Table of Contents
This document applies only to the SME Server V5.
With the SME Server V5, we added the ability to access the server manager remotely through a regular web browser using SSL encryption (also known as HTTPS).
Even with SSL encryption, there is an inherent risk in allowing any remote access to the server manager. Please examine the rules mentioned below and tightly restrict the external access you grant.
A few notes before the process is outlined:
HTTPS access to the manager and password panel are always available from all configured local (internal) networks. Extra external IPs and/or networks/masks can be added through process outlined below.
To enable SSL access to the server manager, follow the steps outlined below.
/sbin/e-smith/db configuration setprop httpd-admin ValidFrom IP/Subnet[,IP/Subnet]
For the purposes of illustration, these examples use addresses found in the private IP ranges defined in RFC1918. You will need to provide the valid IP address (or range of addresses) on the Internet from which you will be connecting. If you are going to connect to the server manager across the Internet from behind another SME Server or another firewall/router that does NAT, you need to provide the IP address of that system's external interface that is directly connected to the Internet. Note that in entering that single IP address, you are enabling access (subject to password authentication) for all systems behind that SME Server or other device.
If you only want to allow remote access from a single IP address, use:
/sbin/e-smith/db configuration setprop httpd-admin ValidFrom 10.123.54.24
If you want to allow remote access from a small number of individual IP addresses, use:
/sbin/e-smith/db configuration setprop httpd-admin ValidFrom 10.123.54.24,10.123.54.25,192.168.120.51
If you wish to allow remote access from a range of IP addresses that can be addressed using an appropriate subnet mask, use:
/sbin/e-smith/db configuration setprop httpd-admin ValidFrom 192.168.100.0/255.255.255.0
If there are several ranges that you wish to allow, you can combine them on a single line as follows:
/sbin/e-smith/db configuration setprop httpd-admin ValidFrom 10.114.200.0/255.255.255.0,192.168.145.88/255.255.255.248
Be very careful to set as small of a ValidFrom range as possible to reduce the possibility of outsiders attempting to access your server manager.
To disable SSL access to the server manager, follow the steps outlined below.
/sbin/e-smith/db configuration delprop httpd-admin ValidFrom
All attempts to connect to the server manager from the external network should now be refused.
Please send any comments about this document to firstname.lastname@example.org.
$Revision: 1.8 $ $Date: 2001/10/23 19:59:23 $
 It is also possible to use CIDR notation for subnets where 192.168.120.0/24 would be used instead of 192.168.120.0/255.255.255.0. Both forms are supported.