Koozali.org: home of the SME Server

Accessing my webserver from outside the network

Offline abasel

  • ***
  • 74
  • +0/-0
Accessing my webserver from outside the network
« on: July 01, 2010, 02:11:52 PM »
I have an ADSL router connecting my SME box to the internet.

From outside, if I enter the the IP of my connection in a browser, should I get the default page of my SME webserver? Should it just work or do I need to forward all port 80 traffic from the router to the internal SME IP of my network?

Not sure if I'm making any sense....

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #1 on: July 01, 2010, 02:50:10 PM »
Generally speaking it is likely that the DSL router is acting as a nat firewall. If this is the case, you would need to open ports.

Since you haven't said what mode your server is configured for i.e. server-gateway, server-only it makes it a bit harder to provide help.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #2 on: July 01, 2010, 10:47:46 PM »
I am using the  server-gateway setup

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #3 on: July 01, 2010, 11:42:49 PM »
If the external ip address of your server is in the private range http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces your router is doing the nat. You would then have to open the ports. Many of these routers have a setting for placing a machine in the dmz, what basically opens all ports to that internal ip address.

Other considerations are whether your isp is providing a static or dynamic ip. If static, you could access your machine via that ip address if dynamic a service such as dyndns would be needed.

There is also the possibility of reconfiguring the router to act as a modem and have your sme provide the login info for your dsl.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #4 on: July 01, 2010, 11:50:17 PM »
Is it better to configure the  router as a modem or should I leave the modem separate?

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #5 on: July 02, 2010, 12:12:58 AM »
I can't say if one way is better. It's more of a personal choice and comfort level and knowldge of the equipment being used.

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #6 on: July 02, 2010, 02:59:27 AM »
abasel
Quote
Is it better to configure the  router as a modem or should I leave the modem separate?

Typically you would configure your modem/router in bridged mode, which just passes the signals through to your SME server which is configured for gateway server mode.
Your server then handles the login client, DHCP server, DNS functions, firewall etc. There is no need to do network maintenance or adjustments in your modem/router then as your SME server handles everything including the firewall.

If you need or have specialized requirements for firewalling etc, then your router does all the functionality mentioned above (configured in normal modem/router mode), and your SME server is then configured for server only mode.

If you need to use the wireless function that many routers have, then you need to use your modem/router as the gateway/firewall etc, and only use your SME server in server only mode.

It will be easier to administer a bridged modem and a SME in gateway server mode, as all/most configuration is done via server manager.

If you use a seperate router/firewall then you have to setup port forwards for all services you want to access on your SME server, eg web, https, mail, ssh and whatever else.
 
You obviously must disable all these functions in the modem/router.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #7 on: July 02, 2010, 05:36:52 AM »
I have a fixed IP which I've also assigned a domain name via dyndns.
I've set the following in my router where 192.168.199.1 is the IP of SME.

TCP   ALL   192.168.199.1   80   80       

Basically I am trying to get all incoming traffic on port 80 to redirect to the webserver.........


Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #8 on: July 02, 2010, 05:50:30 AM »
abasel

If you are going to use your router as the firewall, then change your SME to server only mode.
Also disable DHCP in the SME server as the router will be doing that (usually by default).

Personally I think you are taking the harder route, I already told you it will be easier to administer your setup if you set your router to bridged mode and disable all other services running on the router and enable those in SME server instead, and then manage everything (including firewall) from your SME server. Note you will not typically need to forward any ports under that scenario.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #9 on: July 02, 2010, 06:23:03 AM »
Hi.. I realise that I'm just missing the point somewhere, but thanks for the patient input :-)

I have disabled all other services.. thought I had anyway. The only mention of bridging on the router if in the firewall section called Bridge Filtering which I don't think you are talking about.

Quote
There is on option under virtual hosts to set up a DMZ host.... but when I tried that it all when to custard...

I am probably going round in circles now so will have a good look at the router manual and then see if together with your directions I can step forward. I think I'm probably close but its been a long day.

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #10 on: July 02, 2010, 06:29:34 AM »
abasel

Quote
... The only mention of bridging on the router if in the firewall section called Bridge Filtering which I don't think you are talking about.

I think that probably is what I am talking about.
Effectively you bypass your router functions in your modem/router, and are only using it as a modem in bridged mode (which means it passes signals straight through with no NAT'ing or anything else).

