Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: steve288 on April 07, 2008, 04:22:04 PM
-
I want to try to have an internal Exchange server be accessable from the outside world. To do this I want to pass the internal web address to the external world through the SME server. I'm a novice on proxie pass, but understand there was a panel for v6 of SME. Is there a panel for v7 ?
The command lines that I have found eg. see below are less clear than the panels. And If it does not work I don't know how to remove the proxy pass that has been configured with these commands. PS if you know how I to to remove the specific proxy pass once it is set up with these commands, if I want to remove them, can you tell me.
Thanks.
db domains set proxypassdomain.com domain
db domains setprop proxypassdomain.com Nameservers internet
db domains setprop proxypassdomain.com ProxyPassTarget http://xxx.xxx.xxx.xxx/
db domains setprop proxypassdomain.com TemplatePath ProxyPassVirtualHosts
signal-event domain-create proxypassdomain.com
-
steve288
db domains delete proxypassdomain.com
signal-event post-upgrade
reboot
To see how to use the db command syntax type
db
-
Wonderfull, thank you very much.
I don't know if you or anyone else can answer this but I have tried using proxie pass but it does not seem to be doing what I want. Perhaps I don't understand it or need to do more.
Employees have the ability to access their email by typing //exchange/exchange in a browser from behind the firewall.
I want them to get to their email from the outside world.
I have created an Ibay called exchange. Somewhere I read that I needed to do this for this to work. I made the I bay accessable for everyone with no password.
I executed the following command based on the very short wiki article on proxy pass.
db domains set exchange domain
db domains setprop exchange domain Nameservers internet
db domains setprop exchange ProxyPassTarget http://10.1.0.2/
db domains setprop exchange TemplatePath ProxyPassVirtualHosts
signal-event domain-create exchange
I dont know if this is right or not but any confirmation to my process would be apreciated.
The thing is Im asuming that when I go to my outside Ip address for this computer (this sme server doesnt have an outside domain name) so if it was http://200.256.134.234/exchange/ (this is not my real ip address), but when I go here all I get is my Ibay.
What am I missing. I think I should be getting my password prompt from my exchange server to get to the email accounts.
Regards
-
steve288
> db domains setprop exchange domain Nameservers internet
In the above command
exchange
needs to be a domain name
Search the bugzilla for a bug that refers to proxypass as I think it has some other command info you need to do what you are asking.
-
Great thanks. I will search for it and probably be back with more questions.
Thanks.
-
2 questions for you Steve...
1-What version of exchange are you trying to connect to?
2-Does your version of exchange require https and not http?
-
Good questions.
Its 2003 Exchange and no it does not require https. At least when we access it from inhouse it does not require https.
I have tried to search for articles in the bugzilla regarding proxy pass but cant find anything that specifically relates to my problem. I find buzilla hard to understand thats my problem.
If you or anyone can provide any help I would apreaciate it. The previous person was helpfull in saying that in this command
db domains setprop exchange domain Nameservers internet
the word exchange (which is the internal name of the server ) needs to be a domain name. But the SME computer just has an ip address and the internal computer is just an internal computer with no FQDM because its internal. Despite reading the help I guess I really dont know how to run this command or if there are any pre things that need to be done to achieve my goal.
Regards
-
steve288
I have tried to search for articles in the bugzilla regarding proxy pass but cant find anything that specifically relates to my problem. I find buzilla hard to understand thats my problem.
A bugzilla search on proxy pass then following a few links to other bugs found this in about 3 minutes.
http://bugs.contribs.org/show_bug.cgi?id=1612
I think the additional part of the command in the bug refers to proxypass to an ibay
For a sub-URL:
rt=ProxyPass
HTTP=no
HTTPS=yes
Description=RequestTracker
Target=http://localhost:81/rt
-
steve288
The previous person was helpfull in saying that in this command
db domains setprop exchange domain Nameservers internet
the word exchange (which is the internal name of the server ) needs to be a domain name. But the SME computer just has an ip address and the internal computer is just an internal computer with no FQDM because its internal.
In your first post you said "I want to try to have an internal Exchange server be accessable from the outside world. To do this I want to pass the internal web address to the external world through the SME server."
