Author Topic: Ebox Setup: Solved!  (Read 10697 times)

Sam Graf

  • Guest
Re: Ebox Setup
« Reply #15 on: May 14, 2009, 03:26:36 am »
Nor do I in this scenario. eBox automagically takes care of the necessary routing between the external and internal interfaces.

That said, there is another key step to getting LAN access to the outside world. The firewall module has to be enabled and an "Allow" rule for the HTTP service (and any other required service) has to be set up. By default, eBox blocks all such traffic, if I'm not mistaken.

rutri

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Re: Ebox Setup
« Reply #16 on: May 14, 2009, 03:35:43 am »
Do you know what default ones are needed to get this thing going?  Also what did you set your Seach domain as?  My DHCP Configuration is as follows:

Default gateway: eBox
Search domain: None
Primary nameserver:75.154.132.68
Secondary nameserver:75.154.132.100

The name servers are telus (My ISP) name servers.

DHCP ranges

Interface IP address:    192.168.198.1
Subnet:    192.168.198.0/24
Available range:    192.168.198.1 - 192.168.198.254
« Last Edit: May 14, 2009, 03:46:09 am by rutri »

Sam Graf

  • Guest
Re: Ebox Setup
« Reply #17 on: May 14, 2009, 03:46:57 am »
The basics would be HTTP and mail, I think. In the case of mail I use the "Mail system" service. For testing purposes, to see if things are working at all, you can temporarily use the "any" service. So you'd have Decision: Accept, Source: Any, Destination: Any, and Service: any. If things are working, then substitute "any" with at least "http" and "Mail system." Another one likely to be necessary but not already set up as eBox services is IM, where the port(s) will be determined by the IM sefvice you use.

rutri

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Re: Ebox Setup
« Reply #18 on: May 14, 2009, 03:49:58 am »
The problem is nothing goes out, I am currently allowing everything and I still can't ping or anything, I even tried to ping www.google.ca but that did not work ether.  Maybe I am missing something?
« Last Edit: May 14, 2009, 03:51:32 am by rutri »

Sam Graf

  • Guest
Re: Ebox Setup
« Reply #19 on: May 14, 2009, 04:01:16 am »
Sorry, I missed the edit.

It looks to me like the common options are set correctly. By "correctly" I mean that these should work. eBox can, of course, be correctly configured differently.

Are computers on your LAN assigned static IP addresses in the 192.168.198.1 - 192.168.198.254 range? If not, and if you want eBox to dynamically assign addresses to them, you'll have to define some portion (or all, if you wish) of the available address space (the "available range") as a DHCP range under "Ranges."

For example, the eBox I'm behind right now has an available range of 192.168.2.1 - 192.168.2.254. Under "Ranges" I have a range named "Workstations," and that range extends from 192.168.2.100 - 192.168.2.124, for 25 DHCP addresses. The DHCP service assigns dynamic addresses out of that range only.

Are you trying to ping out of eBox itself or from a machine on the LAN?

rutri

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Re: Ebox Setup
« Reply #20 on: May 14, 2009, 04:23:57 am »
I couldn't even ping google from and ssh terminal to the ebox.  That must mean that Ebox is having issues other then the DHCP.  Also I use a combination of static and dynamic IP addresses in my network.  I am pretty sure the configuration i have for the DHCP server is correct, I mimicked what i could from the linksys router.

rutri

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Re: Ebox Setup
« Reply #21 on: May 14, 2009, 05:25:01 am »
Ok new update.  I started from scratch and got the DHCP server up and running.  right now I have the firewall fully open until i get this thing working then I will lock her down tighter then Fort Knox.  However from my laptop I get an IP assigned and everything fine but i cannot serf the internet.   However I am able to ping www.google.ca so i am a bit confused as to why i can surf.  Can any of oyu help me on this?

poundjd

  • Zen Warrior
  • ***
  • Posts: 243
  • Karma: +0/-0
  • To your own morals be true!
    • View Profile
Re: Ebox Setup
« Reply #22 on: May 14, 2009, 05:32:46 am »
Rutri,  sounds like a firewall issue.  Have you set the external check box and connected a system behind eBox?  does it get the proper DHCP setup configurations?  If the IP's look right then it again points to the firewall issue.  you need rules to allow traffic from the eth1 and eth2 into the eBox, you also need rules to allow rule to allow trafic from the ebox out the eth0 to the internet. If you could ping from the console then the rule that allows ebox out eth0 out is good, look for the other rules.   Also the inbound path needs the same types of rules.

