[SOLVED] Open Firewall

[haychis]

Sorry for late reply all.

@jbahillo - tried, and unable to find which rule was blocking.

So I found the file that needs to be edited to change default rules, which is Iptables.pm. Did a quick lesson on Perl programming just to understand it a little more (Have prev programming experience). Removed the drop all rules and changed default policy to accept. Restarted firewall, now my firewall is open.. SUCCESS! Try RDP, works!

Add rules to allow services/ip's I need per previous installation, then add a LAST/FINAL rule to DENY ALL. SUCCESS blocks everything from coming in and going out that I don't allow.
Working well. Got my friend to try a few things remotely. So far so good. Unable to access.

I will be adding another NIC later on and changing back to orig Iptables.pm. Just needed it to work now. But in essence I am doing the same thing, just in reverse. Allowing what I want then Denying all, rather than Denying all and allowing what I want. I know what you are all saying, but it is working well at the moment and will try recommended config at a later time.
Also, on single nic config, my router only forwards ports that we are using, ie port 80, 22 etc to zentyal box. Everything else won't get through.

[jbahillo]

So I found the file that needs to be edited to change default rules, which is Iptables.pm. Did a quick lesson on Perl programming just to understand it a little more (Have prev programming experience). Removed the drop all rules and changed default policy to accept. Restarted firewall, now my firewall is open.. SUCCESS! Try RDP, works!

Please keep in mind that these modifications will get overwritten when a new version of zentyal-firewall gets published.

Add rules to allow services/ip's I need per previous installation, then add a LAST/FINAL rule to DENY ALL. SUCCESS blocks everything from coming in and going out that I don't allow.

That's exactely the approach standard zentyal firewall was designed to.
Anyway glad that you found a way to get it working in your way

[christian]

I'm really puzzled  now
I though, while progressing in this thread, that goal was to get rid of FW because it doesn't fully make sense with one single NIC, therefore the need for adding ant-to-any-allow.
But rewriting everything to, at the end, add again this last rule that denies everything (meaning reinventing what Zentyal, like any other FW, already does) is something I don't understand.

I suppose there is something I missed at the beginning of this thread, I'll read it again 

[haychis]

Hi Christian. The firewall was blocking traffic that I needed to get through. Doesn't matter what I tried it did not let it through. Through the thread I mention that I added a rule in all sections at the top that ALLOW ALL, didn't actually allow all. Still blocked traffic.

So I reversed the process, to ALLOW by default, DROP what I didn't want.

Now everything works as it should. As jbahillo mentioned, I will lose this config when upgrading etc, so in the future I will add another nic and go with default zentyal config. 

I am looking at syslog right now, and it's dropping packets that it should.

No one worked for the last 3 days, just youtubing and fb'ing ... NO MORE!!!!!

Anyways, thanks for your assistance christian and jbahillo. I will mark this thread solved.