Author Topic: Zentyal 4 External interface lockout  (Read 2042 times)

it_aaronc

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Zentyal 4 External interface lockout
« on: September 11, 2014, 05:18:55 pm »
I'm experimenting with Zentyal 4 on a VPS that only has one network interface, and I've stumbled across a nightly build dragon I think, though likely one specific to the vps configuration. Initial configuration went better than 3.5 on the linode, but after I set it up, I went in to mark the interface as the external, thinking I'd use an ssh tunnel to access it. Not a bad plan, one I could definitely live with the trouble for not having to fight microsoft licensing.... except it killed ssh access, and as of yet, using the KVM access to the machine, I've not figured out how...

I admit, I'm a bit of a rookie with IPTables, but I don't see anything that's targeting SSH directly. SSHd still seems to be running just fine, so I was hoping someone might happen to know how to reverse this change just for ssh. I wondered if I should submit some sort of bug report noting that VPS users might need an option to not disable everything for us wacky  use cases, but at the moment I'd just as happily settle for "it's a nightly build, fix it manually" as long as I could get an idea where that fix needed applied :)

Oh yeah, OS wise it's ubuntu server 14.04. I'm going to keep trying to figure it out myself, and if I do I will post it here, but though my linux fu is far beyond what it was a decade ago, unless good sir google deems fit to accept my pitiful exhortations and yield up a lead, don't know that I'm expecting to nail this one without more expert help (especially after an hour of trying different searches & suggestions already).

Torsten73

  • Zen Warrior
  • ***
  • Posts: 174
  • Karma: +6/-1
    • View Profile
Re: Zentyal 4 External interface lockout
« Reply #1 on: September 17, 2014, 09:54:19 pm »
you need to configure your eth0 as internal lan. But you won´t get outlook anywhere running (rpc) because this needs an external interface.

When you later on activate you lan as external you also need to change the firewal roules for getting access (allow all).
But i am not sure if this really works, in my test with 3.5 i had big problems with outlook 2010 any anywhere.

Momentally and for months i wait for a clear answer if zentyal himselve only supports min. 2 lan connections. In the future with reduced modules i don´t see the need in using zentyal as dhcp and gateway anymore. here are much better solutions like ipfire.

Do you know https://wiki.zentyal.org/wiki/How_to_configure_Zentyal%27s_Microsoft_Outlook%C2%AE-compatible_mail_server ?


--------------------------------------------------------------
Zentyal 3.5 (offline) unter Ubuntu12.04.3 YAVDR 0.5 als KVM Host
Action Pack Abo with a running Exc. 2013 :-)

bill

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Zentyal 4 External interface lockout
« Reply #2 on: September 24, 2014, 02:00:25 am »
Hello, first post here, as I came looking for the answer to this problem. I am testing Zentyal 3.5 on a VPS with only one interface. What I found was that after marking the interface as external, all routes including the default route were gone. I had to get console access to add the default route back
Code: [Select]
route add default gw nn.nn.nn.nn
before any kind of connection directly to the VPS was possible. Like you I was looking at iptables and tcpwrappers for a clue, but found none there.

My temporary solution, though not one I would ever use in production, was to mark the interface as internal. I am going to add a second interface to the VPS. It can be a dummy eth1 configured for a non-existent network, but then I should be able to mark it internal and the real eth0 external. Will add some firewall rules to allow access on external first.

emmasam

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Zentyal 4 External interface lockout
« Reply #3 on: January 06, 2015, 08:35:54 am »
Is there a workaround for this problem ?
Pass your learn spanish online and online spanish lessons exams in first try by using our mtholyoke