Koozali.org: home of the SME Server

"Internet Server" mode

Bill Talcott

"Internet Server" mode
« on: March 28, 2003, 09:38:44 PM »
"Server Only" mode seems to be the internal half of Server-Gateway mode, with everything wide open for access on an already-secure LAN. What about an "Internet Server" mode? It would function the same as a Server-Gateway's external interface. In most cases, it's probably just as easy to throw in a second NIC and run it in S-G mode, but it would be nice to not *need* that other NIC (especially for small systems). I'm not sure if you could eliminate some unnecessary tasks since it wouldn't actually be acting as a gateway either.

This seems like something that should be fairly easy to implement, as you're just not using part of the standard install. I believe there are some people out there who have tried or are using SMEs in this way. If you did this, you'd probably want to rename "Server Only" to "LAN Server" or something, to avoid confusion.

Boris

Re: "Internet Server" mode
« Reply #1 on: March 28, 2003, 10:57:06 PM »
You still can do it in the S/G mode with single NIC. Internal interface (eth1) will be configured, but never active, or use eth0:1 as your internal interface. Its not the real design solution, but work around to get you features you want from existing design.

Andrew Hodgson

Re: "Internet Server" mode
« Reply #2 on: April 02, 2003, 09:31:48 PM »
Hi,

Actually, on my version used in server only mode, my system is not open, due to the fact that the port forwarding on the router keeps the original ip address.  For example, I can turn off public SMTP access, meaning nobody can connect to port 25 to the external ip.
Andrew.

Bill Talcott

Re: "Internet Server" mode
« Reply #3 on: April 03, 2003, 07:45:40 PM »
Andrew Hodgson wrote:
>
> Actually, on my version used in server only mode, my system
> is not open, due to the fact that the port forwarding on the
> router keeps the original ip address.  For example, I can
> turn off public SMTP access, meaning nobody can connect to
> port 25 to the external ip.

This is because the SME is secured behind the router. If you were to give the SME a public IP and stick it directly on the internet, you wouldn't have this security.

Boris wrote:
>
> You still can do it in the S/G mode with single NIC. Internal
> interface (eth1) will be configured, but never active, or use
> eth0:1 as your internal interface. Its not the real design
> solution, but work around to get you features you want from
> existing design.

I wasn't aware of this. As I said, I haven't tried it myself, but heard others ask about it and thought about it myself. I guess if you can set it up without any problems even without actually having an internal NIC in the box, then there's no need for a separate "Internet Server" mode. It would be nice to have it listed as an option though, for user-friendliness. Or at least documented somewhere. Maybe it is already and I just missed it...

Jim Gooch

Re: "Internet Server" mode
« Reply #4 on: May 15, 2003, 02:01:36 PM »
Have just installed 5.6 in server only mode - currently running on an internal IP (192) -however the intention is to put the server into a DMZ and change the IP to (172) when fully configured.

Given that access will be entirely controlled by a firewall (various ports closed & dnat rules applied to forward a public IP to the 172 range) then it looks to me as if the standard server only install will do the job fine. We will be switching off some redundant services (Squid etc) but that will only be to improve performance. Does anyone know if switching off Samba will affect HTTP/FTP access to i-bays ?

Can report back on completion if ppl wish.

Firewall is Astaro