Author Topic: Ebox install HOWTO. (Part 1)  (Read 20369 times)

jcanfield

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +2/-0
    • View Profile
Ebox install HOWTO. (Part 1)
« on: January 06, 2009, 05:01:49 am »
INSTALL EBOX STEP by STEP

Ebox is a fantastic tool once it's up and running.  For some, especially those without much linux experience, installing ebox can be somewhat challenging. As a result, I've decided to write a quick HOWTO covering a typical ebox installation.

Prerequisites:

1 Computer or server (old or new)
2 Network cards (They will be referred to as "eth0" and "eth1")
1 EBOX install CD burned from ISO.
1 Active Internet connection (DHCP or static)
1 CD-ROM drive (Set as default boot device)

Assumptions:

This computer will act as the primary gateway for the local network
eth0 will be the WAN connection (Internet facing connection)
eth1 will be the LAN connection (Local Network) with an IP of 192.168.1.1
Ebox hostname will be DEMONET-SRV
Ebox will provide DHCP to the local network with a range of 192.168.1.100-150
Ebox Windows Domain name will be DEMONET
Ebox domain name will be DEMONET.LAN
EBox will allow all outgoing connections
EBox will provide DNS services for the local network
Administrator username: demoadmin
Administrator password: not2forget
Ebox Password: not2forget
Ebox admin port: 443

Initial Install:

Once you have successfully burned an ebox ISO, you are ready to begin installing.  Assuming you already have a functioning network in place with DHCP services, the easiest way to install is using DHCP from your existing network. No need to unplug that old linksys router...Not yet anyway.

Plug into your existing DHCP network via the WAN (eth0) port on the server. I know this seems backwards since you are on a local network, but it's easier to setup eBox from the outside->in than it is from the inside-> out.

Next, power-on and boot from the CD-ROM.  Select "Install Ubuntu Server" and answer the generic setup options until you are asked to choose a network interface to configure.

Choose eth0 -  If your network support dhcps it will automatically configure itself.  If it doesn't, perhaps your cable is actually plugged into eth1.  If this is the case, go ahead and move the cable to your second port.  If it gets an IP be sure to label it eth0 or WAN.  Personally I always label my ports WAN and LAN to avoid confusion later.

Choose a hostname: DEMONET-SRV

Choose your timezone: timezone

Partition your Disks: Choose "entire disk" unless you feel comfortable partitioning. Select LVM support if you plan on adding more disk capacity later.

Please note: This configuration does not provide any type of RAID. I generally use hardware RAID cards so it is transparent to the operating system.

After some time the disk(s) will be formated the system will reboot and ebox will begin to download it's packages.

Create an admin user: demoadmin
Create your ebox password: not2forget
Ebox port: 443

Go get a cup of coffee....when you return ebox should boot up normally with a "demonet-srv login:"

Post Install:

Login using the "demoadmin" username and "not2forget" password.

Now verify your eth0 ip address:

Code: [Select]
#ifconfig
demoadmin@demonet-srv:~$ ifconfig

eth0    Link encap:Ethernet  HWaddr 00:30:48:b0:a1:20
          inet addr:192.168.1.81  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::230:48ff:feb0:a120/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:86 errors:0 dropped:0 overruns:0 frame:0
          TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:13536 (13.2 KB)  TX bytes:19600 (19.1 KB)
          Base address:0x4000 Memory:d0a00000-d0a20000

In this case the IP of the new ebox is 192.168.1.81

Setup LAN IP address:

Next, from a DIFFERENT computer log into the new ebox via the web interface:

https://192.168.1.81

If all you get is "It works!" then you do not have the https://.  Also, you will get certificate errors or warnings depending on your browser, ignore them or "add an exception" if you need to.

Login using the Ebox password: net2forget

Choose Network-> Interfaces from the Admin menu and select eth1 (LAN):

Name: LAN
Method: Static
External: unchecked
IP Address: 192.168.1.1 (Don't worry if you are behind a router with the same IP, it won't matter at this point...nothing is plugged into the port)
Netmask: 255.255.255.0

Select "Change"

Select "Save"

Select "Save changes" in red. (Click the green arrow on any file change requests)

Finally,select "Summary" from the menu and you should be able to verify you LAN interface with the 192.168.1.1 IP address.

