+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 27 of 27
Wireless Networks Thread, External DNS connections in Technical; FWIW, any SmoothWall users playing with port-forwards should think about turning on "connection logging" for debug purposes. This is set ...
  1. #16


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    FWIW, any SmoothWall users playing with port-forwards should think about turning on "connection logging" for debug purposes. This is set up under Networking/Firewall/Port Forwards. Do NOT have this on for general use, as it creates gigs of data, but if you're having issues, you'll be able to check the firewall logs (use the drop down to select port forwards) and that will tell you if the traffic is arriving ok at the external interface, and what is happening to it.

    Common gotchas (all products, no just SW):
    1. Make sure the box you're forwarding to is set with the right default gw
    2. Make sure that you are forwarding from the right IP, especially if you have >1 external IP.

  2. #17

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Port forwarding through two firewalls/routers

    I read that the best way to port forward through two routers/firewalls is like so:

    External public facing (202.x.x.x) > internal public facing (10.x.x.x) > internal network (172.x.x.x).

    One of the smoothwall guys helped me to create the firewall rules on my school guardian as i was unsure as to the best way to set up the rules.

    I don't like firewall configuration much.

  3. #18
    greenfieldsupport's Avatar
    Join Date
    Mar 2007
    Location
    Newton Aycliffe, Durham
    Posts
    240
    Thank Post
    14
    Thanked 3 Times in 3 Posts
    Rep Power
    15
    Hodgehi did you get your site working in your school??

    the best way would be to goto your LOCAL DNS server,

    and create a domain for your website

    so if yoursite is called www.myschool.net

    create a domain called myschool.net locally and tell your dns server that your dns server is authoritive for that domain.

    then create an A record IN that domain for www
    with the LOCAL server address of your webserver.

    then give it 10 mins to replicate to your other dns servers, and go to a client and type "ping www.myschool.net"

    it should resolve as your LOCAL server address if not then type nslookup www.myschool.net and post the info here

    if it does, then it should work fine in internet explorer or firefox or iceweasle or safari etc etc

  4. #19

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Update to hosting school website

    Well it's been over a week now and i have heard nothing from RM as to whether they have actually opened the ports i requested or even if they are still working on the issue. It's ridiculous for it to take this long.

    So today i have taken their router off-line and put our old BT Voyager one back on and tried to get it working. But i am still getting an issue with the port forwarding.

    The router is a Voyager 2091.

    I have disabled the IP Filter and set up port forwards for port 80, 443 and 25.

    Ip of router = 196.x.x.x
    ip of private side of router = 10.x.x.254
    ip of public side of school guardian = 10.x.x.1
    private side of school guardian = 172.x.x.254
    ip of webserver = 172.x.x.1


    so given the above ips this is how it goes: -

    80 from all --> 10.x.x.1 Voyager)
    80 from 10.x.x.254 --> 172.x.x.1

    same for all other port numbers.

    Connection gets refused.

    According to the logs on the School Guardian its not even getting to that point since there are no entries for any ports forwarded, rejected, stealthed, nothing at all in any of them apart from "main".

    There doesn't seem to be any log option on the Voyager router so cannot see what's happening at that point.

    Anyone have any ideas what might be wrong??

    PS i have taken onboard what folks have said and have been trying to connect via IP. DNS resolves internally for the www.cronehills.sandwell.sch.uk but resolves to somewhere else at the moment externally.
    Attached Images Attached Images

  5. #20
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,424
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    Did you do a change request? It has to go to RM, who then send it to the LEA for approval then back to RM to action. The chances of them opening port 25 to the world for you are minimal, we have to pay 1500 a year for a smtp feed from the segfl mail servers instead.

  6. #21

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Yeah the fax went off over a week ago but i still have not heard from them to say whether it has been accepted or denied or anything.
    So how could the ports be blocked if i have my own managed router for the internet. At the moment we have an adsl line from RM who supplied us with their router which is not being used.

    At the moment we have no connection to our LEA.

  7. #22
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,424
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    If you are connected to rm for your internet then you probably don't have a real internet connection, it will be connected to their internal network. They control everything going in and out to your connection. Until they create their own forwarding rules you aren't going to see any traffic.

  8. #23

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    That sounds about right to me. When you lookup the routers ip it resolves back to a SOA record for RM.

    Ok. Thanks for the information. I will need to speak to the guy who was dealing with my query and see how it goes from there.

  9. #24
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,424
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    And just a note to say that your rm router probably doesn't even have the firewall turned on. When I checked the configs for our segfl supplied cisco it wasn't really doing anything at all, its just passes the data through.

  10. #25

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Update

    So RM have opened the ports to allow the traffic through to our servers now.
    they forwarded ports 25,80 and 443 into our network and i can now see our servers from the public IP address.

    The school guardian is configured to forward the ports into our network from the mid-range of IPs and i have enabled the firewalls on both OD servers.

    I have enabled only the same ports from "any". I have not used the OS X server firewall in a production environment so would like to clarify the settings if possible. What are the minimum ports needed for http, https and mail?

    Is that all i need to do with the "any" side of the firewall. I assume that the any means in from the internet.

  11. #26

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,038
    Thank Post
    852
    Thanked 2,664 Times in 2,261 Posts
    Blog Entries
    9
    Rep Power
    767
    Quote Originally Posted by HodgeHi View Post
    So RM have opened the ports to allow the traffic through to our servers now.
    they forwarded ports 25,80 and 443 into our network and i can now see our servers from the public IP address.

    The school guardian is configured to forward the ports into our network from the mid-range of IPs and i have enabled the firewalls on both OD servers.

    I have enabled only the same ports from "any". I have not used the OS X server firewall in a production environment so would like to clarify the settings if possible. What are the minimum ports needed for http, https and mail?

    Is that all i need to do with the "any" side of the firewall. I assume that the any means in from the internet.
    The firewall config sounds right (I have never used that firewall though), the ports required are the ones that RM has opened for you ie:

    25 SMTP Mail server traffic
    80 unencrypted http traffic
    443 SSL encrypted HTTP
    Last edited by SYNACK; 28th January 2008 at 01:55 PM. Reason: mistyped port number

  12. #27
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,424
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    Are you hosting your own mail server? Do you have control over the primary mx record and a suitable backup mail host? Just curious

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. STOP UNC Connections
    By tomlin in forum Windows
    Replies: 8
    Last Post: 5th December 2007, 12:00 PM
  2. Printer Connections - I NEED HELP PLEASE
    By Mr_M_Cox in forum Windows
    Replies: 14
    Last Post: 7th June 2007, 06:00 PM
  3. Internet Connections
    By 20RickY06 in forum General Chat
    Replies: 7
    Last Post: 6th September 2006, 08:56 AM
  4. Promethean IWB Connections
    By plexer in forum Hardware
    Replies: 6
    Last Post: 21st July 2006, 04:01 PM
  5. Dual ADSL connections
    By Simcfc73 in forum Wireless Networks
    Replies: 1
    Last Post: 9th March 2006, 09:19 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •