Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: kaukomieli on December 12, 2006, 02:56:04 PM

Title: using SME as "exposed host"
Post by: kaukomieli on December 12, 2006, 02:56:04 PM

hi folks,

after having used sme as db-server for a while i would like to utilize its flexibility in a new setup.

the dsl-connection is currently done via a dsl-wlan-router, which has 2 lan-ports and 1 wlan with different subnets.

on lan A resides the regular office with fileserver, db-server, pcs etc. with no upnp and no routing from the outside.

the wlan is strictly for internet access and has no routing to the network on lan A.

i would like to put a sme-server on lansegment B and configure the router to forward all incoming connections to this host.

the server should allow for certain connections only from lan A (smtp, ssh, ftp, pop) and should allow some services to be connected to from anywhere (http, https and port 34000 for a customized software)

as i understand sme-server has a firewall enabled in server-only-mode (even though the install-dialog tells you it has not) but this is not suitable for putting it directly on the internet.

soo - is it possible to achieve what i would like to do with a standard-sme installation?

ps: currently there is an old w2k-iis-server on port-forwarding in lanA doing the task and it will be harder to convince management to change this ridiculous setup if they have to pay for a customized installation.

:) thanks for your help!

Title: using SME as "exposed host"
Post by: kaukomieli on December 12, 2006, 06:57:46 PM

sorry, i have just realized this might belong into the general sme-server section instead of the contribs part.
if some mod could please move it there :) thanks!

Title: using SME as "exposed host"
Post by: duncan on December 13, 2006, 06:18:01 AM

Can`t see any of this presenting a problem. You will need to add your "A" network to the local networks portion in SME.

Other than that it should be fine.

Title: using SME as "exposed host"
Post by: kaukomieli on December 13, 2006, 10:57:28 AM

uhm, its that simple? and i just install server only mode?

wont i have to configure some services to be only available to lan A? and do I have to configure some static routing between lan A and B for people from the office to connect to this server thus compromising the thought behind putting them on different lan-segments in the first place.

i just cant figure how i wanted this to work out, it sounded like a good plan yesterday -.-
maybe more coffee will help :)

Title: using SME as "exposed host"
Post by: duncan on December 13, 2006, 10:24:10 PM

Quote from: "kaukomieli"

uhm, its that simple? and i just install server only mode?

Yep - that simple

Quote from: "kaukomieli"

wont i have to configure some services to be only available to lan A?

Yes - thats what happens when you set Lan A in the SME local networks panel

Quote from: "kaukomieli"

and do I have to configure some static routing between lan A and B for people from the office to connect to this server thus compromising the thought behind putting them on different lan-segments in the first place.

Don`t know - Not sure what hardware you are running.

My thoughts - Simply set SME up in server only mode on Lan A and Port forward mail and web to it on your router. It`s what every one else does.

No need to over complicate things here - your network will as safe as it was before.