Keep reading and try actually changing the setup, you may well see a bridged mode option that you can select.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #11 on: July 02, 2010, 09:48:23 AM »
I found these options

Protocol:   
  • PPP over ATM (PPPoA) - Currently selected
  • PPP over Ethernet (PPPoE)
  • IP over ATM (IPoA)
  • Bridging

Should I change it to the bottom one or is this something else?

If I do change it to bridging, do I need to set anything else up on the SME box?
« Last Edit: July 02, 2010, 10:38:47 AM by abasel »

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #12 on: July 02, 2010, 10:39:29 AM »
abasel

Select Bridging
No need to doubt the obvious !

Keep in mind you will then need to log in to your sme server as admin and run the Configure this server option. Step through the screens and enter your main domain name. Select and configure PPPoA and enter your ISP login username and password details and static external IP. Also enable DHCP. Your SME server is now acting as login client, DHCP server, firewall and DNS server, as well as the mail, web, ssh and other functionality. Enable services in server manager. Also configure additional domains in the server manager Domains panel. Also remember to configure your workgroup name, and configure your windows workstations with the same name.

Also you need a hub or switch to share your server with other computers on the LAN, connect one NIC to your modem and the other NIC to your hub/switch. You can connect a single workstation directly to your server with a crossover Ethernet cable if you don't have a switch.

Run the Test Internet access option to check the server can access the Internet, you might have to swap network cables between NIC's.
« Last Edit: July 02, 2010, 10:58:38 AM by mary »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #13 on: July 02, 2010, 10:42:04 AM »
If you knew how many times I reset the router today because it could no longer access it after making changes, you'd understand my caution ... lol

Well I'll give it a shot and let you know

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #14 on: July 02, 2010, 11:06:07 AM »
abasel

Once you select Bridging mode you will no longer have Internet access from your workstation connected to the modem/router. You must also configure the server as indicated in my last post and connect your workstation(s) to the LAN side in order to get web access, now via your SME server.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #15 on: July 02, 2010, 01:42:26 PM »
OK my network works as follows:
Router (192.168.1.1):
Connection Settings
  • VPI/VCI: 0/100
  • Category: UBR
  • Protocol: PPPoA VC MUX
  • NAT: On
  • QOS: On
  • WAN IP: Auto assigned (Although it is a fixed IP)
  • MTU: 1500
No DHCP

SME (Internal: 192.168.199.1/External: 192.168.1.10)
Assign DHCP to internal network
Option 4. use Static IP


What I want:
Router (192.168.1.1):
Connection settings
  • VPI / VCI: 0 / 100
  • Service Category: UBR
  • Connection Type   Bridge LLC/SNAP, QoS Off
  • NAT: Disabled
  • WAN IP Address: I will get this IP from ISP
  • Default Gateway: I will get this from ISP
  • DNS Server: Automatically Assigned

Router returns Your DSL router is ready to connect to Broadband, but there is no PPP


SME (Internal: 192.168.199.1/External: 192.168.1.10)
Option: 3 (PPPoE)
and enter username and password

It then asks me if I want to use dyndns etc... as I have a static IP I don't set this. My IP that you mention I presume is the one I get from the ISP and leave on the Router

Am I finally on the right track?


Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #16 on: July 02, 2010, 02:29:25 PM »
abasel

You are close, but as I cannot see your setup, it's a little bit tricky to be specific.
I'll try to answer.


Quote
SME (Internal: 192.168.1.1/External:

External:  This should be your external static IP from the ISP

Quote
What I want:
Router (192.168.1.1):
Connection settings
  • WAN IP Address: I will get this IP from ISP

Your router will not have an IP anymore when it is connected to the SME server, as it is in bridged mode.
It will have an IP when you are setting it up from the connected workstation.

I think this should be disabled, and all router functions disabled.

Quote
  • Default Gateway: I will get this from ISP

No, this should be disabled. The SME server will now be your default gateway.

Quote
  • DNS Server: Automatically Assigned

DNS should be disabled, again the SME server will be your DNS server. You do not need to specify any external DNS servers either, eg as usually suggested by your ISP, the SME server is a DNS server.


Quote
SME (Internal: 192.168.199.1/External: 192.168.1.10)

Internal would be something like 192.168.1.1
External 10.0.10.1 or whatever the static IP is that you have been issued by your ISP


Quote
It then asks me if I want to use dyndns etc... as I have a static IP I don't set this.

