Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: a.mcdear on September 14, 2010, 01:22:36 am

Title: Zentyal 2.0.1 Port Forward problems
Post by: a.mcdear on September 14, 2010, 01:22:36 am
Forgive me if this is basic, but I did look in the forum and didn't find my answer. I just switched from Ebox 1.4-1 to Zentyal 2.0-1. So far, everything is great except my port forwards. I don't know if I overlooked something simple, I cannot get a simple port forward to work.

I have already configured my firewall rules for internal networks, and those rules seem to work just fine. Previously, I don't recall having to add any rules in the "External to Internal Networks" list, or in the "External Networks to Zentyal" list. I simply added my port forward in that section and it worked.

This time with Zentyal 2.0 installed, I added my port forward rules and I get a message "connection refused" when attempting to connect to a computer on the internal network from over the internet. Does anybody know how to fix?

For testing, I added a rule to pass all traffic from external to zentyal, pass all traffic coming out of zentyal, and pass all traffic from external to internal... still refusing my connection attempt. Any ideas?
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: vishnu.kumar on September 15, 2010, 03:55:46 pm
@mcdear
I am also having the same issue.  ???
I am trying to redirect the traffic on port 90 in the zentyal machine to a internal machine.
but its giving a connection refused.
Even if i edit the squid.conf and spceify the port as a Safe_port,
it gets over-written when HTTP Proxy is restarted.

Guys, is there any way we can specify these ports as safe in squid? :-\
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: a.mcdear on September 16, 2010, 04:46:01 am
I'm still having no luck. Even when I configure my firewall such that it should pass any traffic from any source and port to any destination, I'm still getting a refused connection from outside.

What I'm trying to do is forward all traffic that comes in on port 1727 to port 3389 of a specific ip. So far nothing seems to work.

Do I need to uninstall and reinstall the firewall module? Is anybody else using Zentyal core 2.0.1 and has port forwarding that DOES work?
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: vishnu.kumar on September 16, 2010, 04:56:44 am
No man, its not firewall.
have a look at the error page.
Its coming from squid.
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: a.mcdear on September 17, 2010, 09:16:28 am
Do you have any idea which modules rely on squid so I can disable them and hopefully bypass the problem?

I was under the assumption that squid was primarily part of the traffic shaping module. When I disable traffic shaping and leave only Network, Objects, Firewall, DNS and Monitor enabled, I'm still not able to get traffic to pass.
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: vishnu.kumar on September 20, 2010, 09:10:08 am
there is a module named HTTP proxy.
check disabling that.

But in my case, i need that module.
Can anyone here tell me a woraround other disabling squid?
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: a.mcdear on September 22, 2010, 11:46:30 pm
I removed all Zentyal software that uses squid with the software manager, however it didn't actually remove or disable anything.... it just removed it from the Zentyal UI so I can no longer change any settings.

So now Zentyal tells me that these modules aren't installed and I can't configure them anymore from the UI, but when I can see that squid still starts up by watching the console screen when the Zentyal box boots. So there is a problem with the software module. Cause its not actually disabling or removing software from the machine... only removes it from the Zentyal interface but the packages stay installed and active (and misconfigured, leading the whole box not to work properly).

Also, once packages are uninstalled, the software module will not re-install them if I ask it to. It says it installed and restarts Zentyal yet the software silently fails to install and doesn't show up in Zentyal again.

I have tried completely re-downloading the install media and re-installing the whole system and it still fails to properly work.

I got sick of these problems and have reverted back to Ebox 1.4-2 (ebox core vers 1.4.9). Not only does Ebox seem to work correctly, its also MUCH faster on the same hardware as compared to Zentyal. It honestly seems to me that Zentyal was rushed together for its September 1st release date when it wasn't ready. Or at least it doesn't work well on MY hardware.... Ebox 1.4 still runs perfect as it always used to....
I guess I'll try Zentyal again once the next update is released, but in its current form it just doesn't seem to work right.
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: MITSolutions on October 10, 2010, 03:02:09 am
Same issue here... Will this be fixed or must I also revert?
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: sixstone on October 11, 2010, 09:11:44 am
Hi there,

Which port forwarding rule are you adding?