You now say you do not have a domain name that external people are going to use to access the sme or the exchange servers. That does not make sense.
The proxypassdomain.com part of the first command you posted, is the external domain name you will use to access the internal exchange server. Internal users would also use the same link, I assume.
The ProxyPassTarget http://xxx.xxx.xxx.xxx/ part of the command will be the internal IP number of the exchange server eg http://192.168.2.136/ or whatever.
What local IP number can the exchange server be reached on now, as that is the IP number you would put in the command above eg can you reach the exchange server using //192.168.2.136 (or whatever) ?
-
This post describes how I configured 'proxypass' to expose outlook web access through a SME server without using port forwarding: http://forums.contribs.org/index.php?topic=40075.0
(there's more to it than simply setting up a single 'proxypass' directive).
There should *not* be an ibay named 'exchange' - this procedure creates a template-fragment that creates and exposes http://smeserver/exchange
-
Ray,
I guess I asumed (ignoranly perhaps) that I could forward an ip address. eg. If I can go to an ip address for example on my sme box eg xxx.xxx.xxx.xxx I can get a web page. I was believing that you could go to xxx.xxx.xxx.xxx and it would take me to my exchange server which is 10.1.0.2. or better yet I would like to go to xxx.xxx.xxx.xxx/exchange and go to my exchange server.
Regarding your added info of
For a sub-URL:
rt=ProxyPass
HTTP=no
HTTPS=yes
Description=RequestTracker
Target=http://localhost:81/rt
Is this to be put in a file? I read the link but its not clear to me. And is rt the name of the directory and 81 the port that you want people to access it from?
Regards
-
mmccarn:
Thanks I will take a look at it
Regards
-
Ray,
I guess I asumed (ignoranly perhaps) that I could forward an ip address.
You are mixing up forwarding with proxypass, they are two different concepts.
eg. If I can go to an ip address for example on my sme box eg xxx.xxx.xxx.xxx I can get a web page. I was believing that you could go to xxx.xxx.xxx.xxx and it would take me to my exchange server which is 10.1.0.2.
Then why fiddle around with all this proxypass stuff when you may not need it. Have you tried just going to the port forwarding panel and forwarding port 80 to 10.1.0.2?
-
mmccarn:
I have read over your post proxypass for exchagne /outlook web acccess.
I guess I put the whole thing in a script and run it.
I dont know that much about domain names and such. Will I be able to go to the ip address of the sme server and then /exchange and in theory the web site should open.
Is this script the only thing I need to do. eg forget all the proxypass / portforward stuff Ive been playing with.
Sorry to be a nob but this has been a bugaboo around here for some time and Im trying to resolve what others have failed at.
Regards
-
pfloor
Thanks for your question. Actually Yes I did do this and it did not work for me. So I asumed that Proxy pass would be the answer. Although perhaps I did not do it right?? Since it did not work.
Thanks.
-
If you want to make the webinterface from access accessible to the outside world you could use proxypass. The wiki holds the proper commands to do so: http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass
I guess it might not have worked as you have created an ibay for it which is not necessary and could be in the way, so you should remove the ibay using the server-manager, previous to configuring the proxypass.
Furthermore you need to replace the proxypassdomain.com value with your full qualified domain name (FQDN) and point to the ip number of your exchange server (perhaps including the /exchange location).
-
Cactus (or anyone)
Thank you for your response I have looked at the wiki many times but I have questions that seem to be outside its scope.
In particular Im trying to answer one question regarding, if it needs to be an FQDN or just an IP Address.
My Sme server has a permenent ip address. But It does not have not have a FQDN. The Ip address will never change. We pay for it. Does this mean that I cant use proxy pass. Does it not work with external IP addresses only FQDN.
If I really do need a domain name, could I use a free service like DynDNS to create a FQDN and would that work in theory?
Regards
-
Thank you for your response I have looked at the wiki many times but I have questions that seem to be outside its scope.
In particular Im trying to answer one question regarding, if it needs to be an FQDN or just an IP Address.
I do not know, but I guess it needs the FQDN, you could try it by using the IP-number though.