You only set up dyndns services if you have a dynamic IP and a domain hosted at dyndns.
You don't, so don't.

Quote
My IP that you mention I presume is the one I get from the ISP and leave on the Router

You do not "leave" it on the router. You should enter your static IP into the SME server setup.
Your SME server is now your router and is providing all the routing services that your standalone router used to provide.
Disable everything in the standalone router, only configure it in bridged mode, and let the SME server perform all other functions.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #17 on: July 02, 2010, 02:51:11 PM »
Providing the model of your router may help as others might have past experience with it.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #18 on: July 03, 2010, 06:48:39 AM »
Once again many thanks :-)

The router I have is a DynaLink RTA1320

Will try shortly and let you know... just need to wait until the internet is not been used by the family :-)

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #19 on: July 03, 2010, 07:40:32 AM »
OK getting the Router (The DynaLink RTA1320) to bridge mode was easy :-)

Aaagh but configuring the SME server seems to be more complex lol

As I subscribe to opendns.org in order to protect the family from the nast sites, I used there IP in the DNS setting when configuring the SME server via the console.... this works fine as I have been using it with my initial setup.

It is just before this step that I come unstuck.

When I chose the PPPoE option, I don't get asked for my IP

When I choose the Static IP option, I don't get asked for my account login details for the PPP connection

I have tried both options but don't get a connection.

Yip I am nearly there.... but just seem to be missing it :)


Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #20 on: July 03, 2010, 01:20:48 PM »
abasel

Quote
.... DynaLink RTA1320 to bridge mode was easy...

I know that modem, it works OK in bridged mode with SME in server gateway mode and a TPG (Australia) ADSL2+ service, I think it was a PPPoE with static IP.

Quote
... configuring the SME server seems to be more complex
I subscribe to opendns.org... I used there IP in the DNS setting...

I would suggest initially to not configure this in SME server setup, so that it is not a source of problems or conflicts.
You can enable it later once you get SME connected at a basic level.


Quote
When I chose the PPPoE option, I don't get asked for my IP

With PPPoE there is no need to enter the IP as it (the static IP) will be automatically handed out by your ISP. This would be the option to choose with current popular ADSL2+ static IP services.

Quote
When I choose the Static IP option, I don't get asked for my account login details for the PPP connection

Yes that option is for a business grade static IP service, popularly available with previous ADSL offerings but now generally not available with ADSL2+ (gone to PPPoE).

Quote
I have tried both options but don't get a connection.

I'm guessing you should use PPPoE, you should tell us what country you are in, what type of service you have, ADSL, ADSL2, ADSL2+ etc and what ISP you use and what layer service it is ie layer 2, 3 ?

After you make the bridging changes to the modem, power it down for 5 minutes, then power it on, then check you have ADSL carrier/signal on the front panel lights.
Then configure your SME server and reboot it. Check you now see a Ethernet connection on the front panel lights of the modem and perform the Internet connection test. Swap the Ethernet cables around if "no go" initially. Do not be too quick to change setup, you need to troubleshoot the system as is rather than trying other invalid configurations.

Perhaps you also need to check with your ISP  that your service is PPPoE and ask whether their tech support people see your SME server logging in to the PPPoE connection. (The initial working setup of the modem/router showed PPPoA).

Only after you have it all running should you then configure the opendns setting. Note there are other ways you can achieve similar protection with SME eg Dansguardian, Squidguard and other techniques. That will come later though.
« Last Edit: July 03, 2010, 10:41:58 PM by mary »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #21 on: July 03, 2010, 02:27:38 PM »
Looking back and seeing he is using PPPoA, and also at the manual http://media.netcomm.com.au/public/assets/pdf_file/0004/18229/RTA1320_UG.pdf it seems to me that the PPP over ATM (PPPoA) IP Extension Mode may be the way to go. As I've not ever done any DSL setups using PPPoA I can't say if this would work.

Otherwise, I would be inclinded to use his known working setup, disable or limit the DHCP range, place a static IP on the WAN interface(outside DHCP range) and put it's value in the Virtual Server – DMZ Host section.


Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #22 on: July 04, 2010, 02:08:59 AM »
Thanks John for that, I just want to work through the above option first... If I hit an absolute brick wall I will try the DMZ option.