Setup NTP

Select Module status->ntp"checked"
System->Date/Time->Time synchronization with NTP servers-> Enabled

Setup DNS

DNS->Add new

Domain: demonet.lan

Active DNS:

Module status->Domain Name System "checked"

Setup DHCP

DHCP->MenuSelect: eth1

Common Options:

Default gateway: eBox
Search doamin: eBox's domain:demonet.lan
Primary nameserver: local eBox DNS

Select "Change"

Under "Ranges" select "Add new"

Name: Workstations
From: 192.168.1.100
To: 192.168.1.150

Select "Add"

Activate DHCP:

Module status>dhcp server "checked"


Setup users and groups:

Groups-> Add group

Group Name: Staff
Comment: Demo Staff

Select "Change"

Users--> Add user

User name: test
Full name: Joe test
Comment: test
Password: not2forget
Group: Staff

Select "Create"

Activate users and groups and file sharing

Module Status->Users and Groups "checked"

Setup Windows File sharing

File Sharing-> General Settings

Working Mode: PDC
Domain Name: DEMONET
Netbios name: DEMONET-SRV
Description:  Demo Server
Quota limit: 0
Roaming Profiles: Disabled

Select "Change"

Activate File Sharing:

Module status->File Sharing "checked"

Select the RED save changes to apply all the changes you made above.

Select "Save Configuration"



That completes the local services, we are now ready to let this server stand on it's own!

WAN Setup:

IMPORTANT: Begin by removing the eth0 cable used to configure your eBox on the local network.

Next, plug in a cross-over cable or a small switch connected to the LAN (eth1) port of your eBox to a local network desktop or laptop. This device should not be connected to any other networks other than the new ebox network (via eth1) at this point.

If configured properly your laptop/desktop will automatically get an IP address from the new ebox server (Most likely 192.168.1.150).

Now access the ebox server (from the client device) https://192.168.1.1

Select Network-> Interfaces>Tab:eth0

**ENTER YOUR ISP IP INFO HERE**

Name: WAN
Method: Static (Your ISP may be DHCP, but ebox works best with static addresses...DHCP will work though)
IP adress: 10.10.10.1
Netmask: 255.255.255.0
External: "Checked"

Setup a gateway:

Select Network-> Gateways

Select "Add new"

IP address (ISP provided): 10.10.10.2
Interface: eth0
Default: "checked"

Select "Change"

Setup Firewall:

This will allow all outgoing connections to the Internet. (eBox is secure by default, it is up to you how much access you want to give....for this example we will "allow all" outgoing connections)

Activate Firewall:

Module status->Firewall "checked"

Select Firewall->Packet Filter->Filtering rules for internal networks->Configure Rules

Select "Add new"

Decision: Accept
Source: Any
Destination: Any
Service: Any
Description: Allow all outgoing

Select "add"


Go Live

You can now safely remove your old Internet firerwall/gateway and plug you ISP ethernet into your eBox WAN port (eth0).  If you everything is correct, you should be able to access the internet and see you new server on the network.

I hope this helps.

-Jim
« Last Edit: January 17, 2009, 09:40:31 pm by jcanfield »
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius...and a lot of courage - to move in the opposite direction."  --  Albert Einstein

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Ebox install HOWTO. (Part 1)
« Reply #1 on: January 07, 2009, 12:35:23 pm »
Great tutorial!

Thanks very much for sharing it here!
My secret is my silence...

ndra

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #2 on: February 19, 2009, 07:31:33 am »
How about the setting if the client uses static IP, not DHCP as written in this tread?

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Ebox install HOWTO. (Part 1)
« Reply #3 on: February 19, 2009, 10:17:11 am »
Just follow the tutorial and afterwards, set up the static IP in Network -> Interfaces.

Best regards,
My secret is my silence...

ndra

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #4 on: February 20, 2009, 10:44:04 am »
Just follow the tutorial and afterwards, set up the static IP in Network -> Interfaces.

Best regards,

So, in the server computer, we also set up the DHCP?

With which computer we set up the static IP? How is the way?

Thanks

JAK

  • Zen Apprentice
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #5 on: February 21, 2009, 09:12:37 am »
Hello

As I understand ndra, you should use static IP on the server (like for local LAN the IP could be 192.168.1.1).
So for example, if you have a DHCP range for some client computers in your network from IP 192.168.1.10 to IP 192.168.1.100 then there are two ranges that you can use for client computers with static IPs:
1.) range from 192.168.1.2 to 192.168.1.9
2.) range form 192.168.1.101 to 192.168.1.254
When you want the clients to have static IPs then you have to configure each client computer one by one.

If you have a network printer in your network it would be wise to assign a static IP to it like 192.168.1.2 is. Because eBox uses the same local LAN your computers can communicate with the printer easily.

