Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: Ted on September 26, 2006, 01:49:59 AM
-
My current system has my SME v7.0 server (currently in Server Only mode) attaching to a Linksys Router (Befsx41) which also connects to my home network.
CableModem
|
LinksysRouter
| \__SME v7.0
Network
Several questions.
1) If I reconfigure things to remove the Linksys, is the firewall built into SME as or more secure then the Linksys?
2) Is it easy to configure?
3) Will Ez-ipupdate work behind a router (my domains are hosted by EasyDNS)?
4) Will DansGardian work from behind a router?
Thanks
Ted
-
1) If I reconfigure things to remove the Linksys, is the firewall built into SME as or more secure then the Linksys?
It is just as good. they are both using Iptables.
What is different are the rules. I haven't heard any failures of the firewall (the default rules) in sme yet. If some package changes the rules, then you are on your own...
2) Is it easy to configure?
Yes. There is nothing to configure. You use it as is.
3) Will Ez-ipupdate work behind a router (my domains are hosted by EasyDNS)?
Why not let the linksys router do it.
dd-wrt.com has good firmware for the wrt54gs that do ddns
4) Will DansGardian work from behind a router?
The problem isn't if dansguardian will work from behind a router,
it's how are you going to get your workstation to use dansguardian.
something has to direct traffic to the sme box/dansguardian.
ed
-
Thanks for your reply, I'll probably keep my Linksys where it is and keep my server as "Server Only". As for letting my linksys update to EasyDNS... Well it is setup by the factory to work with TZO and DynDNS.org not EasyDNS. I did a QUICK look over the website you mentioned and it looks to be pretty much dedicated to one of the Wireless models. Don't see that helping me. Maybe I did not look deep enough.
So, will EZ-Ipupdate work and update my IP when the server it is installed on is behind a Linksys firewall?
Thanks
Ted
-
Ted
So, will EZ-Ipupdate work and update my IP when the server it is installed on is behind a Linksys firewall?
Nope. Which is a good reason to go to server-gateway mode and have SME Server act as your edge device. EZ-Ipupdate frequently asks its local server (SME) what its external interface's IP address is and then if it has changed connects to EasyDNS and lets EasyDNS know. If you run it in server-only mode behind a firewall, it will tell EasyDNS the address of the local NIC on the SME box -- which is NOT what you want.
John
p.s. Some on this list will tell you that SME Server is a better security device than the Linksys router because SME7 uses a more recent kernel. Also, you can get better email spam filtering with a direct connection, assuming you are hosting a mail service. (Search this forum for more details.)
-
Nope. Which is a good reason to go to server-gateway mode and have SME Server act as your edge device. EZ-Ipupdate frequently asks its local server (SME) what its external interface's IP address is and then if it has changed connects to EasyDNS and lets EasyDNS know. If you run it in server-only mode behind a firewall, it will tell EasyDNS the address of the local NIC on the SME box -- which is NOT what you want.
John
p.s. Some on this list will tell you that SME Server is a better security device than the Linksys router because SME7 uses a more recent kernel. Also, you can get better email spam filtering with a direct connection, assuming you are hosting a mail service. (Search this forum for more details.)
Thursday night I tried switching my server from "Server Only" to "Server & Gateway". Mind you it was late and I only took a WAG at it, but no-joy.
I connected the output from my cable modem (normaly it goes into the wan port on my Linksys) to my server, reconfigured my server to "Server & Gateway", walked through the reconfigure menu, rebooted and, after coming up, my server reported that it was unable to conect to Contribs. I took this to be a bad sign. Went through the reconfigure menu again and could not find where I went wrong. Rebooted again, no-joy. Reconfigured as "Server Only", rebooted and switched the required network wires around and "Server Only" connected to Contribs right away, and all was happy.
I am missing somthing on that setup. I just don't know what.
Maybe I'll try seting up my test box as sme 7.0 and after the family goes to bed (hence will not know that emails are not showing up and the internet is down) and have a try with it. That way I don't screw up my household server.
Ted
-
Many Cable ISPs keepp DHCP cache for 6-8 hours.
In this case you could leave the both cable-modem and router off overnight and try in the morning connect cable-modem with SME as Server-gateway.
Pay attention which SME interface is your LAN and WAN.
-
Many Cable ISPs keepp DHCP cache for 6-8 hours.
In this case you could leave the both cable-modem and router off overnight and try in the morning connect cable-modem with SME as Server-gateway.
Pay attention which SME interface is your LAN and WAN.
Pardon my ignorance, but I am trying to understand what you are saying (I am a computer and phone tech at work, but only do basic networking). You think that Comcast is caching the IP address that they give me or the Mac address that my Linksys is reporting to them? In fact the dynamic IP I get from Comcast stays the same for 6 months to a year between changes (might as well be static but they will not give those out, not even if you get their "Business Class Internet, I asked). My main worry is that they will change it on me some time when I am on vacation or away for training. That would not go over well with my wife.
If that is the case how do you tell SME in Server & Gateway mode to use w.x.y.z on the wan side and 192.168.x.x on the network side?
I did pay close attention to the lan/wan distinction.
Thanks
Ted
-
Ted,
A few things to consider...
Are you using DHCP or PPPoE? I know I once left the setting to one when my ISP connection demanded the other. (My face was very red. :oops: )
On some modems, the mac address is held for a few minutes after loss of power. The next time you try, you might power down the modem and leave it powered off while you reconfigure the SME box and reconfigure the cables. That should give enough time for the modem to forget the Linksys mac address.
Have you looked at the logs to see what is happening on that Ethernet port? Normally that interface would not be used in server only mode, so one question that pops to mind is what is happening there? Are there any problems with it? What communication is succeeding and what failing, what error messages.
Let us know how you get on.
John
-
What Boris is saying is that your ISP will typically allow only one MAC to be associated with one IP address on your loop.
When you changed from the Linksys to the SME, the MAC changed. The ISP will likely release the IP-MAC association after a time out (per Boris' note).
However to speed it up, you can switch back to the Linksys and manually release the DHCP lease then move the port back to the SME. Alternatively, you can call your ISP and tell them you switched routers and have them expire the old lease.
Note switching back from SME to say Linksys would require the same thing.
-
OK, that gives me a number of things to try. It will be several days (maybe next weekend) before I have a chance to try.
I'll post results.
Thanks
Ted