The answer the question above,
  • I am with orcon.net.nz
  • ADSL2+
  • The service .. and I quote the help desk "I believe its a layer 2 service" :-)

K. so a little later I will put the router into Bridge mode. When I do this, it defaults to LLC/SNAP but can be changed to some other options. For now I will leave it with the default. There is no other settings that I set when I do this and the router then reports that there is no PPP connection.. so that I will set up on SME.

On SME I will choose the PPPoE option and take the opendns settings out. On reboot I will swap network cables around if it doesn't work......  will get back to this post  in the next few hours




Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #23 on: July 04, 2010, 02:52:38 AM »
abasel

Quote
I will put the router into Bridge mode. When I do this, it defaults to LLC/SNAP but can be changed to some other options.

You should ask/explain to orcon tech support what you are doing and check if they support those settings in bridged mode, and also ask if they support PPPoE that your SME server (the new router) will use.

While talking with them again, I would also check with orcon that they do not block ports ie port 80, 25, 443, 22, 465, 993 and other service ports etc, as you seem to be planning to use the various functionality that your SME server is capable of. If your ISP puts port limitations on your service, then you will have difficulty running web sites and email, ssh etc etc.
If they do block ports the only practical answer is to change provider to someone who does not block ports or impose ridiculous limitations on usage.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #24 on: July 04, 2010, 03:48:40 AM »
No internet Connection but I can putty to the SME box

The Router has the following setting:
VPI / VCI 0 / 100
Service Category UBR
Connection Type Bridge LLC/SNAP, QoS Off

My Router then also reports
Your DSL router is not ready to connect to Broadband, and there is no PPP session defined
, Which is what I would expect

I tried swapping the cables but that had no effect.

When Using Option 3 (Use PPP over Ethernet), I enter my orcon account

details. After reboot I go to the server-manager webpage page which

reports the following Networking Parameters
Server Mode   servergateway
Local IP address / subnet mask   192.168.199.1/255.255.255.0
External IP address / subnet mask   192.168.1.2
Additional local networks   192.168.199.0/255.255.255.0
DHCP server   enabled
Beginning of DHCP address range   192.168.199.65
End of DHCP address range   192.168.199.250
Server names
DNS server   192.168.199.1

My Does the  SME report the External IP of 192.168.1.2 when it should  be my static IP provided by my ISP? DHCP was switched off on the Router

My ISP could not help my must except to say that the DSL was syncing.

I am currently on hold to orcon to ask them the other questions you recommended.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #25 on: July 04, 2010, 03:53:51 AM »
Got a reply PPPoE is only supported for rural connections :-(

Where to now.... the only other provider worth  trying in NZ is Telstra.... will call them now.

Telstra too ... no PPPoE for home users (maybe certain Business accounts)..... I suppose its the DMZ option then

Only PPPoA
« Last Edit: July 04, 2010, 04:00:00 AM by abasel »

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #26 on: July 04, 2010, 04:59:54 AM »
DMZ should work fine.

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #27 on: July 04, 2010, 05:30:12 AM »
abasel

An advanced search in the forums on PPPoA gave many answers.
Most NZ providers only offer PPPoA, unless you can convince yours to change the protocol for you.
SME server appears to not directly support PPPoA.
Follow the advice of johnp, which is the same/similar as many others have previously given.
Here is an old post which is of interest, newer ones say much the same.
http://forums.contribs.org/index.php/topic,16426.msg63570.html#msg63570
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #28 on: July 04, 2010, 05:44:43 AM »
Like I said, I've never encountered PPPoA, but from what I see it does allow for a 1500 mtu. Which is nice, since other potential problems aren't there.

Again I would try what I mention earlier, then the DMZ option. That way I know for future reference what works.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #29 on: July 04, 2010, 07:04:54 AM »
Hi Mary, that solution does connect me but returns the same results as the DHCP option. I still can't reach the webserver from an external connection. I will try to get my connection changed.

If that fails I will give John's DMZ option a try...... just can't give up on PPPoE just yet... put too much into it :-)

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #30 on: July 04, 2010, 07:43:00 AM »
abasel

Quote
that solution does connect me...

By that you mean you can now connect from your server to the Internet ie the "test Internet connection" test is successful, is that correct ?

ie from your sme server command prompt do you get a successful response if you do
ping yahoo.com


Quote
... but returns the same results as the DHCP option. I still can't reach the webserver from an external connection. I will try to get my connection changed.

