Topic: Server Only Mode

[Howard]

Hi,

Is this system secure using server only mode..? I have a router / NAT firewall that this will be plugged into, and only require the web server and web mail and the web server...

Will this be secuure?

Thanks
Howard

[Terry Brummell]

As long as it's behind a firewall.  When in Server Only mode no firewall rules are in place.

[Howard]

Hmm,thanks for that.... Can I put it in the other mode and then use the one network card as internal and external to enable the firewall?

[Bill Talcott]

Howard wrote:
>
> Hmm,thanks for that.... Can I put it in the other mode and
> then use the one network card as internal and external to
> enable the firewall?

Not that I'm aware of, without tinkering with stuff.

If you have it behind a NAT router, it will only be accessible to the outside through port forwarding from the router. Just forward the ports you need and nothing else. Do you need a firewall between the SME and your LAN for some reason?

[Howard]

Thanks for the help...Sorry if im not very clear, but im new to any form of linux.. I have a cheap broadband 4 port router with built in NAT, port forwarding and DHCP... I would like to use all the funtionality of SME Server (webmail, web server, remote access, file server) but not use it as a gateway...

I haven't installed it yet.. I have a spare compaq evo 1.7 with only 1 network card. If using NAT, would all the files on the server and mail stores be safe?

Again,thanks for all your help.
Howard

[Charlie Brady]

Howard wrote:

> Thanks for the help...Sorry if im not very clear, but im new
> to any form of linux.. I have a cheap broadband 4 port router
> with built in NAT, port forwarding and DHCP... I would like
> to use all the funtionality of SME Server (webmail, web
> server, remote access, file server) but not use it as a
> gateway...

Why? Spend a bit of time searching this board and you might rethink. The router doesn't do anything that the server can't do, and setup will be a lot easier without the router complicating things.

Charlie

[Howard]

Thanks.. I thought about this, but the pc I have is a Ultra Slim Desktop with only one network card and I can't add more - and I doubt SME Server will detect a USB SB4100 modem

[Bill Talcott]

Howard wrote:
>
> Thanks for the help...Sorry if im not very clear, but im new
> to any form of linux.. I have a cheap broadband 4 port router
> with built in NAT, port forwarding and DHCP... I would like
> to use all the funtionality of SME Server (webmail, web
> server, remote access, file server) but not use it as a
> gateway...
>
> I haven't installed it yet.. I have a spare compaq evo 1.7
> with only 1 network card. If using NAT, would all the files
> on the server and mail stores be safe?

NAT (without any forwarding) will completely isolate the SME from the internet. No internet traffic at all will be able to pass to the SME. If you forward ports, from the router to the SME, only traffic coming in on those ports will make it to the SME. So long as you don't forward the Windows networking ports, nobody outside will even be able to tell it supports that.

I also second what Charlie said. Things will probably go a lot more smoothly if you can use the SME as the gateway too.

[Howard]

Thanks guys.. really appreciate the help..

Don't spose you know of a way to get SME server to recognise a Motorolla USB 4100 modem do you?

Thanks
Howard

[Paul]

I agree with Bill and Charlie.  I ran my sme behind a Linksys router for about 3 months.  I then decided to change and use my sme box as my gateway.

The sme box must handle NAT much better because I experienced an immediate noticeable increase in browser speed.  This was most noticeable when multiple users were accessing the internet simultaneously.

I have also noticed that false "page not found" errors have decreased to almost nothing. This problem seems to be common on routers behind cable connections.

There are several people trying to get USB modems working.  You can be patient and see if anyone comes up with a solution or try like heck to get a second NIC card into your computer.

Good Luck,

Paul

[Paul]

Howard wrote:
>
> Thanks.. I thought about this, but the pc I have is a Ultra
> Slim Desktop with only one network card and I can't add more
> - and I doubt SME Server will detect a USB SB4100 modem

I seem to remember some time ago that I was able to get an angle adapter and install a PCI device in a slim cased PC.  Does this PC have any PCI slots or is everything built on to the board?

[Howard]

No PCI slots im afraid... everything is on board... I have seen USB to RJ45 adaptors,but you need to install a driver which  I thinks is Windows only

[Ray Mitchell]

Howard
If you are going to the trouble of setting up this system, why not do it with hardware that will support sme properly. Low end PC's wok quite fine and have plenty of expansion slots and 2nd hand would not cost very much.
Considering the time & effort you will spend setting it all up etc, you can easily justify some small outlay on correct hardware.

Your approach appears to be "lets make the software fit the hardware that I happen to have", but it should be "get compatible hardware and then instal the software".

You could sell the firewall device as sme does that job very nicely.

Regards
Ray Mitchell

[Kobus Bensch]

Had a similar problem with nics and gateways and so one so I decided to put a firewall between SME and the internet. Try www.smoothwall.org if you have an old pc lying about. probably get it working no time with smoothwall. lots of support on the irc channel with guys as knowledgeable as on this forum.

[Stewart Midwinter]

okay, here's a soluton that will use your hardware. Use your 4-port router.  Maybe you have some other PCs that you want to connect to it, so do that.

Connect the e-smith server to the router as well. Set up e-smith as public server.  But then give it a fixed internal IP, e.g. 192.168.1.11 (make sure it's in the range that is allowed by the router).  Also give it a fixed external IP, e.g. 192.168.1.12.  Then tell the router to put 192.168.1.12 into a DMZ.  This will eliminate all NAT for the e-smith box; in other words, it is connected directly to the outside world, and its own firewalling rules will protect it. Meanwhile, the router's firewalling rules will protect other PCs on the network.

I'm using a setup just like this (although my e-smith box has 2 NIC cards), and it seems to be working fine.

Some of the readers suggested just using the e-smith server as your gateway as well. That means you have to buy more hardware, which you may not want to do.  But also, it means that all network traffic goes through the e-smith box; if it's an older CPU, it may be a bottleneck. Connecting your other machines to a router may speed things up for them. And then the e-smith box only has to serve up web pages.

hope this all made some sense.

Stewart in Calgary