Could you try to set the log switch to see if they are working as expected? To do so, enable Logs module as well and see the logging under Logs --> Query Logs --> Firewall.

Best regards,
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: FutureTechSys on October 12, 2010, 12:03:44 am
My example, as I have used it this way:

mydomain.com -> My Zentyal box that handles file sharing, Zarafa, antivirus, etc.

My router is 192.168.1.1
Zentyal is 192.168.1.20
PC is 192.168.1.100

Firewall -> Packet Filter -> Internal networks to Zentyal: (this is very condensed)

Source: Any / service: Mail and HTTP

External nets to Zentyal:
192.168.1.100/32 Allow -> eBox administration (these two allow my PC to admin Zentyal, etc.)
192.168.1.100/32 Allow -> Any
Source: Any -> Mail System (these two allow the outside world to talk directly to your mail and HTTP)
Source: Any -> HTTP

External nets to Internal nets:
Source: 192.168.1.100/32(PC IP) allow to 192.168.1.20/32 (Zentyal IP)
Source: Any allow to 192.168.1.20/32 Service: Mail System
Source: Any allow to 192.168.1.20/32 Service: http



Some of these are probably unnecessary, as I no longer have a separate external and internal, I have internal only.

Make sure the silly stuff like your router's port forwarding is set up correctly.

Hope this helps somebody!
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: MITSolutions on October 12, 2010, 02:36:14 am
My issue was corrected by updating everything to latest from version 2.0.1. I was just trying to get ssh and https access from behind my router. After doing an update on zentyal everything started working.
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: FutureTechSys on October 12, 2010, 06:25:56 pm
Awesome!  Whether windows or linux, im always a fan of regular system updates.
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: kyser on October 25, 2010, 01:05:33 am
Hi Guys,
          I'm having a similar issue with my setup, core version 2.0.5 latest updates installed as of yesterday. After I installed the updates the proxy server was not responding and I had to remove it and re-install it before it would show as running in dashboard. I don't know if that helps.

I have file sharing turned on http proxy on with the filter set to allow all. I have set up transmission on the same box for my torrents. I setup packet filtering to allow a service that I called "transmission" on a specific port and an object called "transmission" and added it to the list from external networks to Zentyal. When I check the logs it shows traffic incoming to that port that is dropped due to DOS attack. My router settings must be fine if the packets are getting logged. But when I check port forwarding from www.canyouseeme.org it either gets rejected or no response. The torrent site I use also confirms that I’m not connectable.  

I have scanned through about 20 pages of the forums looking for help and I just don’t see an answer for my issue. Is there something I’m doing wrong? Or another setting I need to change. Sorry if I wrote the settings the wrong way around as I don’t have remote access to the server right now = I’m at work.
Thanks,
Kyser

Edit
I have resolved the issue by changing the settings in packet filter to allow any source and the service for transmission to accept TCP/UDP on any source and destination port; basically I have turned off the firewall. If I even try to tighten it up to a port range or just TCP it drops all the packets for Transmission
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: foxyboy on March 16, 2011, 10:33:15 am
My issue was corrected by updating everything to latest from version 2.0.1. I was just trying to get ssh and https access from behind my router. After doing an update on zentyal everything started working.

Hi

I am urgently trying to do the exact same thing. Can you please list how you got it working.
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: Marcus on March 31, 2011, 02:23:16 pm
Hello,
I had the same bad experience.  It end up being a code 14 (14 inches in front of the screen).

So things to make sure when setting up the port forward:
1) Service added
2) Firewall External -> Zentyal open on the specified port
3) Firewall External -> Internal open on the specified port
4) Port forwarding MUST use the proper(external) network interface card **That was my error
5) Saving changes

And everything worked as expected

Best,

Marcus
Title: Re: Zentyal 2.0.1 Port Forward problems
Post by: kleo on April 12, 2011, 10:48:14 pm
let see, i install, zentyal 2.0 and i´m new user, de firewall, have a link that says, Port Fowarding, i recomd you to see there, it.s look prety easy for my