Topic: Remote Access Configuration

[morrislex]

Hello all – I need your help. I’m running SME 7.0

I have a static IP from my ISP
My modem is in bridge mode
External IP of SME is DMZ’d in my router

External IP and Subnet of my ISP static IP is listed in my allowed networks for remote access

When I enter my IP on IE from work
https://2xx.xxx.xxx.xxx/server-manager

I get this returned in my browser
Forbidden
You don't have permission to access /server-manager on this server.

When I do this in a Firefox browser I get the certificate push and then the same message in the browser

Any Ideas?

Thanks - Bill

[Boris]

Try to use internal IP of your SME (192.168.x.x ?)

[morrislex]

I have the internal IP's and their subnets also allowed - thats what I don't understand I guess

[mmccarn]

You would have to 'allow' the public IP that your 'work' pc uses in order to manage the system remotely.

Other alternatives are:

* Enable PPTP VPNs, establish a VPN to your server from work, then manage the server using the internal IP of the SME
* Enable SSH, install 'Putty' at work, and use putty to 'tunnel' port 443 on your work PC to your home SME, then manage the SME at https://localhost/server-manager


On a side note, allowing access for the public subnet of your router would only allow access from the few hosts on that specific subnet.

[kitnorriss]

* Enable SSH, install 'Putty' at work, and use putty to 'tunnel' port 443 on your work PC to your home SME, then manage the SME at https://localhost/server-manager

Hi,

Please could you explain a little further how to tunnel a port using putty??? It might be quite useful for emergencies. Thanks

Kit Norriss

[mmccarn]

- download putty from http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe and save it in c:\windows
- click 'Start', 'Run' putty my.smeserver.org -l root -L 443:127.0.0.1:443 (replace "my.smeserver.org" with the DNS name or public IP address of your sme server)
- enter your root password when prompted
- access server-manager at https://localhost/server-manager

SSH tunnels like this can be used to access any host on your private network.  Assuming you have a windows box behind your SME at 192.168.1.33, you could do this:
- enable remote desktop on the workstation at 192.168.1.33
- On your remote computer: Start, Run, putty my.smeserver.org -l root -L 3333:192.168.1.33:3389
- Start 'Remote Desktop Connection' and connect to "localhost:3333" (I use port 3333 in this example for two reasons - a) the '33' on the  end reminds me that I'm going to control 192.168.1.33, b) I *must* select a port that is not already used by any service on my remote workstation - if I have remote desktop enabled on my remote station and use "-L 3389:192.168.1.33:3389" in my putty command, I will fail...)

Here's the breakdown.  Assuming the following configuration:

Code: [Select]

Remote_PC
    |
Internet
    |
my.smeserver.org
    |
192.168.1.33
The command putty my.smeserver.org -l root -L 3333:192.168.1.33:3389 on 'Remote_PC' causes port 3333 on 'Remote_PC' to be mapped to port '3389' on 192.168.1.33.

You can control the SME server itself by specifying either '127.0.0.1' or the LAN IP of the SME in the putty command.

You can do all the same stuff from within putty - just start putty and look for the SSH Tunnel settings.

IMPORTANT
Once you've seen it work, you are strongly encouraged to setup public-private keys for authentication as described in http://wiki.contribs.org/SSH_Public-Private_Keys.  Using your root password to connect to your SME server from a remote location could expose your server if your password is insufficiently secure, or if you ever enter your password on a system with a key logger installed.

[kitnorriss]

Thats fantastic. Thanks very much.