Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: william_syd on September 25, 2006, 01:00:38 PM

Title: Server Manager - Remote Access and Local Networks.
Post by: william_syd on September 25, 2006, 01:00:38 PM

I'm getting myself confused between Remote access anf Local networks.

Setup:

SME - Server Only mode IP 192.168.2.9
Desktop - IP 192.168.1.135

The connection between them is a firewall/NAT device.

Example 1:

I've installed a new service on SME that uses TCP and UDP port 4000.

Assuming the firewall is configured correctly, how do I give access to the 'new' service from the Desktop?

Example 2:

How do I give the Desktop SSH access to the SME ?


Going by the docs and my experiences I think I know how it works but would like to hear from the 'gurus' out there. Plus your replies will lead to more questions.

Title: Server Manager - Remote Access and Local Networks.
Post by: mmccarn on September 30, 2006, 06:00:06 PM

I've started thinking of "local networks" as "trusted networks", since this seems to be a better description of the purpose they serve.  They seem to deal entirely with trust issues and not at all with routing issues.

Having said that, is the "NAT Device" translating traffic between the Desktop and the SME?  That is, is the Desktop traffic arriving at the SME with a 192.168.2.x IP address, or with a 192.168.1.x IP address?

Example 1 (Custom service on port 4000): I assume you are unable to access the new software at port 4000 (or you wouldn't be asking)...

- Can you get to it if you move "Desktop" physically onto the 192.168.2.x network?
- Does the service appear to be "LISTENING" if you run

netstat -an | grep :4000 on the SME server, and if so, on what IP address?[/list]
I'd start by making a port-forwarding rule forwarding from port 4000 to localhost port 4000 and see what happens.  You may also need to add 192.168.1.x to "local networks"...

Example 2 (ssh access from Desktop):

Under Security / Remote Access (in server-manager), change:

- "Secure shell access" to "Allow access only from local networks"
- "Allow administrative command line access over secure shell" to "yes"
- "Allow secure shell access using standard passwords" to "yes"

I've seen repeated discussions deprecating root password login via ssh, and promoting ssh public private keys (http://no.longer.valid/phpwiki/index.php/SSH%20Public-Private%20Keys) instead.[/list]
If your router is NATing traffic from Desktop, you're done; otherwise, add 192.168.1.x to your "local networks"