Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Re: Zentyal 2.2 protecting our /28 network, all IPs except one respons to ping
« on: May 29, 2012, 04:11:08 pm »
Sorry, here's some more information.
However, the only bit we're dealing with in the ISP - Zentyal network, 212.87.70.128/28
I don't know why the ethN numbers aren't sequential, maybe because two are PCI cards and the others are onboard/usb.
(It's a stop gap machine, our real one suffered a hardware failure)
Thanks,
James.
However, the only bit we're dealing with in the ISP - Zentyal network, 212.87.70.128/28
Code: [Select]
ISP -- 212.87.70.128/28 - eth1 - Zentyal --- eth6 - 192.168.17.0/24 (DMZ - Public servers)
\-- eth0 - 192.168.27.0/24 (LAN - internal desktop machines/servers)
\-- eth5 - 192.168.18.0/24 (route to other sites through VPN concentrator)
I don't know why the ethN numbers aren't sequential, maybe because two are PCI cards and the others are onboard/usb.
(It's a stop gap machine, our real one suffered a hardware failure)
Thanks,
James.
2
Installation and Upgrades / Re: Zentyal 2.2 protecting our /28 network, all IPs except one respons to ping
« on: May 29, 2012, 02:10:02 pm »
The only weird thing about 137 is that yesterday it was on the other side of the firewall (a windows server, with 137 on it's NIC), not NAT'd in the DMZ.
Now that same windows server is in the DMZ with a private address.
But I've rebooted the ISP router, packets for 137 are arriving at the Zentyal external NIC.
Now that same windows server is in the DMZ with a private address.
But I've rebooted the ISP router, packets for 137 are arriving at the Zentyal external NIC.
3
Installation and Upgrades / Re: Zentyal 2.2 protecting our /28 network, all IPs except one respons to ping
« on: May 29, 2012, 02:08:14 pm »
The network is 212.87.70.128/28
First address, 129, is the router to our ISP
We use 130 through 142, except 135
First address, 129, is the router to our ISP
We use 130 through 142, except 135
4
Installation and Upgrades / Zentyal 2.2 protecting our /28 network, all IPs except one respons to ping
« on: May 29, 2012, 01:39:37 pm »
Hi,
We have a Zenyal 2.2 box on a 4 NIC PC protecting our /28 network.
We've added most of the IP addresses in the range to the external NIC.
Then we added an ICMP service and an external to Zentyal rule, ACCEPT all ICMP.
All the addresses bar one respond to ping.
tcpdump shows all echo requests arriving at the external NIC
Everything except the address ending in 137 respond OK.
Interestingly, if we delete 137 and 136 from the external NIC, different things happen.
tcpdump shows the stack sending out ARP resquests for 136, but not for 137.
It just receives them and then nothing else happens.
This is utterly bizarre.
Anybody have any ideas? I can't even think how to start diagnosing further.
Thanks,
James.
We have a Zenyal 2.2 box on a 4 NIC PC protecting our /28 network.
We've added most of the IP addresses in the range to the external NIC.
Then we added an ICMP service and an external to Zentyal rule, ACCEPT all ICMP.
All the addresses bar one respond to ping.
tcpdump shows all echo requests arriving at the external NIC
Everything except the address ending in 137 respond OK.
Interestingly, if we delete 137 and 136 from the external NIC, different things happen.
tcpdump shows the stack sending out ARP resquests for 136, but not for 137.
It just receives them and then nothing else happens.
This is utterly bizarre.
Anybody have any ideas? I can't even think how to start diagnosing further.
Thanks,
James.
5
Installation and Upgrades / Re: Ran out of space, /var/lib/postgresql == 15GB!
« on: July 06, 2010, 03:40:42 pm »
Solved, needed to do:
12GB of space freed up.
Regards,
J1M.
Code: [Select]
$ sudo su postgres
$ psql
\c eboxlogs
delete from firewall;
vacuum full analyse;12GB of space freed up.
Regards,
J1M.
6
Installation and Upgrades / Re: Ran out of space, /var/lib/postgresql == 15GB!
