Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: edb on March 22, 2007, 06:04:05 AM
-
Off topic question for someone who may know the answer.
A little history ... I previously had a Sonicwall Pro100 unit with SME6.x server sitting on the DMZ port and it has been great for many years.
Due to the Sonicwall Pro going end-of-life I had purchased a new Sonicwall 2040 unit and attempted to do the same setup.
My Sonicwall 2040 is set up with Transparent Mode to the DMZ zone with a Public IP and from the outside world everything works great.
I can access all web services on the SME server just fine.
That being said I'm not really looking for help with the Sonicwall but my issue is that though I can access everything fine from the WAN side I can no longer access the SME server as I used to from the LAN side.
If I type in http://www.xyz.com or http://www.xyz.com/webmail it used to bring up the webpage on the SME server but now all I get a blank page with a generic DNS error.
Note that bringing up http://192.168.xxx.xxx/server-manager isn't a problem and it comes up as per normal.
The SME server still has an internal side private IP as before and I don't have an issue with email using the internal IP of the SME server but when I try to access anything on the SME server with http://www I get the error now as though it cannot be found. SME used to resolve it to the local LAN IP but not any more.
Would anyone have some insight on this and why it doesn't resolve to the SME internal IP when initiating a connection from the LAN?
My rules on the Sonicwall are wide open from the LAN out so I'm confused. Could it be the Transparent mode of the DMZ that is causing the problem?
Thanks in advance for any advise and yes I know this is an SME server forum.
-
I don't think your issue has anything to do with the firewall.
Is it safe to assume you have configured the SME to the correct WWW address? And is it also safe to assume you use the SME as your DNS server?
It really sounds like a DNS issue since it works using the IP.
?
regards,
patrick
-
Thanks for your reply idyll
Yes, I have the SME configured to the right www address as it will in fact bring up the requested page from the WAN side just fine.
I'm using my Windows 2003 DC for DNS but I even tried switching to use the internal IP of the SME server but got same result.
I agree that it sounds like a DNS issue though.
What happens if I use the internal ip of the SME to access our website (Mambo driven) it takes a long time to come up and it is all out of wack displaying only text really and no frames at all. So it only kinda works.
Yet if I go to the server manager using the internal IP everything is normal.
Go figure ...
-
Now I am completely convinced it is a DNS issue. ;-)
But in re-reading the thread, it may be I am not answering what you asked - namely the issue of www not resolving. Try the following.
Another assumption is that you use a Windows client, so you can enter multiple DNS servers? In my experience Windows does poor job juggling servers, or at least is very unpredictable. I am also not terribly fond of the way Windows server handles DNS, as in having too large a cache, but I digress.
I suggest trying this, if the above assumption is correct...set the internal IP address of the SME as the ONLY DNS server for the client and reboot the client (unless you know the foo to clear, etc. the DNS entries in the Command Prompt...)
Then, the correct way to approach this to use the name of the server you assigned when you did the final config of the SME before the final reboot and going live.
https://myslickserver@bar.com/server-manager
Bet it works.
regards,
patrick
-
I'm told by Sonicwall that my issue is due to the fact that my SME server is running in Gateway mode with both an internal and external NIC and they don't support that configuration on a DMZ port.
They say that I can use either NAT or Transparent Mode but both do not support the configuration of a server with both an internal & external NIC.
This would explain the reason as to why I could no longer access my web site from the local LAN segment because the Sonicwall ends up going in a loop when handing off the packets.
Therefore, I guess I will need to switch my SME to server only mode to accomodate this.
My question now is ... since my SME is currently running in Gateway mode can I easily switch over to Server only mode without effecting my current websites, webmail, etc, etc...
Can I just reconfigure my SME by selecting Server Only mode at the configuration screen and then setup the NAT translation on the Sonicwall to NAT the DMZ's Public IP to the SME server's Private IP interface and have everything work as it previously did?
Will I need to open any ports in this mode or are the HTTP/HTTPS/SSH/POP/SMTP ports already open and ready for redirection from the Sonicwall Firewall?
I have never run in Server Only mode before.
Thoughts appreciated.
-
My question now is ... since my SME is currently running in Gateway mode can I easily switch over to Server only mode without effecting my current websites, webmail, etc, etc...
Yes
Can I just reconfigure my SME by selecting Server Only mode at the configuration screen and then setup the NAT translation on the Sonicwall to NAT the DMZ's Public IP to the SME server's Private IP interface and have everything work as it previously did?
Yes
Will I need to open any ports in this mode or are the HTTP/HTTPS/SSH/POP/SMTP ports already open and ready for redirection from the Sonicwall Firewall?
No because the server in server only doesn't use a firewall.
I love it when people answer their own questions. :)
-
I solved my issue by simply adding a DNS Loopback policy to the WAN interface for requests originating from the LAN.
Apparently, Sonicwall tech support doesn't know this is possible as I was told that I have an unsuported server configuration and it couldn't be done the way it was setup.
I no longer need to put my server in Server Only mode as it is working perfectly now with 7 Site-to-Site VPN's as well as all my web services both from the WAN side and the LAN side.
Darn needles in a haystack ...
-
I am about to attempt the same proceedure as you have accomplished.
You solution was
"I solved my issue by simply adding a DNS Loopback policy to the WAN interface for requests originating from the LAN"
Could you explain the DNS Loopback part and how it was achieved.
Thanks
-
I am about to attempt the same proceedure as you have accomplished.
You solution was
"I solved my issue by simply adding a DNS Loopback policy to the WAN interface for requests originating from the LAN"
Could you explain the DNS Loopback part and how it was achieved.
Thanks
This link will step you through the loopback part ...
http://sonicsys.com/support/pdfs/Configuring_DNS_Loopback.pdf
I needed to do this because my DMZ was setup in transparent mode using a public IP.