Topic: Accessing my webserver from outside the network

[abasel]

I have an ADSL router connecting my SME box to the internet.

From outside, if I enter the the IP of my connection in a browser, should I get the default page of my SME webserver? Should it just work or do I need to forward all port 80 traffic from the router to the internal SME IP of my network?

Not sure if I'm making any sense....

[johnp]

Generally speaking it is likely that the DSL router is acting as a nat firewall. If this is the case, you would need to open ports.

Since you haven't said what mode your server is configured for i.e. server-gateway, server-only it makes it a bit harder to provide help.

[abasel]

I am using the  server-gateway setup

[johnp]

If the external ip address of your server is in the private range http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces your router is doing the nat. You would then have to open the ports. Many of these routers have a setting for placing a machine in the dmz, what basically opens all ports to that internal ip address.

Other considerations are whether your isp is providing a static or dynamic ip. If static, you could access your machine via that ip address if dynamic a service such as dyndns would be needed.

There is also the possibility of reconfiguring the router to act as a modem and have your sme provide the login info for your dsl.

[abasel]

Is it better to configure the  router as a modem or should I leave the modem separate?

[johnp]

I can't say if one way is better. It's more of a personal choice and comfort level and knowldge of the equipment being used.

[janet]

abasel

Is it better to configure the  router as a modem or should I leave the modem separate?

Typically you would configure your modem/router in bridged mode, which just passes the signals through to your SME server which is configured for gateway server mode.
Your server then handles the login client, DHCP server, DNS functions, firewall etc. There is no need to do network maintenance or adjustments in your modem/router then as your SME server handles everything including the firewall.

If you need or have specialized requirements for firewalling etc, then your router does all the functionality mentioned above (configured in normal modem/router mode), and your SME server is then configured for server only mode.

If you need to use the wireless function that many routers have, then you need to use your modem/router as the gateway/firewall etc, and only use your SME server in server only mode.

It will be easier to administer a bridged modem and a SME in gateway server mode, as all/most configuration is done via server manager.

If you use a seperate router/firewall then you have to setup port forwards for all services you want to access on your SME server, eg web, https, mail, ssh and whatever else.
 
You obviously must disable all these functions in the modem/router.

[abasel]

I have a fixed IP which I've also assigned a domain name via dyndns.
I've set the following in my router where 192.168.199.1 is the IP of SME.

TCP   ALL   192.168.199.1   80   80       

Basically I am trying to get all incoming traffic on port 80 to redirect to the webserver.........

[janet]

abasel

If you are going to use your router as the firewall, then change your SME to server only mode.
Also disable DHCP in the SME server as the router will be doing that (usually by default).

Personally I think you are taking the harder route, I already told you it will be easier to administer your setup if you set your router to bridged mode and disable all other services running on the router and enable those in SME server instead, and then manage everything (including firewall) from your SME server. Note you will not typically need to forward any ports under that scenario.

[abasel]

Hi.. I realise that I'm just missing the point somewhere, but thanks for the patient input

I have disabled all other services.. thought I had anyway. The only mention of bridging on the router if in the firewall section called Bridge Filtering which I don't think you are talking about.

There is on option under virtual hosts to set up a DMZ host.... but when I tried that it all when to custard...

I am probably going round in circles now so will have a good look at the router manual and then see if together with your directions I can step forward. I think I'm probably close but its been a long day.

[janet]

abasel

... The only mention of bridging on the router if in the firewall section called Bridge Filtering which I don't think you are talking about.

I think that probably is what I am talking about.
Effectively you bypass your router functions in your modem/router, and are only using it as a modem in bridged mode (which means it passes signals straight through with no NAT'ing or anything else).

Keep reading and try actually changing the setup, you may well see a bridged mode option that you can select.

[abasel]

I found these options

Protocol:   

• PPP over ATM (PPPoA) - Currently selected
• PPP over Ethernet (PPPoE)
• IP over ATM (IPoA)
• Bridging

Should I change it to the bottom one or is this something else?

If I do change it to bridging, do I need to set anything else up on the SME box?

[janet]

abasel

Select Bridging
No need to doubt the obvious !

Keep in mind you will then need to log in to your sme server as admin and run the Configure this server option. Step through the screens and enter your main domain name. Select and configure PPPoA and enter your ISP login username and password details and static external IP. Also enable DHCP. Your SME server is now acting as login client, DHCP server, firewall and DNS server, as well as the mail, web, ssh and other functionality. Enable services in server manager. Also configure additional domains in the server manager Domains panel. Also remember to configure your workgroup name, and configure your windows workstations with the same name.

Also you need a hub or switch to share your server with other computers on the LAN, connect one NIC to your modem and the other NIC to your hub/switch. You can connect a single workstation directly to your server with a crossover Ethernet cable if you don't have a switch.

Run the Test Internet access option to check the server can access the Internet, you might have to swap network cables between NIC's.

[abasel]

If you knew how many times I reset the router today because it could no longer access it after making changes, you'd understand my caution ... lol

Well I'll give it a shot and let you know

[janet]

abasel

Once you select Bridging mode you will no longer have Internet access from your workstation connected to the modem/router. You must also configure the server as indicated in my last post and connect your workstation(s) to the LAN side in order to get web access, now via your SME server.