Topic: Accessing my webserver from outside the network

[abasel]

OK my network works as follows:
Router (192.168.1.1):
Connection Settings

• VPI/VCI: 0/100
• Category: UBR
• Protocol: PPPoA VC MUX
• NAT: On
• QOS: On
• WAN IP: Auto assigned (Although it is a fixed IP)
• MTU: 1500

No DHCP

SME (Internal: 192.168.199.1/External: 192.168.1.10)
Assign DHCP to internal network
Option 4. use Static IP


What I want:
Router (192.168.1.1):
Connection settings

• VPI / VCI: 0 / 100
• Service Category: UBR
• Connection Type   Bridge LLC/SNAP, QoS Off
• NAT: Disabled
• WAN IP Address: I will get this IP from ISP
• Default Gateway: I will get this from ISP
• DNS Server: Automatically Assigned

Router returns Your DSL router is ready to connect to Broadband, but there is no PPP


SME (Internal: 192.168.199.1/External: 192.168.1.10)
Option: 3 (PPPoE)
and enter username and password

It then asks me if I want to use dyndns etc... as I have a static IP I don't set this. My IP that you mention I presume is the one I get from the ISP and leave on the Router

Am I finally on the right track?

[janet]

abasel

You are close, but as I cannot see your setup, it's a little bit tricky to be specific.
I'll try to answer.

SME (Internal: 192.168.1.1/External:

External:  This should be your external static IP from the ISP

What I want:
Router (192.168.1.1):
Connection settings

• WAN IP Address: I will get this IP from ISP

Your router will not have an IP anymore when it is connected to the SME server, as it is in bridged mode.
It will have an IP when you are setting it up from the connected workstation.

I think this should be disabled, and all router functions disabled.

• Default Gateway: I will get this from ISP

No, this should be disabled. The SME server will now be your default gateway.

• DNS Server: Automatically Assigned

DNS should be disabled, again the SME server will be your DNS server. You do not need to specify any external DNS servers either, eg as usually suggested by your ISP, the SME server is a DNS server.

SME (Internal: 192.168.199.1/External: 192.168.1.10)

Internal would be something like 192.168.1.1
External 10.0.10.1 or whatever the static IP is that you have been issued by your ISP

It then asks me if I want to use dyndns etc... as I have a static IP I don't set this.

You only set up dyndns services if you have a dynamic IP and a domain hosted at dyndns.
You don't, so don't.

My IP that you mention I presume is the one I get from the ISP and leave on the Router

You do not "leave" it on the router. You should enter your static IP into the SME server setup.
Your SME server is now your router and is providing all the routing services that your standalone router used to provide.
Disable everything in the standalone router, only configure it in bridged mode, and let the SME server perform all other functions.

[johnp]

Providing the model of your router may help as others might have past experience with it.

[abasel]

Once again many thanks

The router I have is a DynaLink RTA1320

Will try shortly and let you know... just need to wait until the internet is not been used by the family

[abasel]

OK getting the Router (The DynaLink RTA1320) to bridge mode was easy

Aaagh but configuring the SME server seems to be more complex lol

As I subscribe to opendns.org in order to protect the family from the nast sites, I used there IP in the DNS setting when configuring the SME server via the console.... this works fine as I have been using it with my initial setup.

It is just before this step that I come unstuck.

When I chose the PPPoE option, I don't get asked for my IP

When I choose the Static IP option, I don't get asked for my account login details for the PPP connection

I have tried both options but don't get a connection.

Yip I am nearly there.... but just seem to be missing it

[janet]

abasel

.... DynaLink RTA1320 to bridge mode was easy...

I know that modem, it works OK in bridged mode with SME in server gateway mode and a TPG (Australia) ADSL2+ service, I think it was a PPPoE with static IP.

... configuring the SME server seems to be more complex
I subscribe to opendns.org... I used there IP in the DNS setting...

I would suggest initially to not configure this in SME server setup, so that it is not a source of problems or conflicts.
You can enable it later once you get SME connected at a basic level.

When I chose the PPPoE option, I don't get asked for my IP

With PPPoE there is no need to enter the IP as it (the static IP) will be automatically handed out by your ISP. This would be the option to choose with current popular ADSL2+ static IP services.

When I choose the Static IP option, I don't get asked for my account login details for the PPP connection

Yes that option is for a business grade static IP service, popularly available with previous ADSL offerings but now generally not available with ADSL2+ (gone to PPPoE).

I have tried both options but don't get a connection.

I'm guessing you should use PPPoE, you should tell us what country you are in, what type of service you have, ADSL, ADSL2, ADSL2+ etc and what ISP you use and what layer service it is ie layer 2, 3 ?

After you make the bridging changes to the modem, power it down for 5 minutes, then power it on, then check you have ADSL carrier/signal on the front panel lights.
Then configure your SME server and reboot it. Check you now see a Ethernet connection on the front panel lights of the modem and perform the Internet connection test. Swap the Ethernet cables around if "no go" initially. Do not be too quick to change setup, you need to troubleshoot the system as is rather than trying other invalid configurations.

Perhaps you also need to check with your ISP  that your service is PPPoE and ask whether their tech support people see your SME server logging in to the PPPoE connection. (The initial working setup of the modem/router showed PPPoA).

Only after you have it all running should you then configure the opendns setting. Note there are other ways you can achieve similar protection with SME eg Dansguardian, Squidguard and other techniques. That will come later though.

[johnp]

Looking back and seeing he is using PPPoA, and also at the manual http://media.netcomm.com.au/public/assets/pdf_file/0004/18229/RTA1320_UG.pdf it seems to me that the PPP over ATM (PPPoA) IP Extension Mode may be the way to go. As I've not ever done any DSL setups using PPPoA I can't say if this would work.

Otherwise, I would be inclinded to use his known working setup, disable or limit the DHCP range, place a static IP on the WAN interface(outside DHCP range) and put it's value in the Virtual Server – DMZ Host section.

[abasel]

Thanks John for that, I just want to work through the above option first... If I hit an absolute brick wall I will try the DMZ option.

The answer the question above,

• I am with orcon.net.nz
• ADSL2+
• The service .. and I quote the help desk "I believe its a layer 2 service"

K. so a little later I will put the router into Bridge mode. When I do this, it defaults to LLC/SNAP but can be changed to some other options. For now I will leave it with the default. There is no other settings that I set when I do this and the router then reports that there is no PPP connection.. so that I will set up on SME.

On SME I will choose the PPPoE option and take the opendns settings out. On reboot I will swap network cables around if it doesn't work......  will get back to this post  in the next few hours

[janet]

abasel

I will put the router into Bridge mode. When I do this, it defaults to LLC/SNAP but can be changed to some other options.

You should ask/explain to orcon tech support what you are doing and check if they support those settings in bridged mode, and also ask if they support PPPoE that your SME server (the new router) will use.

While talking with them again, I would also check with orcon that they do not block ports ie port 80, 25, 443, 22, 465, 993 and other service ports etc, as you seem to be planning to use the various functionality that your SME server is capable of. If your ISP puts port limitations on your service, then you will have difficulty running web sites and email, ssh etc etc.
If they do block ports the only practical answer is to change provider to someone who does not block ports or impose ridiculous limitations on usage.

[abasel]

No internet Connection but I can putty to the SME box

The Router has the following setting:
VPI / VCI 0 / 100
Service Category UBR
Connection Type Bridge LLC/SNAP, QoS Off

My Router then also reports
Your DSL router is not ready to connect to Broadband, and there is no PPP session defined
, Which is what I would expect

I tried swapping the cables but that had no effect.

When Using Option 3 (Use PPP over Ethernet), I enter my orcon account

details. After reboot I go to the server-manager webpage page which

reports the following Networking Parameters
Server Mode   servergateway
Local IP address / subnet mask   192.168.199.1/255.255.255.0
External IP address / subnet mask   192.168.1.2
Additional local networks   192.168.199.0/255.255.255.0
DHCP server   enabled
Beginning of DHCP address range   192.168.199.65
End of DHCP address range   192.168.199.250
Server names
DNS server   192.168.199.1

My Does the  SME report the External IP of 192.168.1.2 when it should  be my static IP provided by my ISP? DHCP was switched off on the Router

My ISP could not help my must except to say that the DSL was syncing.

I am currently on hold to orcon to ask them the other questions you recommended.

[abasel]

Got a reply PPPoE is only supported for rural connections

Where to now.... the only other provider worth  trying in NZ is Telstra.... will call them now.

Telstra too ... no PPPoE for home users (maybe certain Business accounts)..... I suppose its the DMZ option then

Only PPPoA

[johnp]

DMZ should work fine.

[janet]

abasel

An advanced search in the forums on PPPoA gave many answers.
Most NZ providers only offer PPPoA, unless you can convince yours to change the protocol for you.
SME server appears to not directly support PPPoA.
Follow the advice of johnp, which is the same/similar as many others have previously given.
Here is an old post which is of interest, newer ones say much the same.
http://forums.contribs.org/index.php/topic,16426.msg63570.html#msg63570

[johnp]

Like I said, I've never encountered PPPoA, but from what I see it does allow for a 1500 mtu. Which is nice, since other potential problems aren't there.

Again I would try what I mention earlier, then the DMZ option. That way I know for future reference what works.

[abasel]

Hi Mary, that solution does connect me but returns the same results as the DHCP option. I still can't reach the webserver from an external connection. I will try to get my connection changed.

If that fails I will give John's DMZ option a try...... just can't give up on PPPoE just yet... put too much into it