« on: July 06, 2010, 10:35:07 am »
df shows that the disk went from 99% full to 79% full after the vacuumdb.
/var/lib/postgresql/8.3/main/base/16384 contains 12GB.
from psql:
100 million rows! Looks like purge didn't do much
I'm going to do DELETE FROM firewall.
For next time, is TRUNCATE safe?
J1M.
/var/lib/postgresql/8.3/main/base/16384 contains 12GB.
from psql:
Code: [Select]
eboxlogs=# select count(*) from firewall;
count
-----------
103298239
(1 row)100 million rows! Looks like purge didn't do much
I'm going to do DELETE FROM firewall.
For next time, is TRUNCATE safe?
J1M.
7
Installation and Upgrades / Re: Ran out of space, /var/lib/postgresql == 15GB!
« on: July 05, 2010, 07:39:11 pm »
trying:
It's, er, running.
I guess this may take some time.
J.
Code: [Select]
sudo su postgres
vacuumdb --dbname eboxlogs --full --analyzeIt's, er, running.
I guess this may take some time.
J.
8
Installation and Upgrades / Re: Ran out of space, /var/lib/postgresql == 15GB!
« on: July 05, 2010, 07:11:22 pm »
Hi,
Purging the logs didn't free up any space.
Will a VACUUM do the trick?
http://www.postgresql.org/docs/7.4/interactive/sql-vacuum.html
Not sure how I can do it though!
J.
Purging the logs didn't free up any space.
Will a VACUUM do the trick?
http://www.postgresql.org/docs/7.4/interactive/sql-vacuum.html
Not sure how I can do it though!
J.
9
Installation and Upgrades / Re: Ran out of space, /var/lib/postgresql == 15GB!
« on: June 03, 2010, 06:29:47 pm »
eBox Logs? No, just the /var/logs
I need to reboot it first but I'll try that next.
I need to reboot it first but I'll try that next.
10
Installation and Upgrades / Ran out of space, /var/lib/postgresql == 15GB!
« on: June 03, 2010, 03:22:09 pm »
Hi,
Our ebox has run out of disk space
An 18GB disk:
15GB in the postgresql database folder:
Some sort of clean up I can run?
Sadly we're still on ebox 1.0
J.
Our ebox has run out of disk space
An 18GB disk:
Code: [Select]
root@router-internal:/# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 18G 16G 1.8G 90% /
varrun 505M 56K 505M 1% /var/run
varlock 505M 0 505M 0% /var/lock
udev 505M 44K 505M 1% /dev
devshm 505M 0 505M 0% /dev/shm15GB in the postgresql database folder:
Code: [Select]
root@router-internal:/# du -h / | grep '[0-9]G\>'
du: cannot access `/proc/15946/task/15946/fd/3': No such file or directory
du: cannot access `/proc/15946/task/15946/fdinfo/3': No such file or directory
du: cannot access `/proc/15946/fd/3': No such file or directory
du: cannot access `/proc/15946/fdinfo/3': No such file or directory
14G /var/lib/postgresql/8.3/main/base/16384
14G /var/lib/postgresql/8.3/main/base
15G /var/lib/postgresql/8.3/main
15G /var/lib/postgresql/8.3
15G /var/lib/postgresql
15G /var/lib
15G /var
15G /Some sort of clean up I can run?
Sadly we're still on ebox 1.0
J.
11
Installation and Upgrades / [SOLVED] Can't get ebox to ebox vpn tunnel to work
« on: June 03, 2010, 03:17:33 pm »
Fixed. Upgraded to 10.04, ebox 1.5.1, that didn't do it. Uploaded the ebox to ebox tunnel package again, now it works.
Regards,
James.
Regards,
James.
12
Installation and Upgrades / Re: Can't get ebox to ebox vpn tunnel to work, "Cannot activate the client because."
« on: June 01, 2010, 04:28:03 pm »
Hi,
I've upgraded to 10.04 and ebox 1.5.1
The service button has changed to enabled but ticking it still gives the message "Cannot activate..."
