Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: robw on August 24, 2006, 08:06:58 AM
-
Hi Guys,
I did have an earlier version of this issue posted under "Port Forwarding Issues", but it was getting more and more off topic and it is now unlikely to be port forwarding issues. Hense, I have decided to start a new post with a new topic.
I have been chasing this issue now for a while but can't seem to nab it. We have an SME 7.0 server sitting behind a firewall. We used to have an SME 5 server that worked fine so I know the DNS side of things is working. We have just replaced the router/firewall with a snapgear one and have confirmed that port forwarding for ports 25 and 443 is correct.
My problem? When we try to connect to https://server_external_ip/webmail from within the network, it connects instantly. This is the address that port forwarding is hitting. However, when we try hitting https://our_external_static_ip/webmail, it will, on rare occasions, connect unreliably but usually not. We are also getting reports of email not arriving and being rejected.
The server is setup as server/gateway with an internal IP of 192.168.x.253 and an external IP of 192.168.x.254. We can send and receive mail locally and can send to anywhere but receiving from the internet can take from 1 minute to about 5 hours (or, in some cases, it never arrives).
It should also be noted that these problems started when I replaced our 5.x server with the 7.0 so I really think it's something to do with my setup of the SME and not router or DNS issues.
The comms guy who installed the new router asked how the server's external NIC knows what the default gateway is and I must say that I couldn't answer him. If I do an ifconfig on the console, it doesn't show one and there was nowhere to set it in the config.
At this stage we are really getting desparate as email is now officially unreliable so any and all suggestions would be very much appreciated.
Thanks,
Rob
-
I am assuming that you have 2 NICS and the server is in server/gateway mode.
First of all, you should put your internal and external IP's on completly different subnets. Change the external to 10.0.0.2 and change the router to 10.0.0.1 and forward ports to 10.0.0.2.
Second, you might want to change the internal IP to 192.168.x.1 because VPN connections start using addresses from the top down and if you use (or will use) VPN connections, they might interfere.
Just log in as admin (not root) and pick "Configure this server" and go through and re-configure everything. You can also input the default gateway if needed in one of the screens.
I have set up many servers this way without any problems.
-
The server is setup as server/gateway with an internal IP of 192.168.x.253 and an external IP of 192.168.x.254.
That's an invalid configuration. Internal and External IPs must be on different networks.
The comms guy who installed the new router asked how the server's external NIC knows what the default gateway is ...
It knows it via DHCP if you configure it that way, or by the gatewayIP entered at the console if it is in static configuration.
-
Thanks heaps for the replies Guys.
I have another couple of questions in light of what you have said... If I were to change the server mode to Server Only (as we really don't use the gateway part), would I still be able to forward port 443 to it and use webmail from the internet?
Also, I assume that in server only mode, it will still send and receive email on port 25 if that's forwarded to it. Is this correct?
We only use it to send/receive email, host file services, be a webmail host and in the future we plan to use it to provide a company LDAP directory (within the LAN or associated VPNs only). Is server only a better option for what we're using it for?
-
I have another couple of questions in light of what you have said... If I were to change the server mode to Server Only (as we really don't use the gateway part), would I still be able to forward port 443 to it and use webmail from the internet?
Yes.
Also, I assume that in server only mode, it will still send and receive email on port 25 if that's forwarded to it. Is this correct?
Yes.
We only use it to send/receive email, host file services, be a webmail host and in the future we plan to use it to provide a company LDAP directory (within the LAN or associated VPNs only). Is server only a better option for what we're using it for?
If you're using the router as a gateway for the lan, there is no reason to keep SME in server&gateway mode. Server only mode is what you need.
-
Guys, thanks heaps for the replies. I have reconfigured as server only and will post soon to confirm how it went.
-
We've now been running for a few days and all is back to normal. Many thanks for the very timely and accurate responses to this post.
-
We've now been running for a few days and all is back to normal. Many thanks for the very timely and accurate responses to this post.
Please show your gratitude by pledging funds for development of new versions of SME server software, or to assist the running of this website.
-
I 've just configured SME server 7.0. Iam able to send and receive mail within my LAN.
Iam also able to send out onto the net. However, I can not receive any mail from outside. I am behind a router so i dont think i need to go server/gateway mode.
help, situation is desperate