Simple question - publishing db on web?

[mattlight]

I don't know why, but there seems to be all sorts of questions other than the obvious one that I wish to know the answer to!

How do I publish my database onto the web?

Scenario:

I have 16 fixed IP addresses

We have 5 PC clients in the office

For outside access, I am using 512k ADSL connection

I have a mac running Filemaker Server on a fixed IP

We have an Alcatel 510 speedtouch router with firewall

we have set up port forwarding on the router (protocol is TCP/IP)

We want to access just one part of our database which is an 'on-site call log' from a client's location. We have two engineers so there will not be a great deal of demand of use on this system, so most of the time it will be one engineer at a time trying to write information to the database.

I can't understand why this is so difficult to set-up!

Can anyone please do the STEP 1, STEP 2, STEP 3 for me please.

I'd much appreciate your help in this!!

Thanks guys

Matt

[Garry Claridge]

I'm assuming you want to access the database with FM not HTTP.

You will need to open port 5003 on your router/firewall and forward that port to the Filemaker Server.

Filemaker Server needs to have TCP/IP selected as the Network Protocol.

The client then uses "Open Remote" and enters the appropriate IP address.

Hope this helps.

Garry

[Jeff Spall]

Hi, are you saying the your service provider has given you 16 registered IP addresses?

If he has, you can't give one of those to a computer *Inside* your firewall, because the firewall is a router and inside is a separate network. It would also be a security risk to run your network on registered addresses that could be accessed from the Internet. Likewise, two network cards in the FileMaker server, one with a registered address, would work but would be a major security risk.

To reach the server from the Internet:

Have your office computers run on a 'notional' network. The 'outside' interface of your firewall can either have one or many registered IP addresses.

If you just have one, then do as Gary says and map ports 5003 and 591 (for browser access) to the IP address of the FileMaker server.

If you can assign an 'external' address to the Filemaker services, then you can map real-address-to-internal-address across the Firewall. You can then also register a domain or subdomain name to it, like data.mydomain.com, so that external users don't have to use numbers to reach it.

[mattlight]

Just an addition to your thoughts Jeff, we are trying (different issue but related) to get our incoming and outgoing mail using ADSL and our Mail Server. We were on scheduled dial up connection every 15 minutes and from the mail server, all receipients would get the mail directed to each username's machine.

Now we have been trying for 3 days to make our mail server run off of ADSL instead for instant response and obvious reasons. We have purchased a set of IP addresses so that we can send and received via SMTP - we do not want POP3 connection. Also, we want the ability to use the Internet Outlook facility so that we can retrieve our emails from Iinternet Explorer anywhere in the world.

But, our problem is trying to get outside of the firewall!!

We have given each machine a fixed IP address and the router also has one.

With what you were saying earlier about internal and external IP addresses, should we really only have one fixed IP address that is recognised externally - the one that is connected to the router and then have a different set of internal IP addresses for the rest of the machines? Or, should the only fixed IP address be the mail server machine? Or just leave it as everyone having forward facing IP addresses and try to unblock port 25 for incoming and outgoing mail?

Does any of this make sense? We have tried every possible Technical support company and it appears that we are the only people in the world who are trying to connect our mail server via ADSL!! It's been a pain in the arse!! I'm sure someone out there has done it with success! I'm sure it's probably no different to publishing the database on the web using a fixed IP - but how do we get through the bloody firewall?

Can someone please shed some light onto how the initial set up should be

e.g.:

1. Fixed IP for one machine

2. internal IP range for the rest

3. Fixed IP for the router

etc

etc

Please help - there's three of us here and it's becoming a joke!

Cheers

[Garry Claridge]

We use a Mail Server for sending mail (OS X Server). It is behind a gateway/router from which we use NAT, i.e. our own internal addresses (10.0.1.n). I have clients with very similar setups.

I use my Mail Server while I am travelling. We have secure logins so that the Spammers cannot use our server as an Open-Relay. I have port 25 open on our router.

Some router/firewalls have a DMZ which allows for routing to computers using "real" IP addresses.

I think the key to your setup is opening port 25.

Good Luck.

Garry

[ibiubu]

Just to chime in...In my setup I have a DSL router. It is set to do both static as well as dynamic addressing and NAT (Network Address Translation). So basically here is how my computers are set up.

I have about 9 computers, a mix of Macs and PCs that have their tcp/ip setting set to dynamic addressing. The router automatically assigns them local addresses (for example 10.0.0.5). Other properties such as gateway and subnet are also set.

I have 2 computers that follow the exact same configuration as the dynamic machines, except I have set these machines with manual local addresses. They have been manually set to the same subnet and gateway as the dnamic machines, and the ip address is set manually as well (say something like 10.0.0.35).

I have 2 computers that are using static addressing.

In a nut shell, the router must be of a type that will support NAT, local ip addresses and static ip addresses, allowing them to all work together. As an example, the Cisco 675 will support this, the cisco 678 will not.

The router has been set, as someone stated above, to direct certain ports to certain ip addresses. I have the ports for filemaker and http web access set to the static ip address of the filemaker server. This way when anyone accesses that ip address over the internet, either thru filemaker or a web browser, they are directed to that one particular machine.

Other points of interest, I have the router set to allow ports thru for Timbuktu. That is why I have computers with local manually set addresses instead of dynamic, so the address is always the same. Then thru timbuktu I can access these computers with something like 63.226.xxx.xxx:1850. The ip address here is the static address of the router. the 1850 portion is how I mapped the router to a particular machine.

Anyway, by opening the ports up on your router, you have also created a security hole. For example, if you open the ports for filemaker, then anyone can get to that computer over the internet using filemaker. In my case, the machine running filemaker is running Norton Personal Firewall software. I basically set it so that when a call comes in over port 5003 to the machine from filemaker, I only allow access to be allowed from certain ip addresses. All other access is denied.

Hope some if this helps.

Just as a FYI, this can all be done even if you dont have any static IP addresses. At home I have a Qwest DSL. I use a free service from dyndns.org. Basically you register with them and create a virtual account. You pick a virtual name, for example samgoody.homeftp.net. You then install their little utility on your computer. Every 15 minutes it looks at the dynamic ip address your isp is sending to your router and stores that on their server. So basically whenever you go to samgoody.homeftp.net, their server redirects it to your computer. I use this to timbuktu into my compuer at home, occassionaly run web pages, ect. and all for free.

Larry