1

I have setup a virtual server running MediaWiki (a TurnKey appliance). I have got the server up and running and have assigned it a static IP address on the local network.

I have also assigned the server a public IP address by setting up a DMZ host on the router. The router is a Draytek Vigor 2820.

I have tried using SSH/SFTP/FTP to access the server remotely but they all timeout. The turnkey appliance comes with Shell in a box as standard and that works fine.

I have checked the firewall using the webmin interface and port 22 is allowed.

Am I missing any vital steps?

For reference the appliance product page can be seen here: http://www.turnkeylinux.org/mediawiki

Update:

The public ip address fails when I ping it from the remote location (any remote location) and a port test shows port 22 as closed. I presume this narrows the problem down to the router?

dannymcc
  • 2,717
  • 10
  • 48
  • 72
  • Does the DMZ IP respond to ping? Can you portscan the IP from the outside world to see what it's exposing? – Jodie C Jul 16 '11 at 14:45
  • Can't ping (it fails) and it says port 22 is closed. Any idea how I open them? – dannymcc Jul 16 '11 at 14:51
  • If everything works as it should locally, you need to focus on the router configuration... is the firewall configured to pass all traffic through the DMZ? – baraboom Jul 16 '11 at 15:19
  • Well there is a Unix server that is maintained by an external company using SSH. – dannymcc Jul 16 '11 at 15:38
  • The Unix server isn't mentioned on the DMZ host page. Is there a way of allowing SSH for both the unix server and DMZ hosts? – dannymcc Jul 16 '11 at 15:38
  • yes if you have multiple IP's or are willing to run connect to ssh on a custom port (eg 44444) you may need to add port forwarding – anthonysomerset Jul 16 '11 at 15:52
  • If I wanted them all to stay on the standard port would I have to add forwarders for one and the rest wouldn't be available? I'm unsure how to open port 22 for multiple servers. – dannymcc Jul 16 '11 at 15:57

2 Answers2

1

"I'm unsure how to open port 22 for multiple servers."

If you want to run multiple servers/applications on the same/overlapping standard port number assignments, then you will need multiple routable IP addresses for access to each across the Internet.

user48838
  • 7,431
  • 2
  • 18
  • 14
  • Sorry I should elaborate; I have enough ip addresses (public, dedicated) for each server to have its own. I'm unsure on how to open port 22 for each of them. – dannymcc Jul 16 '11 at 20:22
  • 1
    Ok, it looks like you have quite a nice piece of SOHO WAN equipment. It appears to support up to 8 addresses collectively on the WAN side of it, but it requires two steps in getting it setup. In addition to the "regular" WAN configuration, you will also need to setup the WAN IP Aliases (which will tell the equipment which and how many WAN IP addresses it is dealing with). After having that, you can establish "Port Redirection" between each WAN-LAN IP configuration, but you are limited to 20 mappings - which can become a little constricting pretty quickly. – user48838 Jul 17 '11 at 00:17
1

Inbound ssh and http ports is probably not open on router. You will need to consult your router's documentation and understand from there how open firewall ports on the router to the server on the DMZ.

That said, since Draytek Vigor 2820 support port redirection:

http://www.draytek.co.uk/products/vigor2820.html

I might suggest that you put the server off the DMZ and just redirect port 80, 443 and ssh to that server's IP.

Rilindo
  • 5,078
  • 5
  • 28
  • 46
  • If I redirect those ports to the server then no other server on the local network will be able to receive external ssh traffic, will they? – dannymcc Jul 16 '11 at 20:39
  • No, it will not. The port redirection in this case will redirect ssh traffic going from the outside network into your internal to the server. However, ssh connectivity within the internal network will be unaffected. – Rilindo Jul 16 '11 at 22:04