Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Simon Matthews

Pages: [1] 2 3
1
Installation and Upgrades / Re: Zentyal 8
« on: February 28, 2024, 01:39:34 pm »
This product is a secuirty nightmare. I wouldn't feel comfortable deploying it anywhere.

2
Contributions / Tips&Tricks / Features Requests / What Is Going On?
« on: February 28, 2024, 01:37:15 pm »
I used to deploy Zentyal a long time ago for customers. If I was still working in that role, I would definitely not be deploying it any more. The product is stuck in the past. Although the web interface is fantastic in many ways, the rest of the product is deeply flawed.

It's amazing that there is absolutely no support for IPv6. To me that makes a product like this unusable.

I received the email saying that version 8 has now been released. I thought I would have a look at how the product is going and deployed it to an Linux Container. There are so many problems with this software. After installation I noticed it had done bizarre things to the permissions of critical system files. I discovered this in an attempt to force netplan to apply network and it was complaining about insecure permissions on its yaml files.

If your server is hacked in any way, it is done for.

The funniest thing that happened was I forgot I even had a user account here because it was been around 12 years since I last posted. I did a forget password and in the email to reset it, it said my IP was 172.18.0.10. What the heck is going on here? Do you actually receive money from people for this product?

Where is the MFA support? OIDC? SAML? This is hilarious.

3
You're doing an amazing job. This is fantastic. I will definitely be playing around with this.

4
Installation and Upgrades / Re: Error installing onto Ubuntu 10.04 Desktop
« on: September 12, 2010, 04:41:43 am »
sudo dpkg --configure -a

5
Installation and Upgrades / Block HTTPS by URL
« on: September 11, 2010, 12:19:58 pm »
I thought it was possible for squid to block HTTPS sites just by the URL. This is currently not working. I am not using transparent proxy.
I have Zentyal 2.0 installed.
What am I doing wrong?

6
Installation and Upgrades / Dansguardian Wildcards
« on: February 18, 2009, 01:50:36 am »
Is there any way to use wildcards on filtered domains?

7
Installation and Upgrades / Re: Reset Firewall settings to default?
« on: December 11, 2008, 02:10:13 am »
This is a pretty big problem with the iptables settings.

Just a quick note on my settings:

eth0
-external
-ip 192.168.0.2

eth1
-internal
-ip 192.168.1.1

tap0
-VPN
-ip 10.1.1.1

The right setting is in there for the proxy the only problem is that it gets blocked before it gets to this rule:
Quote
Chain imodules (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     udp  --  tap0   any     anywhere             anywhere            udp dpt:route
  369 17712 ACCEPT     tcp  --  eth1   any     anywhere             anywhere            state NEW tcp dpt:3128

This is the order the rules are read in:
Quote
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 132K   64M ACCEPT     all  --  lo     any     anywhere             anywhere
 191K  155M ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    2   120 ACCEPT     icmp !f  any    any     anywhere             anywhere
21382 7050K inospoof   all  --  any    any     anywhere             anywhere
21382 7050K iexternalmodules  all  --  any    any     anywhere             anywhere
21382 7050K iexternal  all  --  any    any     anywhere             anywhere
10634 3542K inoexternal  all  --  any    any     anywhere             anywhere
10634 3542K imodules   all  --  any    any     anywhere             anywhere
10265 3524K iintservs  all  --  any    any     anywhere             anywhere
10265 3524K iglobal    all  --  any    any     anywhere             anywhere
 6095 2927K idrop      all  --  any    any     anywhere             anywhere
inospoof doesn't have any rules so it goes to iexternalmodules
Quote
Chain iexternalmodules (1 references)
 pkts bytes target     prot opt in     out     source               destination
10586 3540K RETURN     all  --  eth1   any     anywhere             anywhere
    0     0 ACCEPT     udp  --  tap0   any     anywhere             anywhere            udp dpt:route
    0     0 ACCEPT     tcp  --  eth0   any     anywhere             anywhere            tcp dpt:openvpn
Now I am pretty sure the RETURN rule is a result of me setting all internal to external as allow all in ebox.
Quote
Chain iexternal (1 references)
 pkts bytes target     prot opt in     out     source               destination
10586 3540K RETURN     all  --  eth1   any     anywhere             anywhere
10748 3508K ACCEPT     all  --  any    any     anywhere             anywhere            state NEW
There is more in that chain but they aren't important. RETURN rule again set as a result of me setting internal to ebox as allow all in ebox.
Now this is where I think the problem could lie...
Quote
Chain inoexternal (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 idrop      all  --  eth0   any     anywhere             anywhere            state NEW
This is on the INPUT rules so I was thinking that this rule would be dropping all  data that hits another rule. This one is just above the imodules chain which contains the rule to allow all through eth1 for 3128...

8
Installation and Upgrades / Re: Reset Firewall settings to default?
« on: December 09, 2008, 07:23:37 am »
It seems that the settings implemented by enabling the firewall logging were denying all requests. I think it is because it was Redirecting non-dropped packets to the LOG and the log was then redirecting them and dropping them.

9
Installation and Upgrades / Reset Firewall settings to default?
« on: December 09, 2008, 06:53:05 am »
I was wondering if there is a way to reset all the firewall settings to default.
I was going to try:
Code: [Select]
apt-get purge ebox-firewallBut that wanted to completely remove ebox. I have purged the proxy before and reinstalled it without having to do this.

The reason I need to reset the firewall settings to default is because for some reason it is gradually blocking requests sent to the proxy port 3128. If I restart the server everyone is able to get to sites for about 15 minutes before they start getting blocked again. I can see this in the logs showing that port 3128 is being denied.

Any help appreciated.

10
Installation and Upgrades / Re: Users / Groups Permission
« on: December 06, 2008, 03:16:43 am »
Javi... this seems to be the same SID problem as most people have had.

11
Installation and Upgrades / Re: Firewall blocking Road Warriors
« on: December 06, 2008, 03:13:38 am »
BUMP

12
Cheers for the help.
It seems the problem was with certificates because it is all working fine now after playing around with the certificates.

Also, the problem with SSH I think may have something to do with the configuration possibly not allowing connections from all hosts.

13
I have found that iptables seems to be allowing port 22 through but for some reason the Connection is being refused by sshd. I changed the ssh firewall rule to LOG instead of allow and they were coming up in the logs but I didn't even recieve the "Connection Refused" error message like I do when it is allowed.

Yeah, I've changed the IP for the server and OpenVPN connects but it continuously cycles the connection.

14
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 04, 2008, 03:15:56 am »
It seems that the IP's being in the same subnet were causing problems.
Thanks heaps.

15
Ok... now I had previously had access via SSH.

IP Addresses were originally:
External: 192.168.1.101
Internal: 192.168.1.102
Gateway: 192.168.1.1

This was purely for testing.

Now I have made it a production server and changed the IPs:
External: 192.168.0.2
Internal: 192.168.1.1
Gateway: 192.168.0.1

The proxy is now working correctly which I previously had problems with (most likely due to the IP configuration).
Now I am unable to SSH to the box. It looks like iptables is now completely blocking port 22.
OpenVPN still connects but then is instantly dropped off but reconnects again straight away and this loops.
This is the error I get when it drops out:
Quote
Thu Dec 04 12:44:16 2008 TCP/UDP: Closing socket
Thu Dec 04 12:44:16 2008 SIGUSR1[soft,connection-reset] received, process restarting
Thu Dec 04 12:44:16 2008 Restart pause, 5 second(s)

Pages: [1] 2 3