgoing port set in the softphone config and so return responses (including incoming calls) should make it to the softphone without any special firewall rules. I'll try removing the port forwarding I've set up and see what happens.
Thanks for your comments.
Dallas
-
I will probably be doing a hardware & software up-grade from 5.6 to 7 in the next couple of months and would be VERY interested in a detailed 'how to'.
Is there such an animal in the wild?
-
Henry
My upgrade was an upgrade in name only. I replaced the hardware and did a clean install of 7.0. Since there was only a few users I just created them on the 7.0 system and used imapcopy to copy their mail files. (There are instructions in another post on how to use it - it's quite simple.) I had no ibays, contribs or anything else to worry about and apart from the problems mentioned above everything went well. I've now sorted everything and the system is running well.
Dallas