I moved the ebox log to ebox.log.1 but ebox.log is created but empty when I try to enable the client.
Regards,
James.
I've upgraded to 10.04 and ebox 1.5.1
The service button has changed to enabled but ticking it still gives the message "Cannot activate..."
I moved the ebox log to ebox.log.1 but ebox.log is created but empty when I try to enable the client.
Regards,
James.
13
Installation and Upgrades / Can't get ebox to ebox vpn tunnel to work, "Cannot activate the client because."
« on: June 01, 2010, 01:42:41 pm »
Hi, when trying to add a VPN client to a remote site ebox I click add, enter a name and tick the service box.
When I press Add, I get this error:
"Cannot activate the client because is not fully configured; please edit the configuration and retry"
In ebox.log I get the following:
Can anybody explain to me whats gone wrong?
I tried the commands it lists as not working, they return nothing but they don't error.
We're running ebox 1.3.5
If this is a bug because we're running one of the develoment branches, how (without using the install disk) do we get 1.4 onto this 32bit Ubuntu 8.04 server box?
Thanks,
James.
When I press Add, I get this error:
"Cannot activate the client because is not fully configured; please edit the configuration and retry"
In ebox.log I get the following:
Code: [Select]
2010/06/01 12:30:34 DEBUG> LogFiltering.pm:70 EBox::Events::Model::Watcher::LogFiltering::new - Missing argument: tableInfo
2010/06/01 12:30:34 WARN> Events.pm:526 EBox::Events::__ANON__ - model EBox::Events::Model::Watcher::LogFiltering cannot be instantiated
2010/06/01 12:30:39 DEBUG> LogFiltering.pm:70 EBox::Events::Model::Watcher::LogFiltering::new - Missing argument: tableInfo
2010/06/01 12:30:39 WARN> Events.pm:526 EBox::Events::__ANON__ - model EBox::Events::Model::Watcher::LogFiltering cannot be instantiated
2010/06/01 12:30:39 ERROR> Sudo.pm:215 EBox::Sudo::_rootError - root command /usr/bin/test -d '/etc/openvpn/spur.conf.d' failed.
Error output:
Command output: .
Exit value: 1
2010/06/01 12:30:39 ERROR> Sudo.pm:215 EBox::Sudo::_rootError - root command /usr/bin/test -e '/etc/openvpn/spur.conf.d' failed.
Error output:
Command output: .
Exit value: 1
2010/06/01 12:30:39 ERROR> Sudo.pm:215 EBox::Sudo::_rootError - root command /usr/bin/test -f '/etc/openvpn/spur.conf.d/caCertificate' failed.
Error output:
Command output: .
Exit value: 1
2010/06/01 12:30:39 DEBUG> Clients.pm:141 EBox::OpenVPN::Model::Clients::_validateService - Cannot activate the client because is not fully configured; please edit the configuration and retry
Can anybody explain to me whats gone wrong?
I tried the commands it lists as not working, they return nothing but they don't error.
We're running ebox 1.3.5
If this is a bug because we're running one of the develoment branches, how (without using the install disk) do we get 1.4 onto this 32bit Ubuntu 8.04 server box?
Thanks,
James.
14
Installation and Upgrades / Re: How do I configure squid and make it publically accessible?
« on: June 29, 2009, 10:15:53 am »
What? New Installer? Have you replied to the correct thread?
J1M.
J1M.
15
Installation and Upgrades / Re: How do I configure squid and make it publically accessible?
« on: June 08, 2009, 05:04:17 pm »
Hi,
No, they are all static
/28 network.
One is the next gateway off to the internet with the modem in it.
11 real IPs on eth0
1 on a hardware VPN concentrator.
eth1 through eth4 are all static, connecting to LAN, DMZ, VPNs and one not connected.
Regards,
J1M.
No, they are all static
/28 network.
One is the next gateway off to the internet with the modem in it.
11 real IPs on eth0
1 on a hardware VPN concentrator.
eth1 through eth4 are all static, connecting to LAN, DMZ, VPNs and one not connected.
Regards,
J1M.