This is really a seperate issue, although the one that started this thread.
I do not see that the connection protocol being PPPoE or PPPoA will in any way interfere with web access to your server, that is likely to be a configuration issue of some sort (local or external) or your ISP is blocking ports.

Quote
just can't give up on PPPoE just yet... put too much into it

I suggest you stop persisting with PPPoE, as that is clearly not supported by your ISP.
PPPoA will/should do the job for you, assuming your ISP is not blocking ports.
Did you actually ask them ? It is quite common for ISP's to block ports on residential type connections as they do not want you to run mail & web servers etc.

Focus on getting your new PPPoA method using static local IP sorted out fully, your problem could be external DNS records not pointing to your modem/router/server external IP address, or you have not configured that domain correctly in your sme server, or you have not forwarded ports correctly.

I have not used PPoA in the configuration you now have, so cannot add much more about that specifically.

If you put your external IP here for a short while, we/others can test it to see what's happening.
You can edit your post after a day and remove it if you prefer.

You can also run a port scan on your system to see what is open, see
grc.com
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #31 on: July 04, 2010, 08:33:44 AM »
So Orcon agreed to change my connection to PPPoE but told me that it probably wouldn't work (given the setup of the exchanges).... they only use it for rural connections.

They where right..... couldn't get the router to connect using PPPoE...... tried via SME just incase ...:-)

Alas not......

So it's off to the DMZ option...... will try that later.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #32 on: July 04, 2010, 11:02:16 AM »
OK... I ran a port scan using the site you recommended and all ports register as in Stealth  Mode. I will call the help desk tomorrow and ask them about it.


Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #33 on: July 04, 2010, 11:48:03 PM »
OK so according to my ISP, I shouldn't have a problem; they claim the ports are open.

On my router, the firewall is disabled.
Under the virtual server menus I found a port forwarding options and forwarded all traffic on port 80 to 192.168.199.1 (which is my SME server).

I've used dyndns or point baselmania.homedns.org to my IP

Internally when I enter this URL I get directed my router.

Externally I can see that baselmania.homedns.org resolves to the right IP but can't connect to anything.


Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #34 on: July 05, 2010, 02:03:21 AM »
abasel

I think we should go back to the beginning.
It's difficult to give you specific advice when we do not have all the details.
Many assumptions have been made which have and may still be misleading us.

That modem/router only has one Ethernet port.
In the current arrangement (before sme server), do you have it connected to only one workstation or do you have a hub/switch and share the Internet connection between a number of workstations, how many ?

OK so you now plan to use a sme server.
What are you actually planning to do with your sme server ? eg web server, mail server and if so do you want to avail spam filtering, RBL rejection etc etc, , ssh to it remotely using putty, VPN to it remotely, file server, network storage, for family use or for business use ???

How do you want (or expect) to connect the various pieces of equipment together, what will be your final network arrangement ? eg do you plan to share your sme server between a number of workstations via a hub/switch etc ?

Perhaps this is just a hobby use to play around with a server or do you have more specific and intended uses for it ?
« Last Edit: July 05, 2010, 02:11:36 AM by mary »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #35 on: July 05, 2010, 03:26:34 AM »
abasel

Assuming everything is connected and working correctly, I wonder if you have your server in Stealth mode
check with
config show masq

What is the history of your server, what version is it, has it been known to work, is it a new server never tested/proven before ?
Perhaps the onboard NICs are not supported, there are many possibilities.

ping baselmania.homedns.org
times out, as does
ping 121.98.130.111

Is 121.98.130.111 your external static IP ?
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #36 on: July 05, 2010, 03:39:34 AM »
Hi,

Its a hobby but also more than that; network services for family use. I've pulled about 1.5km of Cat 5 cable through my house and have 2-4 ports in each room. They are connected back to a patch panel. The phone line is connected to a separate panel and wired correctly for unified patching. The DSL filter is also wired in here. I am using an old, unmanaged switch ( 3Com, 3C16476 Superstack 3). Currently I also have a wireless AP connected to the switch which has no services running.

My Router (192.168.1.1, DynaLink RTA1320) plugs into my SME box (192.168.1.2). The SME connects to my switch via (192.168.199.1)

DHCP is served by SME

Currently with this setup we can browse the net via NIC or wireless connection. I got a few of these services running a few years ago when I used IPCOP but liked the scope of things that I could achieve using SME.