My Sme server has a permenent ip address. But It does not have not have a FQDN.
I seriously doubt that, what does this command yield to you n(from outside your network):
nslookup ip-number
You could also test it using this website for instance: http://www.ipaddressguide.com/dnslookup.aspx
-
I logged on to my home computer using logme in then ran and went to web site you suggested.
the result I got was ...
207.xxx.xxx.xxx Unreachable....
I tried to putty into from home and got same result basically.
However
When I ran the same command using an ip that we have which is currently our mail gateway I got
207.xxx.xxx.xxx PTR record: mail.abccorp.com
So Im fairly convinced that the ip address for the sme box does not have domain name.
-
I logged on to my home computer using logme in then ran and went to web site you suggested.
the result I got was ...
207.xxx.xxx.xxx Unreachable....
I tried to putty into from home and got same result basically.
However
When I ran the same command using an ip that we have which is currently our mail gateway I got
207.xxx.xxx.xxx PTR record: mail.abccorp.com
So Im fairly convinced that the ip address for the sme box does not have domain name.
Just dawned on me...If you don't have a FQDN, then how does the exchange server get any email? Is it fetching it from elsewhere?
-
Here is the thing. This is a test bed with the eventual goal of using it.
Currently we use another sme computer for our spam and virus filter. Mail comes into it which has a domain name of mail.sme6_ourdomain.com then with sme & exchange magic does it picks up the mail from the mail.sme6_ourdoamin.com. This computer is sme 6. We built this new comptuer on sme 7. Eventually we want to swap the 6 for the 7. But we want to set it up and get it to forward the outside users to the internal exchange. We would like to get this working now to see if we can do it. I tried it in the past on our sme6 computer and had no luck. That was 6 or 8 months ago. Now Im making an atempt on sme 7 hoping that the panels and perhaps advancements will make it easier.
Make sense?
Regards
-
Make sense?
Regards
Clear as glass. I'm afraid however you will need to assign a FQDN to your test machine because (AFAIK) you need an FQDN for proxypass to work. Do you control the DNS records for the primary domain that you currently have set up. If you do, add a temporary subdomain and point it to the test machine and try again. Eg:
If main domain is ourdomain.com -> xxx.xxx.xxx.xx1
Then make DNS record of subdomain exchange.ourdomain.com -> xxx.xxx.xxx.xx2
Then get rid of all your old settings, the ibay named "exchange" and make sure there is nothing in the server left over from the previous tests and do the following commands:
db domains set exchange.ourdomain.com domain
db domains setprop exchange.ourdomain.com Nameservers internet
db domains setprop exchange.ourdomain.com ProxyPassTarget http://10.1.0.2/exchange/
db domains setprop exchange.ourdomain.com TemplatePath ProxyPassVirtualHosts
signal-event domain-create exchange.ourdomain.com
Wait 15 minutes to 24 hours for the DNS to populate and point your browser to http://exchange.ourdomain.com (note that I made the directive go directly to /exchange so you won't need to type it in the browser.)
Now let me put my 2c worth on this proposed setup. Using http for email is highly insecure and I wouldn't recommend it, especially if the company emails ANY personal information. Using https with proxypass has it's own issues (namely certificate issues). Have you considered VPN?
-
Thank you pfloor your answer is clear as Glass.
We are a small outfit and dont know if we control the DNS records. I mean we have a domain name and several static IP's after that Im not sure. Im unfamiler with this area and dont know how to do this ? Do you have any idea how I can find out if we can add a new name?
Secondly regarding the VPN question. This is a good question and indeed that is how we in the It department access our email. First we set up a VPN connection through the sme6 computer then download our mail. However for other end users this is far too cumbersome and complex. I'm open to suggestions, but not sure there are many. Using https may be a slightly better answer at least.
Regards
-
Steve,
We are a small outfit and dont know if we control the DNS records.
You should be able to easily find out. Go to:
http://member.dnsstuff.com/pages/tools.php?ptype=free
Put your domain name in the WHOIS/IPWHOIS Lookup box and you will get the contact info for your domain, if that happens to be the person in the next office you may be in luck.
-
Yes thanks thats a good idea,
thanks