Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: mxc on August 25, 2006, 02:34:49 PM
-
Hi all,
we can ssh into the sme server box but we cant view the server-manager url. We just get a blank page. There are no obvios error messages in the http log files and we are at a bit of a loss where to look.
Has anyone got any ideas where to look?
Also it appears that the mail logs are not being written to mailog as expected but to the qmail current log file. Is this correct?
-
mxc
>.. we cant view the server-manager url. We just get a blank page.
Are you logging in as admin ?
-
Hi there,
Thanks for the reply. This is where we are at:
1) We can view the server-manager url if we login as admin from the console,
2) We are connected via VPN through an endian firewall,
3) While connected via VPN we are unable to ping the green network card on the firewall and unable to connect to any internet services. So although we have connected via VPN to the green network and can ssh into smeserver it seems sme server cannot see the firewall and therefore its gateway. I dont know if this is some weired VPN issue.
4) Sometimes from the machine connected via VPN we are able to see the sme admin panel from a browser but most of the time we are unable to see it from the vpn machine. We have enable access to the admin panel from the local green network.
We have used firewalls before but this is the first time we are trying sme server in the mix. It just doesnt make logical sense to me that we have a green network ip from the vpn and can ssh into the sme server but the sme server cant see the firewall. We are going out to the client tomorrow to see whats up. Any hints appreciated.
=============================
http://www.jumpingbean.co.za/linux/Small-Business-Server
http://www.jumpingbean.co.za/databases
http://www.jumpingbean.co.za/linux/firewalls[/url]
-
Have you used ssh for port forwarding before?
Try this:
$ ssh -l root -L 443:127.0.0.1:443 <yourSME>
(or C:\> putty -L 443:127.0.0.1:443 <yourSME>)
Then open your browser and try
https://localhost/server-manager
This will work as long as you are not already running a webserver on port 443 on your local workstation. If you are, use:
$ ssh -l root -L 8443:127.0.0.1:443 <yourSME>
followed by:
https://localhost:8443/server-manager
("8443" chosen at random as a TCP port that is likely to be unused by any service on your local workstation)
This gets you to the server-manager, but without solving your VPN problem...
Some More Questions:
- Is the SME in server-only mode, or server-gateway?
- If SME is server-gateway, are you accessing the LAN or WAN IP after establishing your VPN connection?
- If you are accessing the WAN IP, do you have "remote management" configured under "Remote access", or do you have the VPN network listed under "Local networks"?
- Have you tried putting another computer on the same network segment as the SME / endian so that you can test without wondering if the problem is SME related? (That is, does the endian VPN allow access to other hosts on the same network segment as the SME)?
-
Have you used ssh for port forwarding before?
Try this:
$ ssh -l root -L 443:127.0.0.1:443 <yourSME>
(or C:\> putty -L 443:127.0.0.1:443 <yourSME>)
Then open your browser and try
https://localhost/server-manager
This will work as long as you are not already running a webserver on port 443 on your local workstation. If you are, use:
$ ssh -l root -L 8443:127.0.0.1:443 <yourSME>
followed by:
https://localhost:8443/server-manager
("8443" chosen at random as a TCP port that is likely to be unused by any service on your local workstation)
This gets you to the server-manager, but without solving your VPN problem...
Isn't the /server-manager location actually a rewrite for port 980? Shouldn;t that one be opened as well?
-
This is the first I've heard of port 980...
I manage 5 - 10 SME servers remotely tunnelling only port 443 using ssh.
If you felt you did need another port, just add another "-L" command. You can add as many "-L" commands as you like, like this:
$ ssh -l root -L 443:127.0.0.1:443 -L 80:127.0.0.1:80 -L 980:127.0.0.1:980 <yourSME>
You can also use ssh/putty to tunnel ports to other systems on the same network as the SME server. I manage several systems on one network using a command like this:
$ ssh -l root -L 2443:192.168.1.2:443 -L 6443:192.168.1.6:443 -L 3397:192.168.1.97:3389 -L 3398:192.168.1.98:3389 -L 5917:192.168.1.17:5900 -L 2204:192.168.1.4:22 <mySMEbox>
Allowing me to:
https://localhost:2443 to access https://192.168.1.2
https://localhost:6443 to access https://192.168.1.6
rdp to localhost:3397 to connect to 192.168.1.97
rdp to localhost:3398 to connect to 192.168.1.98
vnc to localhost:5917 to connect to 192.168.1.17
WinSCP to localhost:2204 in order to transfer files to/from 192.168.1.4
-
This is the first I've heard of port 980...
From the /etc/httpd/conf/httpd.conf file:
ProxyPass /server-manager http://127.0.0.1:980/server-manager/
<Location /server-manager>
order deny,allow
deny from all
allow from 127.0.0.1 192.168.93.0/255.255.255.0
</Location>
And from the /etc/http/admin-conf/httpd.conf file:
Listen 127.0.0.1:980
But I see this is only on the localhost, so that is internal for the server and not for remote access (I guess).
-
Cool!
It turns out you can use the port 980 for http connections to server-manager:
$ ssh -l root -L 9800:127.0.0.1:980 <mySMEserver>
http://localhost:9800/server-manager
This would allow me to avoid the warning about my self-signed certificate and reduce the amount of data encryption from twice to once (potentially useful with a slow server or workstation)!