Topic: 6.0b3: Can't add local network (error"doesn't look like

[Daniele Procida]

I'm trying to add a Local network to SME 6.0b3.

I enter the network address, the subnet mask, and leave the router address blank.

The server manager complains about the router address field: "Doesn't look like an IP"

What should I enter here? (I have tried, just for the sake of it: the ISP's gateway, the WAN and LAN addresses of the SME server, and 0.0.0.0.)

Leaving it blank worked perfectly in 5.6.

Thanks,

Daniele

[Dan Brown]

From the front page, release notes for 6.0b3:

"Comments or bug reports should be sent to smebugs@mitel.com (and only there, please)"

But install the available updates from your favorite mirror first, in case they address this problem.

[Daniele Procida]

Dan Brown wrote:

> "Comments or bug reports should be sent to smebugs@mitel.com
> (and only there, please)"

I'm not certain it's a bug at all - it just might be my idiocy that's the problem.

> But install the available updates from your favorite mirror
> first, in case they address this problem.

I've installed them all already.

Is there some manual way of editing these settings via ssh?

Daniele

[Charlie Brady]

Daniele Procida wrote:

> I enter the network address, the subnet mask, and leave the
> router address blank.

From RELEASE-NOTES.txt (in the same directory as the .iso file):

 - A "router" setting must now be defined for any local network. This
   implies that all "local networks" must truly be local, i.e. not
   Internet addresses. This change is introduced to strongly discourage
   insecure configurations.

> What should I enter here?

You need to enter the address of the router which joins your LAN to the additional local network.

Charlie

[Daniele Procida]

>  - A "router" setting must now be defined for any local
> network. This  implies that all "local networks" must truly be local,
> i.e. not Internet addresses. This change is introduced to strongly
> discourage insecure configurations.

OK, so it was my idiocy that was the problem, just as I expected.

But still, I really need access to i-bays and user directories over the Internet, via AppleShare. The relase notes say:

If you wish to enable local network access, you can do so via:
 
  /sbin/e-smith/config setprop mysqld LocalNetworkingOnly no
  /sbin/e-smith/expand-template /etc/my.cnf
  /etc/rc.d/init.d/mysqld restart

so I'll give that a try. But, why is it MySQL that is implicated here?

Thanks,

Daniele

[Charlie Brady]

Daniele Procida wrote:
 
> But still, I really need access to i-bays and user
> directories over the Internet, via AppleShare. The relase
> notes say:
>
> If you wish to enable local network access, you can do so via:
>  
>   /sbin/e-smith/config setprop mysqld LocalNetworkingOnly no
>   /sbin/e-smith/expand-template /etc/my.cnf
>   /etc/rc.d/init.d/mysqld restart
>
> so I'll give that a try. But, why is it MySQL that is
> implicated here?

Sorry, there was a cut&paste error in the Release Notes. The text you quote above refers to a preceding paragraph:

 - The mysql database daemon is configured by default to accept only
   local connections (i.e. it is not accessible via the network).
   This is a security precaution. We only use mysql for webmail
   preferences, and only require access from localhost.
                                                                                               
I've corrected the error. Sorry for the confusion.

Charlie

[Alejandro Lengua]

So Daniele, did your project worked?
Does your remote (now local network) can access Internet?

[Daniele Procida]

Alejandro Lengua wrote:
>
> So Daniele, did your project worked?

No. I have still not succeeded in finding a way to make file-sharing from the SME server available across the Internet.

I've experimented with various things, but so far not with any luck.  Unfortunately this is a real problem for me.

Daniele

[Michael Soulier]

Daniele Procida wrote:
>
> No. I have still not succeeded in finding a way to make
> file-sharing from the SME server available across the Internet.

This is why VPNs were invented. Simply opening-up your server to a range of IPs is not even remotely safe, which is why it is no longer permitted in 6.0.

There are various VPN technologies available for Linux and other platforms, from FreeS/WAN, to OpenVPN, to PPTP and OpenSSH. OpenVPN is probably the simplest of these solutions, and it's available for many platforms.

Conversely, if you need a turn-key solution, you can purchase the commercial release.

Regards,
Mike

[Daniele Procida]

Michael Soulier wrote:

> > No. I have still not succeeded in finding a way to make
> > file-sharing from the SME server available across the
> Internet.
>
> This is why VPNs were invented. Simply opening-up your server
> to a range of IPs is not even remotely safe, which is why it
> is no longer permitted in 6.0.

I can understand that, especially in the context of a server system that has been developed and marketed with security as one of its prime considerations. I'd still prefer it to be an option though. Unfortunately VPN simply doesn't really meet all my needs (though it works well enough for me at some levels).

Would want I want to do be possible in the commercial release?

Daniele

[Daniele Procida]

> Would want I want to do be possible in the commercial release?

OK, stupid question: how do I actually purchase the commercial release? Some time spent browsing the Mitel site tells me all about it, but not how I purchase it or how much it will cost.

Daniele

[Alejandro Lengua]

Well, I thought you were wanting to share SME on several local networks.

I plan to have 2 local networks with access to Internet
192.168.10.0 attached directly to SME BOX
192.168.20.0  attached to its own router/gateway with the WAN IP like 192.168.10.x, is it what I am thinking correct?


INTERNET
    |
SME BOX -----LAN 1 (192.168.10.0)
                          |
                      Router (Wan IP=192.168.10.100 /LAN IP: 192.168.20.1)
                          |
                     LAN 2 (192.168.20.0)

[Charlie Brady]

Alejandro Lengua wrote:
 
> I plan to have 2 local networks with access to Internet
> 192.168.10.0 attached directly to SME BOX
> 192.168.20.0  attached to its own router/gateway with the WAN
> IP like 192.168.10.x, is it what I am thinking correct?

Yes, that is exactly what the "local networks" feature provides.

Charlie

[Charlie Brady]

Daniele Procida wrote:

> I can understand that, especially in the context of a server
> system that has been developed and marketed with security as
> one of its prime considerations. I'd still prefer it to be an
> option though.

Windows networking (SMB) and Appletalk are not designed as "hard" protocols to be exposed to the Internet. Your request is very unusual. I'm also not certain that it is possible, as netatalk only listens on a single interface (the LAN).

Charlie

[Michael Soulier]

> I can understand that, especially in the context of a server
> system that has been developed and marketed with security as
> one of its prime considerations. I'd still prefer it to be an
> option though. Unfortunately VPN simply doesn't really meet
> all my needs (though it works well enough for me at some
> levels).

How does a VPN not meet your needs?

> Would want I want to do be possible in the commercial release?

Yes. Beyond PPTP, MAS 6.0 supports IPSec Roadwarrior VPNs via X.509 certs and l2tp, which is built into Win2K and WinXP.

Mike