Wireless Networks Thread, External DNS connections in Technical; FWIW, any SmoothWall users playing with port-forwards should think about turning on "connection logging" for debug purposes. This is set ...
FWIW, any SmoothWall users playing with port-forwards should think about turning on "connection logging" for debug purposes. This is set up under Networking/Firewall/Port Forwards. Do NOT have this on for general use, as it creates gigs of data, but if you're having issues, you'll be able to check the firewall logs (use the drop down to select port forwards) and that will tell you if the traffic is arriving ok at the external interface, and what is happening to it.
Common gotchas (all products, no just SW):
1. Make sure the box you're forwarding to is set with the right default gw
2. Make sure that you are forwarding from the right IP, especially if you have >1 external IP.
Well it's been over a week now and i have heard nothing from RM as to whether they have actually opened the ports i requested or even if they are still working on the issue. It's ridiculous for it to take this long.
So today i have taken their router off-line and put our old BT Voyager one back on and tried to get it working. But i am still getting an issue with the port forwarding.
The router is a Voyager 2091.
I have disabled the IP Filter and set up port forwards for port 80, 443 and 25.
Ip of router = 196.x.x.x
ip of private side of router = 10.x.x.254
ip of public side of school guardian = 10.x.x.1
private side of school guardian = 172.x.x.254
ip of webserver = 172.x.x.1
so given the above ips this is how it goes: -
80 from all --> 10.x.x.1 Voyager)
80 from 10.x.x.254 --> 172.x.x.1
same for all other port numbers.
Connection gets refused.
According to the logs on the School Guardian its not even getting to that point since there are no entries for any ports forwarded, rejected, stealthed, nothing at all in any of them apart from "main".
There doesn't seem to be any log option on the Voyager router so cannot see what's happening at that point.
Anyone have any ideas what might be wrong??
PS i have taken onboard what folks have said and have been trying to connect via IP. DNS resolves internally for the www.cronehills.sandwell.sch.uk but resolves to somewhere else at the moment externally.
Did you do a change request? It has to go to RM, who then send it to the LEA for approval then back to RM to action. The chances of them opening port 25 to the world for you are minimal, we have to pay £1500 a year for a smtp feed from the segfl mail servers instead.
Yeah the fax went off over a week ago but i still have not heard from them to say whether it has been accepted or denied or anything.
So how could the ports be blocked if i have my own managed router for the internet. At the moment we have an adsl line from RM who supplied us with their router which is not being used.
If you are connected to rm for your internet then you probably don't have a real internet connection, it will be connected to their internal network. They control everything going in and out to your connection. Until they create their own forwarding rules you aren't going to see any traffic.
And just a note to say that your rm router probably doesn't even have the firewall turned on. When I checked the configs for our segfl supplied cisco it wasn't really doing anything at all, its just passes the data through.
So RM have opened the ports to allow the traffic through to our servers now.
they forwarded ports 25,80 and 443 into our network and i can now see our servers from the public IP address.
The school guardian is configured to forward the ports into our network from the mid-range of IPs and i have enabled the firewalls on both OD servers.
I have enabled only the same ports from "any". I have not used the OS X server firewall in a production environment so would like to clarify the settings if possible. What are the minimum ports needed for http, https and mail?
Is that all i need to do with the "any" side of the firewall. I assume that the any means in from the internet.
So RM have opened the ports to allow the traffic through to our servers now.
they forwarded ports 25,80 and 443 into our network and i can now see our servers from the public IP address.
The school guardian is configured to forward the ports into our network from the mid-range of IPs and i have enabled the firewalls on both OD servers.
I have enabled only the same ports from "any". I have not used the OS X server firewall in a production environment so would like to clarify the settings if possible. What are the minimum ports needed for http, https and mail?
Is that all i need to do with the "any" side of the firewall. I assume that the any means in from the internet.
The firewall config sounds right (I have never used that firewall though), the ports required are the ones that RM has opened for you ie:
25 SMTP Mail server traffic
80 unencrypted http traffic
443 SSL encrypted HTTP
Last edited by SYNACK; 28th January 2008 at 01:55 PM.
Reason: mistyped port number
LinkBack URL
About LinkBacks
or firefox or iceweasle or safari etc etc 
Originally Posted by HodgeHi 
