Wireless Networks Thread, External DNS connections in Technical; FWIW, any SmoothWall users playing with port-forwards should think about turning on "connection logging" for debug purposes. This is set ...
15th January 2008, 08:53 AM #16
FWIW, any SmoothWall users playing with port-forwards should think about turning on "connection logging" for debug purposes. This is set up under Networking/Firewall/Port Forwards. Do NOT have this on for general use, as it creates gigs of data, but if you're having issues, you'll be able to check the firewall logs (use the drop down to select port forwards) and that will tell you if the traffic is arriving ok at the external interface, and what is happening to it.
Common gotchas (all products, no just SW):
1. Make sure the box you're forwarding to is set with the right default gw
2. Make sure that you are forwarding from the right IP, especially if you have >1 external IP.
15th January 2008, 09:12 AM #17
Port forwarding through two firewalls/routers
I read that the best way to port forward through two routers/firewalls is like so:
External public facing (202.x.x.x) > internal public facing (10.x.x.x) > internal network (172.x.x.x).
One of the smoothwall guys helped me to create the firewall rules on my school guardian as i was unsure as to the best way to set up the rules.
I don't like firewall configuration much.
15th January 2008, 11:17 AM #18
Hodgehi did you get your site working in your school??
the best way would be to goto your LOCAL DNS server,
and create a domain for your website
so if yoursite is called www.myschool.net
create a domain called myschool.net locally and tell your dns server that your dns server is authoritive for that domain.
then create an A record IN that domain for www
with the LOCAL server address of your webserver.
then give it 10 mins to replicate to your other dns servers, and go to a client and type "ping www.myschool.net"
it should resolve as your LOCAL server address if not then type nslookup www.myschool.net and post the info here
if it does, then it should work fine in internet explorer or firefox or iceweasle or safari etc etc
22nd January 2008, 10:20 AM #19
Update to hosting school website
Well it's been over a week now and i have heard nothing from RM as to whether they have actually opened the ports i requested or even if they are still working on the issue. It's ridiculous for it to take this long.
So today i have taken their router off-line and put our old BT Voyager one back on and tried to get it working. But i am still getting an issue with the port forwarding.
The router is a Voyager 2091.
I have disabled the IP Filter and set up port forwards for port 80, 443 and 25.
Ip of router = 196.x.x.x
ip of private side of router = 10.x.x.254
ip of public side of school guardian = 10.x.x.1
private side of school guardian = 172.x.x.254
ip of webserver = 172.x.x.1
so given the above ips this is how it goes: -
80 from all --> 10.x.x.1 Voyager)
80 from 10.x.x.254 --> 172.x.x.1
same for all other port numbers.
Connection gets refused.
According to the logs on the School Guardian its not even getting to that point since there are no entries for any ports forwarded, rejected, stealthed, nothing at all in any of them apart from "main".
There doesn't seem to be any log option on the Voyager router so cannot see what's happening at that point.
Anyone have any ideas what might be wrong??
PS i have taken onboard what folks have said and have been trying to connect via IP. DNS resolves internally for the www.cronehills.sandwell.sch.uk but resolves to somewhere else at the moment externally.
22nd January 2008, 10:26 AM #20
Did you do a change request? It has to go to RM, who then send it to the LEA for approval then back to RM to action. The chances of them opening port 25 to the world for you are minimal, we have to pay £1500 a year for a smtp feed from the segfl mail servers instead.
22nd January 2008, 10:40 AM #21
Yeah the fax went off over a week ago but i still have not heard from them to say whether it has been accepted or denied or anything.
So how could the ports be blocked if i have my own managed router for the internet. At the moment we have an adsl line from RM who supplied us with their router which is not being used.
At the moment we have no connection to our LEA.
22nd January 2008, 10:44 AM #22
If you are connected to rm for your internet then you probably don't have a real internet connection, it will be connected to their internal network. They control everything going in and out to your connection. Until they create their own forwarding rules you aren't going to see any traffic.
22nd January 2008, 10:58 AM #23
That sounds about right to me. When you lookup the routers ip it resolves back to a SOA record for RM.
Ok. Thanks for the information. I will need to speak to the guy who was dealing with my query and see how it goes from there.
22nd January 2008, 11:02 AM #24
And just a note to say that your rm router probably doesn't even have the firewall turned on. When I checked the configs for our segfl supplied cisco it wasn't really doing anything at all, its just passes the data through.
28th January 2008, 01:11 PM #25
So RM have opened the ports to allow the traffic through to our servers now.
they forwarded ports 25,80 and 443 into our network and i can now see our servers from the public IP address.
The school guardian is configured to forward the ports into our network from the mid-range of IPs and i have enabled the firewalls on both OD servers.
I have enabled only the same ports from "any". I have not used the OS X server firewall in a production environment so would like to clarify the settings if possible. What are the minimum ports needed for http, https and mail?
Is that all i need to do with the "any" side of the firewall. I assume that the any means in from the internet.
28th January 2008, 01:32 PM #26
The firewall config sounds right (I have never used that firewall though), the ports required are the ones that RM has opened for you ie:
Originally Posted by HodgeHi
25 SMTP Mail server traffic
80 unencrypted http traffic
443 SSL encrypted HTTP
Last edited by SYNACK; 28th January 2008 at 01:55 PM.
Reason: mistyped port number
28th January 2008, 01:35 PM #27
Are you hosting your own mail server? Do you have control over the primary mx record and a suitable backup mail host? Just curious
By tomlin in forum Windows
Last Post: 5th December 2007, 12:00 PM
By Mr_M_Cox in forum Windows
Last Post: 7th June 2007, 06:00 PM
By 20RickY06 in forum General Chat
Last Post: 6th September 2006, 08:56 AM
By plexer in forum Hardware
Last Post: 21st July 2006, 04:01 PM
By Simcfc73 in forum Wireless Networks
Last Post: 9th March 2006, 09:19 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)