Topic: Accessing my webserver from outside the network

[janet]

abasel

that solution does connect me...

By that you mean you can now connect from your server to the Internet ie the "test Internet connection" test is successful, is that correct ?

ie from your sme server command prompt do you get a successful response if you do
ping yahoo.com

... but returns the same results as the DHCP option. I still can't reach the webserver from an external connection. I will try to get my connection changed.

This is really a seperate issue, although the one that started this thread.
I do not see that the connection protocol being PPPoE or PPPoA will in any way interfere with web access to your server, that is likely to be a configuration issue of some sort (local or external) or your ISP is blocking ports.

just can't give up on PPPoE just yet... put too much into it

I suggest you stop persisting with PPPoE, as that is clearly not supported by your ISP.
PPPoA will/should do the job for you, assuming your ISP is not blocking ports.
Did you actually ask them ? It is quite common for ISP's to block ports on residential type connections as they do not want you to run mail & web servers etc.

Focus on getting your new PPPoA method using static local IP sorted out fully, your problem could be external DNS records not pointing to your modem/router/server external IP address, or you have not configured that domain correctly in your sme server, or you have not forwarded ports correctly.

I have not used PPoA in the configuration you now have, so cannot add much more about that specifically.

If you put your external IP here for a short while, we/others can test it to see what's happening.
You can edit your post after a day and remove it if you prefer.

You can also run a port scan on your system to see what is open, see
grc.com

[abasel]

So Orcon agreed to change my connection to PPPoE but told me that it probably wouldn't work (given the setup of the exchanges).... they only use it for rural connections.

They where right..... couldn't get the router to connect using PPPoE...... tried via SME just incase ...

Alas not......

So it's off to the DMZ option...... will try that later.

[abasel]

OK... I ran a port scan using the site you recommended and all ports register as in Stealth  Mode. I will call the help desk tomorrow and ask them about it.

[abasel]

OK so according to my ISP, I shouldn't have a problem; they claim the ports are open.

On my router, the firewall is disabled.
Under the virtual server menus I found a port forwarding options and forwarded all traffic on port 80 to 192.168.199.1 (which is my SME server).

I've used dyndns or point baselmania.homedns.org to my IP

Internally when I enter this URL I get directed my router.

Externally I can see that baselmania.homedns.org resolves to the right IP but can't connect to anything.

[janet]

abasel

I think we should go back to the beginning.
It's difficult to give you specific advice when we do not have all the details.
Many assumptions have been made which have and may still be misleading us.

That modem/router only has one Ethernet port.
In the current arrangement (before sme server), do you have it connected to only one workstation or do you have a hub/switch and share the Internet connection between a number of workstations, how many ?

OK so you now plan to use a sme server.
What are you actually planning to do with your sme server ? eg web server, mail server and if so do you want to avail spam filtering, RBL rejection etc etc, , ssh to it remotely using putty, VPN to it remotely, file server, network storage, for family use or for business use ???

How do you want (or expect) to connect the various pieces of equipment together, what will be your final network arrangement ? eg do you plan to share your sme server between a number of workstations via a hub/switch etc ?

Perhaps this is just a hobby use to play around with a server or do you have more specific and intended uses for it ?

[janet]

abasel

Assuming everything is connected and working correctly, I wonder if you have your server in Stealth mode
check with
config show masq

What is the history of your server, what version is it, has it been known to work, is it a new server never tested/proven before ?
Perhaps the onboard NICs are not supported, there are many possibilities.

ping baselmania.homedns.org
times out, as does
ping 121.98.130.111

Is 121.98.130.111 your external static IP ?

[abasel]

Hi,

Its a hobby but also more than that; network services for family use. I've pulled about 1.5km of Cat 5 cable through my house and have 2-4 ports in each room. They are connected back to a patch panel. The phone line is connected to a separate panel and wired correctly for unified patching. The DSL filter is also wired in here. I am using an old, unmanaged switch ( 3Com, 3C16476 Superstack 3). Currently I also have a wireless AP connected to the switch which has no services running.

My Router (192.168.1.1, DynaLink RTA1320) plugs into my SME box (192.168.1.2). The SME connects to my switch via (192.168.199.1)

DHCP is served by SME

Currently with this setup we can browse the net via NIC or wireless connection. I got a few of these services running a few years ago when I used IPCOP but liked the scope of things that I could achieve using SME.