What I want to achieve
1) Serve a website to the internet from the SME server
2) Install Asterisk so that I can route calls through various providers as well as have voice mail e-mailed to my gmail account.
3) Media server to stream our music through the house
4) With time I would like to use Dansguardian as well as implement a captive portal for my wireless connections (something like "chilli hotspot"... I am happy do do this on a separate box if necessary)
5) Would like to Putty to SME remotely
6) Be able to RDP to my windows machines from outside the network

There are some other family members and friends who are interested in home servers and I'd like to be able to help them with this.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #37 on: July 05, 2010, 03:46:37 AM »
When I go to whatismyip.com, I get

Quote
What Is My IP Address - Service provided by WhatIsMyIP.com
Your IP Address Is: 121.98.130.111
Possible Proxy Detected: 1.1 server.baselmania.local:3128 (squid/2.5.STABLE14)

My server is an Old IBM xSeries 206. The nics all seem to work  fine. We are currently using the network on the internet... I just can't reach my network from outside.

Quote
login as: root
root@192.168.199.1's password:
Last login: Sun Jul  4 18:10:13 2010 from 192.168.199.245
[root@server ~]# config show masq
masq=service
    DenylogTarget=drop
    Logging=most
    Stealth=no
    Trace=disabled
    pptp=yes
    status=enabled
[root@server ~]#



Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #38 on: July 05, 2010, 03:58:03 AM »
abasel

Quote
What Is My IP Address - Service provided by WhatIsMyIP.com
Your IP Address Is: 121.98.130.111

Well that is the address configured in external DNS records etc, but is that actually the address that orcon have stated they gave you, eg in your service documentation ?

Edit - Oh I see what you mean, that site is showing you the IP you are accessing it from, which therefore must be your real world static IP. That's OK then.


Quote
Possible Proxy Detected: 1.1 server.baselmania.local:3128 (squid/2.5.STABLE14)

Is that the primary domain name of your server. If so, I suggest you change it to
baselmania.homedns.org.
It might work/resolve better then.


Quote
We are currently using the network on the internet... I just can't reach my network from outside

That is important, so you are saying you do have Internet access from workstations on your LAN (192.168.199.x) that are behind the sme server. Do these workstations use the sme server as their gateway ?

« Last Edit: July 05, 2010, 04:07:44 AM by mary »
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #39 on: July 05, 2010, 04:23:57 AM »
Yes they are all going via SME.. see the response from ipconfig using my laptop which is connected wirelessly

Quote
Ethernet adapter Wireless Network Connection:
        Connection-specific DNS Suffix  . : baselmania.local
        Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
        Physical Address. . . . . . . . . : 00-26-C6-7C-21-B8
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.199.248
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.199.1
        DHCP Server . . . . . . . . . . . : 192.168.199.1
        DNS Servers . . . . . . . . . . . : 192.168.199.1
        Lease Obtained. . . . . . . . . . : Monday, 5 July 2010 1:05:15 p.m.
        Lease Expires . . . . . . . . . . : Tuesday, 6 July 2010 1:05:15 p.m.

Ethernet adapter Local Area Connection:
        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection
        Physical Address. . . . . . . . . : D8-D3-85-9A-B2-6C

The domain is baselmania.local but whatismyip.com reports the full machine name which is server
« Last Edit: July 05, 2010, 04:27:41 AM by abasel »

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #40 on: July 05, 2010, 05:00:07 AM »
abasel

You missed my point.
Go into the admin console, select Configure this server and change your primary domain name to
baselmania.homedns.org

The server name of "server" is OK, but it is more meaningful to give it a localised name eg dunedin or basel1 or whatever.
Less confusing when you have multiple servers to deal with (onsite or offsite), and less problematic when doing VPN from site to site (the same server name of server at both sites can cause issues).

There are many references in the forums to problems when the primary domain name is in the format xxxxxxx.local, which is not a real domain name.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #41 on: July 05, 2010, 05:41:51 AM »
You want to use the external ip address in the router i.e. 192.168.1.2 as the destination.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #42 on: July 05, 2010, 05:50:36 AM »
:-) I was looking at that as you posted this :-) ....... that what happens when one tries to set up a network and tend to the family.... I also tried the firewall option and it worked.

Thanks to all Especially Mary.... I got a good grasp of how this all works now... still wish they supported PPPoE this end though.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #43 on: July 05, 2010, 05:57:14 AM »
Last question.