Hope this helps. 
-jeff
PS going to bed I have to get up for work in 4 hours.
-jeff
Jeffrey D. Pound, Sr.
CISSP
Still learning, hope to never stop!

rutri

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Re: Ebox Setup
« Reply #23 on: May 14, 2009, 08:18:26 am »
Well, I got the DHCP server up and running fine now.  So i went and added the openVPN package and went to set it up however the screen will not display the configuration options for openVPN.  Nothing really has changed form what I did before except I accidentally added the beta repos to my list rather then the stable ones.  But this should make things better not worse.  I am not sure what is wrong with this install, I used sudo apt-get install ebox-openvpn just as i did before.

Sam Graf

  • Guest
Re: Ebox Setup
« Reply #24 on: May 14, 2009, 02:03:44 pm »
My experience with the eBox OpenVPN module is limited to the stock 1.0 release, so I can't offer a lot of guidance. Sorry. (If you might be into the 1.2 alphas, though, things may be broken.)

rutri

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Re: Ebox Setup
« Reply #25 on: May 14, 2009, 03:09:58 pm »
Yes, that is what is so confusing about it, i am running version 1.0 and its seems to be buggy.

Sam Graf

  • Guest
Re: Ebox Setup
« Reply #26 on: May 14, 2009, 03:24:28 pm »
All I can say is that that's not the case in my experience. I have more experience (as in more hours of use) with eBox-to-eBox VPN than the road warrior side, but all my experience so far has been positive (getting the Windows client working is a little tricky, but once set up correctly, it seems solid).

I don't recall ever having trouble seeing the VPN setup options, for example. The please-meet-the-certificate-requirements notice is the thing first seen, of course, if no certificates have been issued via the eBox CA tools. But once beyond that step, I've not had trouble configuring VPN.

You mentioned installing the module. I'm curious about that since the module should be installed during eBox setup. The module only needs enabling, as far as I can recall, in a normal eBox installation.

rutri

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Re: Ebox Setup
« Reply #27 on: May 14, 2009, 04:18:41 pm »
ok here is antoher thing that may be contributing to my issue:

Code: [Select]
Reading package lists... Done
W: GPG error: http://ppa.launchpad.net hardy Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5F99A088342D17AC
W: You may want to run apt-get update to correct these problems

I have tried everything on this http://forum.ebox-platform.com/index.php?topic=1068.0 site and still no luck.  Here is what I get when I try the things posted on this link:

Code: [Select]
sysadmin@UbuntuServer:~$ GPGKEY= hkp://subkeys.pgp.net
-bash: hkp://subkeys.pgp.net: No such file or directory
sysadmin@UbuntuServer:~$
sysadmin@UbuntuServer:~$ gpg --keyserver hkp://subkeys.pgp.net --recv-keys 5F99A088342D17AC
gpg: requesting key 342D17AC from hkp server subkeys.pgp.net
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
sysadmin@UbuntuServer:~$ gpg --export --armor 5F99A088342D17AC | sudo apt-key add -
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
sysadmin@UbuntuServer:~$ ping hkp://subkeys.pgp.net
ping: unknown host hkp://subkeys.pgp.net
sysadmin@UbuntuServer:~$

Sam Graf

  • Guest
Re: Ebox Setup
« Reply #28 on: May 14, 2009, 04:30:51 pm »
I suggest using Launchpad's own solution. You may have to scroll down a bit to see "Adding the keys in the terminal." That's the only method I use to add keys on fresh installs and it's worked without problem so far.

(I'll add, for the sake of completenes, that if the eBox you're working on is behind another eBox, you'll need to open that eBox's firewall to retrieve keys. There is here somewhere a reference to the exact port, but in the absence of that information temporarily accepting traffic on the "any" service works as well.)

rutri

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Re: Ebox Setup
« Reply #29 on: May 15, 2009, 03:35:50 am »
ok got that working but still having problems seeing everything on the openVPN configuration tab.