Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: cipandales on July 22, 2008, 01:06:14 PM
-
Good Day !
I want to acces my server with server manager interface from outside (internet).
And i want to make acces for any ip adresses.
Can you help me and tell me how i can manage this ?
Thanks
-
Use VPN.
http://wiki.contribs.org/VPN_practical_tips
-
Thank you !
Is there any other method ?
I mean, to ad/modify a firewall rule to have external access to server manager ?
Is to complicated to make vnc to work.
Thank you !
-
Is there any other method ?
RDP in to an XP/Vista workstation is another option.
I mean, to ad/modify a firewall rule to have external access to server manager ?
I don't think it is that hard to do. I would never recommend it for security reasons. You would have to add the WWW to your list of trusted networks and that opens up everything.
Is to complicated to make vnc to work.
If your server is the gateway/router it is very simple.
-
Yes, you can change the configuration db to enable public httpd-admin service easy.
Just change the string "httpd-admin=service|PermitPlainTextAccess|yes|TCPPort|980|TKTAuthSecret|don't-change-your-crypt-string!!!|access|public|status|enabled"
then make signal-event post-upgrade and signal-event reboot
After that, the server-manager Panel and the Password-Change Panel is accessible from extern (Internet Gateway or IP)
Mfg Igi
-
Yes, you can change the configuration db to enable public httpd-admin service easy.
Just change the string "httpd-admin=service|PermitPlainTextAccess|yes|TCPPort|980|TKTAuthSecret|don't-change-your-crypt-string!!!|access|public|status|enabled"
then make signal-event post-upgrade and signal-event reboot
After that, the server-manager Panel and the Password-Change Panel is accessible from extern (Internet Gateway or IP)
Mfg Igi
this is, IMO, very dangerous..
in this way everyone out there colud access your server.. is this REALLY what you want?
if you want to access your server-manager in safe mode without vpn, you can take a look at ssh and ssh-tunnels (google for it)
My 2c
Ciao
Stefano
-
Thank you !
How exactly i can change the string ?
This line below doesn't work !
"Yes, you can change the configuration db to enable public httpd-admin service easy.
Just change the string "httpd-admin=service|PermitPlainTextAccess|yes|TCPPort|980|TKTAuthSecret|don't-change-your-crypt-string!!!|access|public|status|enabled"
then make signal-event post-upgrade and signal-event reboot
After that, the server-manager Panel and the Password-Change Panel is accessible from extern (Internet Gateway or IP)
Mfg Igi "
-
cipandales
don't play with the db/config commands if you don't know what you are doing.. you could break your server.
and, I repeat, opening the server-manager to the wan in that way is bad.
ciao
Stefano
-
Thank you, Stefano, but i need to work with server manager from another location.
It is a must.
So, maby you can help me to do this safe !
Thanks
-
ok
what part of
you can take a look at ssh and ssh-tunnels (google for it)
didn't you read? :-)
btw, read this:
http://www.gb.nrao.edu/pubcomputing/tunnel-howto.shtml (http://www.gb.nrao.edu/pubcomputing/tunnel-howto.shtml)
HTH
Ciao
Stefano
-
:-)
That's a misunderstanding:
i must make the changes on sme server because i can't use any programs on workstations i'll use except ie/firefox/whatever.
And, also, it will be necessary to make changes for users, i-bays etc. even from the phone (iphone and others).
Thank you !
-
:-)
That's a misunderstanding:
i must make the changes on sme server because i can't use any programs on workstations i'll use except ie/firefox/whatever.
putty doesn't require setup so you can simply drop it on your desktop and double click on it
And, also, it will be necessary to make changes for users, i-bays etc. even from the phone (iphone and others).
Thank you !
I use an HTH smartphone with wm2003.. I use putty on it..
btw, please explain why you can't use anything different from a browser..
there's no safe way without ssh/vpn
Ciao
Stefano
-
I understand it, he has a workstation on work without any rights to change a network configuration or make an VPN dialout. Then he can only make changes over the server-manager who is accessible from the Internet.
It is dangerous, yes, but it is his own risk, and when he ask for a method to access the server-manager from the Internet an opened it, thats his problem.
My httpd-admin is open for public access because my OX User must change their password themself. And, do you know on whitch dynamic IP is an SME?
My SME is open for the last six months, and till today, there's no security problems. Only on FTP Port my SME register requests, but not on Port 443.
Changes in configuration db directly, you made with vi or mc.
Mfg Igi
-
Yes, Igi has right.
So, how can i make the firewall changes ?
Explain me like i'll be a novice user (i have switched from bsd - os x server to sme).
Thanks a lot
-
cipandales
...how can i make the firewall changes ?
Don't make any changes using db commands as suggested in this thread, or templates either.
If you are really desperate to open your server manager to ANYONE, and willing to take the BIG security risk, then look in server manager, as the facility is already there in the Remote Access panel under Remote Management.
I'm not going to tell you what to enter there to achieve what you want, but if you search these forums on one of those names you will find what you want.
Make sure you have a really strong and long password on your server manager.
It would be a much better (safer) option to install the user manager contrib and restrict the access that various users have to limited panels via user manager (which is a cut down server manager panel) for users, rather than for admin.
-
Yes, technically it is possible to add a little info via the existing admin panel to have access from anywere, but it is very unpopular to inform what to write.
The solution I use myself at the moment is to run a local Windows 2000 workstation for remote access via logmein.com (Host system Centos 5.3/vmware server with a virtual sme 7.3 + a virtual smoothwall firewall plus a virtual Win 2000 workstation.)
-
thank you !
I am wondering if it is not more simple to know which port is used by server manager and open that port using a firewall rule for public access ?
The methods above are too complicated.
-
thank you !
I am wondering if it is not more simple to know which port is used by server manager and open that port using a firewall rule for public access ?
The methods above are too complicated.
if you can open a port on your firewall, then open the ssh one (tcp 22) and use ssh..
ciao
Stefano
-
I use sme server as a firewall and mail/FTP server/file server etc. So, I must make whatever is neccessary to access server manager from anywhere !!
Can you help me with something concrete ?
Like build firewall rule ?
Or else ?
Thanks
-
Mary
where is the latest user manager contrib
I notice its not listed on the wiki
regards
Jim
-
cipandales
I already answered you, a quick search on Remote Access and/or Remote Management will find the answer.
You do not need to create any special rules, as what you want is already provided in the server manager panel.
-
jjcuk
In smecontribs
It's called
smeserver-userpanel
-
Thanks all !
Mary's recomandation it was helpful !
I wrote that numbers and now it works.
Thanks again !