Best regards
Jüri Kirch

mavinod

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #6 on: March 06, 2009, 09:50:53 pm »
Hi This much part is absloytly right .I have installed and i am using it for mailly for Proxy access ,I am able to get the proxy log for users , I have certail Question whii i need a help .I wanted to have a good report on the proxy log created ,It shold give me a real time update is who is access what and ,also i need to block some specfic sites .

If any one has this answer please do mail me on ( vmanacheryil@gmail.com /or vmanacheryil@rediffmail.com )

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Ebox install HOWTO. (Part 1)
« Reply #7 on: March 07, 2009, 07:23:22 pm »
You may watch proxy log at Logs -> Query Logs to have real time logs and check what users are browsing... If there is no logs, enable it in Logs->Configure Logs and save changes afterwards.

Best regards,
My secret is my silence...

Saturn2888

  • Zen Hero
  • *****
  • Posts: 707
  • Karma: +1/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #8 on: March 28, 2009, 08:16:49 am »
Funny thing, this worked for me this time. This is the 4th time I've formatted and installed eBox and this is the first time I have Internet access to my computers, but for some reason, the eBox has not one bit of access, not even apt-get. What in the world! lol.

yaseenkriel

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #9 on: May 06, 2009, 08:43:56 am »
would u use the same setup if u have to use a router to access the internet?

Saturn2888

  • Zen Hero
  • *****
  • Posts: 707
  • Karma: +1/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #10 on: May 07, 2009, 12:12:41 am »
Well eBox could be your router so if you do have a separate box, then no.

slochewie

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #11 on: September 21, 2009, 09:36:31 pm »
Does this howto actually work?  As soon as I reboot the machine I can't access the web interface from either the wan or lan ip address. The only way I can do anything and get into the web interface is to stop the firewall with "sudo /etc/init.d/ebox firewall stop"

Which obviously makes ebox worthless since I'm trying to use it as a firewall.

Edit:

For example I just did yet another reinstall. Logged into the web interface and all I've done is change the name of eth0 to WAN and now it's hung at


Saving changes
(show help) (hide help)

Saving changes in modules
Current operation: Saving firewall module
1 of 3 operations performed
« Last Edit: September 21, 2009, 10:29:15 pm by slochewie »

Saturn2888

  • Zen Hero
  • *****
  • Posts: 707
  • Karma: +1/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #12 on: September 21, 2009, 10:58:13 pm »
Does this howto actually work?  As soon as I reboot the machine I can't access the web interface from either the wan or lan ip address. The only way I can do anything and get into the web interface is to stop the firewall with "sudo /etc/init.d/ebox firewall stop"

Which obviously makes ebox worthless since I'm trying to use it as a firewall.

Edit:

For example I just did yet another reinstall. Logged into the web interface and all I've done is change the name of eth0 to WAN and now it's hung at


Saving changes
(show help) (hide help)

Saving changes in modules
Current operation: Saving firewall module
1 of 3 operations performed


I have this issue too. I think they're fixing it in 1.3.

dragonslayr

  • Zen Warrior
  • ***
  • Posts: 157
  • Karma: +1/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #13 on: September 22, 2009, 05:55:56 am »
Hmm, I believe he's refering to labeling the network card with a pen to say lan or wan so you'll always know which one plugs into which network card.

Do not change the name under Network - Interfaces to say wan. You will then be telling the system to use a network device that does not exist on your system and the firewall rules will be toast till you fix it. :)

slochewie

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Ebox install HOWTO. (Part 1)
« Reply #14 on: September 23, 2009, 01:24:29 am »
Quote
Choose Network-> Interfaces from the Admin menu and select eth1 (LAN):

Name: LAN
Method: Static
External: unchecked
IP Address: 192.168.1.1 (Don't worry if you are behind a router with the same IP, it won't matter at this point...nothing is plugged into the port)
Netmask: 255.255.255.0

Select "Change"

Select "Save"

Select "Save changes" in red. (Click the green arrow on any file change requests)

Finally,select "Summary" from the menu and you should be able to verify you LAN interface with the 192.168.1.1 IP address.

Ok even if I don't rename eth1 to LAN but follow the instructions otherwise and just configure the IP address, then once again it hangs on "Current operation: Saving firewall module"

Also I read this howto as renaming eth0 and eth1 to WAN and LAN respectively to mean those are "people friendly names" and don't actually rename eth0 and eth1. But I could be very wrong and probably so. I would also recommend writing it in felt tip on the card too :)