Externally baselmania.homedns.org points to the right address but internally it gets redirected to my router IP, 192.168.1.1. Why might this be?

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #44 on: July 05, 2010, 06:07:03 AM »
Because the SME is acting as a firewall. The dns locally will resolve to the inside address. You should still look at putting the external ip address into the dmz so that all ports are open to it thereby enabling you to do the things you desire without having to add new firewall rules to the router.

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #45 on: July 05, 2010, 06:16:09 AM »
abasel

I can see your site now, by URL or IP

Baselmania
Welcome to our space
We are still developing this site
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #46 on: July 05, 2010, 06:21:41 AM »
Yeah thanks ... it looks like I had entered the wrong ip in my port forwarding rules :-(

In answer to Johns last comment


OK... so I deleted the port forwarding rules in the router and placed 192.168.1.2 into the DMZ (is this what you meant)

But I still get the same result ie. externally you can see my webpage  but internally I'm redirected to the router (192.168.1.1).

tracert seems to shows the following
Quote
Tracing route to baselmania.homedns.org [121.98.130.111]

over a maximum of 30 hops:
  1    20 ms    <1 ms    <1 ms  basel01.baselmania.homedns.org [192.168.199.1]
  2     3 ms     1 ms     1 ms  130-98-121-111.bitstream.orcon.net.nz [121.98.130.111]
Trace complete.

I am needing it to point to 192.168.1.2 internally or get 121.98.130.111 when called internally to redirect to the webserver

121.98.130.111 and 192.168.1.1 both return the router webpage internally
« Last Edit: July 05, 2010, 06:23:21 AM by abasel »

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #47 on: July 05, 2010, 06:30:30 AM »
You could name your server baselmania and use homedns.org as the primary domain :)

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #48 on: July 05, 2010, 06:43:35 AM »
Actually I think you shoud use baselmania.homedns.org as the primary domain and name the server whatever you want

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #49 on: July 05, 2010, 06:48:39 AM »
That's done.... baselmania.homedns.org as primary domain and server is basel01

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #50 on: July 05, 2010, 06:49:53 AM »
Does it work now?

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #51 on: July 05, 2010, 06:53:04 AM »
abasel & johnp

Quote
Does it work now?

Quote
Actually I think you shoud use baselmania.homedns.org as the primary domain and name the server whatever you want

It looks like abasel had already done that a couple of posts back
"basel01.baselmania.homedns.org [192.168.199.1]"

What about in the Domains panel in server manager, have you configured "Resolve locally" or "Internet DNS servers" for the Domain DNS Servers setting ? Try the latter.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #52 on: July 05, 2010, 07:09:01 AM »
I was doing it using corporate servers and pointing to OpenDNS but even when I change it as you say, it does the same.

If I enter the IP (121.98.130.111) directly it also redirects to my router login although it shows 192.168.1.1 in the browser's address bar.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #53 on: July 05, 2010, 07:11:32 AM »
Changed it to local and its all sweet....... so now I will need to use Dans Guardian to protect for internet content.... I will look for old forum posts on how to do this.

Thanks again :-)

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #54 on: July 05, 2010, 07:18:28 AM »
abasel

Yes just thinking that through, Resolve locally should work, as you say it does.
Finally there !!!

Don't look through old forums posts, see the Howtos
http://wiki.contribs.org/Category:Howto

and the Contribs
http://wiki.contribs.org/Category:Contrib

and here is Dansguardian
http://wiki.contribs.org/Dansguardian

Please read the Wiki.
http://wiki.contribs.org/Main_Page
and the FAQ
http://wiki.contribs.org/SME_Server:Documentation:FAQ


This thread could actually be the basis of a good wiki Howto article, PPPoA with your SME server
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #55 on: July 05, 2010, 07:19:11 AM »
You may also check at dyndns for wildcard support. Since from outside www.baselmania.homedns.org doesn't appear working only baselmania.homedns.org works from here.

Offline abasel

  • ***
  • 74
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #56 on: July 05, 2010, 07:41:13 AM »
Yip no wildcard support for the free service... which is fine for now

Offline johnp

  • ****
  • 312
  • +0/-0
Re: Accessing my webserver from outside the network
« Reply #57 on: July 05, 2010, 07:49:56 AM »
They must have changed since I first got mine. Wildcard was free then.