Will Firestarter create port conflicts ?

[Zent User]

As Zentyal is not that much supportive to block web sites,then I tried Firestarter application in Zentyal 2.2,by using Firestarter application we can block any website irrespective of HTTP or HTTPs,but when I installed in Zentyal 2.2,Firestarter detected my ethernet cards(currently there are two cards,eth0 is external & eth1 is internal), then I selected eth0 and listed some sites to block,but immediately my internet connection gets down to client systems,where as I'm able to access internet in Zentyal server system.What might be the wrong ? Is port conflicts ? If So,how can internet is accessing in Zentyal server ?

[ichat]

just a simple question,
if your in a car with 2 streering wheels, 1  says left the other says right,  what do you thing will happen...

if you want firestarter to work, put it in front of, zentyal not  on the same instance...
what you could do is  making a brigde between 1 if your  eth interfaces and a virtual machine...

like so...:

eth0 (unmanaged by zentyal) 
 <eth-adaptor to client bridge>   
[virtual machine (with firewall applience)]
 <virt client 2 host bridge>   
eth1 zentyal wan apdator (managed by zentyal),   
[zentyal (with what you need it to be)]
eth2 (marked as lan)
 <regular network connection> 
[switch (for internal network)]




bold:                          ethernet adaptor
bold+underline         applience with a function
<italic>                      network transport

[Marcus]

Hello,

if your in a car with 2 streering wheels, 1  says left the other says right,  what do you thing will happen...

Something very funny.  You better call me before trying this out. I want to see that!

As Zentyal is not that much supportive to block web sites

I can assure you that it is very effective.  Depending on your goal, you may be better off using squid (Zentyal's proxy) or the DNS module.

e.g.
For blocking facebook using the DNS module:
Domain: facebook.com
IP: 127.0.0.1

This will block both HTTP and HTTPS access to the website.

What might be the wrong ?

Two firewalls ain't a good idea.  Except if you fully understand both of it. Otherwise you'll have sparks and something will blow up.

You should definitely do like suggested:

put it in front of, zentyal not  on the same instance.

Best,

Marcus

[Zent User]

@Marcus

 Can you explain how can we block sites without using squid and by using DNS ? . I'm newbie to Zentyal and from starting onwards only focused on HTTP Proxy and Firewall.

[ichat]

please   rtfm (click me)

[christian]

This is going to be too fuzzy: Zent user started similar topic in multiple places. As a result we have now answers and debates in parallel 

[moderator]
shall I lock all related topics but one so that all have debate in one unique place
[/moderator]

[Zent User]

Sure