external remote access in multiwan

[loomy]

HI @ll!

First of all, great product and nice community in here.  Helped me a lot to understand and configure my Zentyal 2.2 as I wanted it.

But now I need your help, I don't see the fault anymore.

I have one modemrouter Speedtouch ST516 (if it matters) and after that 2 wireless routers with dd-wrt on sending the Internet home to me to my server.
Modemrouter --> LAN PORT WRT1 --- WDS --- WRT2 --> Zentyal Machine.
IPs: Modem 10.0.200.1
WRT1: 10.0.200.4
WRT2: 10.0.200.3
Zentyal eth1: 10.0.200.2



The second ext. connection isn't here yet so I run it in multiwan but only 1 connected, balancing and failover are enabled and everything works fine.

Except to connect from outside to https://myservername.zentyal.me - gives me only a network took too long to answer and thats it.

What I did is opening port 443 to the zentyal machine in the modemrouter  and thats it, in the events of the modems I can see that the modem rule sends the packets to the zentyal machine.

But at the other end I get no response...

So whatelse should be setup?
1. Modemrouter port forward
2. Firewall " External to Zentyal " Accept Rule for EboxAdministration and SSH and HTTPS

And thats it or not?

Or maybe you can tell me where I have to look in the zentyal machine why the external  incoming connection is blocked.

Thank you for reading and helping me out of the dark :-)

Stev

[loomy]

HI!

no one?

SO how do you guys remotely connect? And what did you setup?

Regards
 Stev

[christian]

I've to admit that I don't understand your comment about fail-over and load balancing working well with one single WAN interface  Anyway, it doesn't really matter.
1 - What do you mean when you write:

What I did is opening port 443 to the zentyal machine in the modemrouter

Does it mean you are forwarding to Zentyal external interface or does it mean you have a listner on your "modemrouter"?
2 - Did you open, as you suggest yourself rules to enable HTTPS access of Zentyal external interface?

[loomy]

HI Christian,

yes I made a port forward (Port 443) from the modemrouter to the zentyal server.
I am forwarding to the external interface on the zentyal machine (or better the one WAN connection I use right now.)

Yes I made a rule in the Zentyalserver "from outside to the zentyal machine" that port 443 or https packets are accepted.


But it doesn't work either.


Stev

[loomy]

So Christian is that ok so? or not?

[B_Khuwera]

Hi loomy

once i have almost the same condition but only 1 WAN connection.
modem router - wifi <--- zentyal ---> Local user including me.
all my network is below zentyal. i use zentyal as gateway and proxy server.
1. i change the zentyal admin port to something other than 443, due to i use 443 to access the wifi admin page. i never use 443 for zentyal admin page.
2. forward the new port in modem to zentyal server and open firewall rules to it.

I hope it help & regards

[ditos]

Hi guys,

i have the situation here. i can not access zentyal web interface config from internet.
i have 2 internet connection from the same ISP, both of them has an IP Public of course. for example A & B.

from A i want to access zentyal web interface that located in network B, i have configured port forwarding in each of modem router to allow forwarding port 443 and 22(SSH). i configure zentyal firewall to allow access from eksternal network by opening port 22.

the fact is i can not open zentyal web interface by opening https://IP_Public_B:443, but when i tried using putty using ssh mode / login console , i can loggin to zentyal console terminal.

somebody can help??

[B_Khuwera]

hi ditos

you said
"i have 2 internet connection from the same ISP, both of them has an IP Public of course. for example A & B.
from A i want to access zentyal web interface that located in network B, i have configured port forwarding in each of modem router to allow forwarding port 443 and 22(SSH). i configure zentyal firewall to allow access from eksternal network by opening port 22."

my understanding is you have two connections on your zentyal server (A & B) as WAN1/eth0 and WAN2/eth1, and of course an LAN/eth2..you can access trough ssh (firewall accept port 22)

1. make sure you do the same as ssh rule in firewall external to zentyal is accepting connection for GUI admin port 443.
2. verify both your modem router setup for forwarding port, ..
    - in modem router A, forward 443 to your zentyal server WAN1 IP/eth0,
    - in modem router B, forward 443 to your zentyal server WAN2 IP/eth1,

but if you have setup zentyal server only using WAN B connection and LAN, and you want to access trough WAN A connection that not connected directly to zentyal server, but WAN A available also to the same LAN subnet as in your zentyal server,  it a little bit different, and you to explain a little bit more about your current network topology first to figure this out.

hope it helps n regards

[loomy]

HI all,

I found out that the myname.zentyal-me adress isn't always as actual as it should be.

So I setup in both modemrouters an extra dyndns host and now I can connect to the zentyal machine w/o the zentyal cloud name.
(ports 443 / 22 are forwarded to the zentyal machine if I connect to the modem router)

So my problem was the "wrong" external IP from the cloud service...

Hope this somebody.

Cu

Stev

[ditos]

thanks for your reply,

my situation is like this :

i have 2 internet connection from ISP A & B , both of them using IP Public. i configured zentyal and connecting it to modem router ISP B, and now i using my laptop which connected to ISP A want remote access to zentyal server. of couser i connecting usng IP Public ISP B, when i use putty to remote ssh  i can login, but when ai try to access web interface from browser i can not connect it.

all this time i have to used putty and x-client like xming for windows to get interface of zentyal server

[loomy]

@ditos:

so you made a portforward from the modemrouter to your zentyalmachine for your webaccess port?
And a firewall rule for this too?

Stev

[B_Khuwera]

@ditos

agree with loomy, setup forward port for zentyal's GUI port in B router to zentyal WAN B IP, create forward rule to accept it in external to zentyal, open firewall log firewall on your zentyal, and try to access on your laptop using Public IP A.

but be aware, my ISP is blocking incoming traffic on port 443, so i had to change it into some port else .. if you still cannot access, try to change the zentyal GUI access port to unused one (try and error) and change the modem router forwarding rule and firewall rule on zentyal server accordingly

Regards