Author Topic: Problem with external connections  (Read 6049 times)

Maarten

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Problem with external connections
« on: January 25, 2008, 10:07:33 am »
Hi,

Since I installed Ebox (I love it by the way) I could not make external connections. I mean no connections outside my internal network are possbile. For example upgrading is not possbile, ping etc

This is my network interfaces file
Code: [Select]
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.1.100
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 192.168.1.1
        dns-search zion


Do you have any suggestions to help me?

Thanks!
Maarten

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Re: Problem with external connections
« Reply #1 on: January 25, 2008, 11:11:16 am »
The firewall module is very restrictive by default for security reasons.

If you want to allow connections from your eBox to outside you will need to add a firewall rule.

Go to firewall -> traffic coming out from eBox

Make sure that your network configuration is ok and you have at least a reachable gateway and a dns server installed.

Maarten

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Problem with external connections
« Reply #2 on: January 25, 2008, 03:51:15 pm »
Thanks I looked in the firewall section

With Filtering rules for internet access I get :
The following controls are disabled because they would not affect your system if you hadn't any network interface marked as external

I tried once to tick the box external with network configuration but then I could not reach the server anymore.

What should I do?

Thank you!

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Problem with external connections
« Reply #3 on: January 25, 2008, 04:32:45 pm »
If you only have a single network interface, eBox cannot be used as gateway. Take a look to these scenarios for more info [1],

I hope this helps

[1] http://trac.ebox-platform.com/wiki/Document/HowTo/SetUpNetworkScenario
« Last Edit: January 27, 2008, 10:43:40 am by sixstone »
My secret is my silence...

bailey

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Problem with external connections
« Reply #4 on: January 26, 2008, 10:23:43 am »
Hi,

I have a similar problem where I believe I clicked the external check box while configuring ebox and now the host is unreachable.

I tried looking at that link but its asking me for a user name and password for access.

What would be the simplest way to reset the eth0 connection to DHGP from the command line?

Thanks

Maarten

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Problem with external connections
« Reply #5 on: January 26, 2008, 10:58:50 am »
Javi send me a solution a time ago on the mailinglist for the external checkbox probleem

If you have ssh access and you want to temporarily grant access to your web interfaces execute this:

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT

This way you will have access to the web interface and you will be able to configure the network again.
By the way you can also give the command offcourse when you have a keyboard and a monitor to the server.

I also have problems getting into the wiki so I can't solve my problem.
« Last Edit: January 26, 2008, 11:12:54 am by Maarten »

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Problem with external connections
« Reply #6 on: January 27, 2008, 10:44:19 am »
Sorry. It is http not https. Now you should be able to access...  :)
My secret is my silence...

Maarten

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Problem with external connections
« Reply #7 on: January 27, 2008, 10:48:33 am »
Thanks I looked at the document but I don't think it can help me.

My server cannot even upgrade. It cannot connect to the internet. I thought that in a default install that should be possible?
My server is standalone, I do not use it as a gateway or something.
What the document refers to as Scenario 2

jcanfield

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +2/-0
    • View Profile
Re: Problem with external connections
« Reply #8 on: January 28, 2008, 01:51:43 am »
Not to make things more simplistic than they might be, but have you tried just adding a simple allow all rule for the internal networks?
« Last Edit: January 28, 2008, 01:53:26 am by jcanfield »
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius...and a lot of courage - to move in the opposite direction."  --  Albert Einstein

Maarten

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Problem with external connections
« Reply #9 on: January 28, 2008, 09:15:26 am »
Your version is newer than mine (because I cannot upgrade).

I have three options in the firewall section packet filter section
-Rules for internet access (I think I need this one) I get the error:The following controls are disabled because they would not affect your system if you hadn't any network interface marked as external
-Ebox services: Is configuring access tot SSH en LDAP, they are all on.
-Filtering Rules between internal networks: I tried this one (although I know it's internal and allowed evrything but still the same problems.

Your screenshot is off the first one isn't it?


Javier Amor Garcia

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1225
  • Karma: +12/-0
    • View Profile
Re: Problem with external connections
« Reply #10 on: January 30, 2008, 08:56:41 am »
Maybe you can manually grant access to the www, upgrade and then proceed to add the rule for internet access in the upgraded firewall module.
In your shell type:
  iptables -I OUTPUT 1 -p tcp --dport 80 -j ACCEPT

Then do the upgrade and proceed as Javi pointed out

Maarten

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Problem with external connections
« Reply #11 on: January 30, 2008, 09:03:19 am »
Thank you

This is what I did:

maarten@trinity:~$ ssh root@192.168.1.100
Password:
Last login: Mon Jan 28 09:01:17 2008 from 192.168.1.102
oracle:~#   iptables -I OUTPUT 1 -p tcp --dport 80 -j ACCEPT
oracle:~# sudo apt-get upgrade
Reading Package Lists... Done
Building Dependency Tree... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
W: Couldn't stat source package list http://ebox-platform.com ebox/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_ebox_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com extra/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_extra_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com main/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_main_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com security/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_security_Packages) - stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems
oracle:~# sudo apt-get upgrade
Reading Package Lists... Done
Building Dependency Tree... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
W: Couldn't stat source package list http://ebox-platform.com ebox/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_ebox_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com extra/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_extra_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com main/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_main_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com security/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_security_Packages) - stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems

And then I tried apt-get update
oracle:~# apt-get update
Err http://ebox-platform.com ebox/ Packages       
  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com ebox/ Release         
  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com extra/ Packages       
  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com extra/ Release       
  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com main/ Packages       
  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com main/ Release         
  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com security/ Packages   
  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com security/ Release     
  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/stable/ebox/Packages.gz  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/stable/ebox/Release  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/stable/extra/Packages.gz  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/stable/extra/Release  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/sarge/stable/main/Packages.gz  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/sarge/stable/main/Release  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/sarge/stable/security/Packages.gz  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/sarge/stable/security/Release  Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Reading Package Lists... Done
W: Couldn't stat source package list http://ebox-platform.com ebox/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_ebox_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com extra/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_extra_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com main/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_main_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com security/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_security_Packages) - stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems
E: Some index files failed to download, they have been ignored, or old ones used instead.


Any suggestions? Thanks!

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Problem with external connections
« Reply #12 on: January 30, 2008, 09:21:21 am »
You must set up a nameserver to resolve from. To do so, go to Network -> DNS and set at least a nameserver. Then, save changes and from command prompt, run the iptables command and an upgrade.
My secret is my silence...

Maarten

  • Zen Apprentice
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: Problem with external connections
« Reply #13 on: January 30, 2008, 09:30:01 am »
Thanks, but no success there. Like all the other machines on my network 192.168.1.1 was the DNS server. I also tried the DNS servers of my internet host but the same problems as before.

Javier Amor Garcia

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1225
  • Karma: +12/-0
    • View Profile
Re: Problem with external connections
« Reply #14 on: January 30, 2008, 09:45:03 am »
well, seeing you output it seems that you have name resolution but you can't do the http connection.
You can try to do a 'ping -c 3 www.ebox-platform.com', if the ping fails you have routing problems, if it succeeds maybe you are behind a firewall.