What I want to achieve
1) Serve a website to the internet from the SME server
2) Install Asterisk so that I can route calls through various providers as well as have voice mail e-mailed to my gmail account.
3) Media server to stream our music through the house
4) With time I would like to use Dansguardian as well as implement a captive portal for my wireless connections (something like "chilli hotspot"... I am happy do do this on a separate box if necessary)
5) Would like to Putty to SME remotely
6) Be able to RDP to my windows machines from outside the network

There are some other family members and friends who are interested in home servers and I'd like to be able to help them with this.

[abasel]

When I go to whatismyip.com, I get

What Is My IP Address - Service provided by WhatIsMyIP.com
Your IP Address Is: 121.98.130.111
Possible Proxy Detected: 1.1 server.baselmania.local:3128 (squid/2.5.STABLE14)

My server is an Old IBM xSeries 206. The nics all seem to work  fine. We are currently using the network on the internet... I just can't reach my network from outside.

login as: root
root@192.168.199.1's password:
Last login: Sun Jul  4 18:10:13 2010 from 192.168.199.245
[root@server ~]# config show masq
masq=service
    DenylogTarget=drop
    Logging=most
    Stealth=no
    Trace=disabled
    pptp=yes
    status=enabled
[root@server ~]#

[janet]

abasel

What Is My IP Address - Service provided by WhatIsMyIP.com
Your IP Address Is: 121.98.130.111

Well that is the address configured in external DNS records etc, but is that actually the address that orcon have stated they gave you, eg in your service documentation ?

Edit - Oh I see what you mean, that site is showing you the IP you are accessing it from, which therefore must be your real world static IP. That's OK then.

Possible Proxy Detected: 1.1 server.baselmania.local:3128 (squid/2.5.STABLE14)

Is that the primary domain name of your server. If so, I suggest you change it to
baselmania.homedns.org.
It might work/resolve better then.

We are currently using the network on the internet... I just can't reach my network from outside

That is important, so you are saying you do have Internet access from workstations on your LAN (192.168.199.x) that are behind the sme server. Do these workstations use the sme server as their gateway ?

[abasel]

Yes they are all going via SME.. see the response from ipconfig using my laptop which is connected wirelessly

Ethernet adapter Wireless Network Connection:
        Connection-specific DNS Suffix  . : baselmania.local
        Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
        Physical Address. . . . . . . . . : 00-26-C6-7C-21-B8
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.199.248
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.199.1
        DHCP Server . . . . . . . . . . . : 192.168.199.1
        DNS Servers . . . . . . . . . . . : 192.168.199.1
        Lease Obtained. . . . . . . . . . : Monday, 5 July 2010 1:05:15 p.m.
        Lease Expires . . . . . . . . . . : Tuesday, 6 July 2010 1:05:15 p.m.

Ethernet adapter Local Area Connection:
        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection
        Physical Address. . . . . . . . . : D8-D3-85-9A-B2-6C

The domain is baselmania.local but whatismyip.com reports the full machine name which is server

[janet]

abasel

You missed my point.
Go into the admin console, select Configure this server and change your primary domain name to
baselmania.homedns.org

The server name of "server" is OK, but it is more meaningful to give it a localised name eg dunedin or basel1 or whatever.
Less confusing when you have multiple servers to deal with (onsite or offsite), and less problematic when doing VPN from site to site (the same server name of server at both sites can cause issues).

There are many references in the forums to problems when the primary domain name is in the format xxxxxxx.local, which is not a real domain name.

[johnp]

You want to use the external ip address in the router i.e. 192.168.1.2 as the destination.

[abasel]

I was looking at that as you posted this ....... that what happens when one tries to set up a network and tend to the family.... I also tried the firewall option and it worked.

Thanks to all Especially Mary.... I got a good grasp of how this all works now... still wish they supported PPPoE this end though.

[abasel]

Last question.

Externally baselmania.homedns.org points to the right address but internally it gets redirected to my router IP, 192.168.1.1. Why might this be?

[johnp]

Because the SME is acting as a firewall. The dns locally will resolve to the inside address. You should still look at putting the external ip address into the dmz so that all ports are open to it thereby enabling you to do the things you desire without having to add new firewall rules to the router.