Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - sarraceno

Pages: 1 [2]
16
Installation and Upgrades / Re: Firewall rules for PPTP server in Zentyal 2.2
« on: December 20, 2011, 07:19:51 pm »
Quote from: sarraceno on December 20, 2011, 07:12:39 pm
Quote from: jsalamero on December 08, 2011, 01:02:49 pm
Dudes, check the logs /var/log/syslog, /var/log/messages and so on... saying doesn't work doesn't help to diagnose what's going wrong.

Let me put this way, trying to achieve your request,

* I'm a...

So, any ideas?

Regards!

By the way, simple telnet to the ssh port on the 192.168.0.253 doesn't work and no trace on the log of the server.
Can this be something about source, and we need some kind of NAT operation for this VPN addresses?

On my server that I did configured PPTP by hand I had to apply some routing configurations... also masquerade for one specific issue.

Thanks!

17
Installation and Upgrades / Re: Firewall rules for PPTP server in Zentyal 2.2
« on: December 20, 2011, 07:12:39 pm »
Quote from: jsalamero on December 08, 2011, 01:02:49 pm
Dudes, check the logs /var/log/syslog, /var/log/messages and so on... saying doesn't work doesn't help to diagnose what's going wrong.

Let me put this way, trying to achieve your request,

* I'm able to connect and establish connection to any service on the server, but get routed to any other host on the server LANs and WAN nothing.


$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 ppp0
8x.2xx.1xx.1xx  192.168.150.254 255.255.255.255 UGH   0      0        0 eth0
83.2xx.1xx.1xx  192.168.150.254 255.255.255.255 UGH   0      0        0 eth0
link-local      *               255.255.0.0     U     1000   0        0 eth0
192.168.2.1     *               255.255.255.255 UH    0      0        0 ppp0
192.168.150.0   *               255.255.255.0   U     1      0        0 eth0
192.168.160.0   192.168.150.241 255.255.255.0   UG    0      0        0 eth0
$ tracepath 192.168.0.253
 1:  192.168.2.100                                         8.727ms pmtu 1400
 1:  192.168.2.1                                          34.237ms
 1:  192.168.2.1                                          40.077ms
 2:  no reply
 3:  no reply
 4:  no reply
 5:  no reply
 6:  no reply
^C
$ tracepath 192.168.0.252
 1:  192.168.2.100                                         0.247ms pmtu 1400
 1:  192.168.0.252                                        38.004ms reached
 1:  192.168.0.252                                        33.699ms reached
     Resume: pmtu 1400 hops 1 back 64


* 192.168.0.253 is a host aside with the server that has 192.168.0.252
* 192.168.2.0 is the PPTP network
* 192.168.2.100 is the PPTP user ip assigned.

At syslog I have:


Dec 20 18:06:52 gw1 named[2023]: client 192.168.2.100#58707: query (cache) '100.2.168.192.in-addr.arpa/PTR/IN' denied
Dec 20 18:06:57 gw1 named[2023]: client 192.168.2.100#53512: query (cache) '1.2.168.192.in-addr.arpa/PTR/IN' denied
Dec 20 18:07:00 gw1 slapd[2521]: connection_read(27): no connection!
Dec 20 18:07:02 gw1 slapd[2521]: last message repeated 15 times
Dec 20 18:07:02 gw1 named[2023]: client 192.168.2.100#45694: query (cache) '1.2.168.192.in-addr.arpa/PTR/IN' denied
Dec 20 18:07:12 gw1 kernel: [ 5301.081846] ebox-firewall drop IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:c6:a9:12:4d:08:00 SRC=192.168.0.102 DST=192.168.0.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=56908 PROTO=UDP SPT=138 DPT=138 LEN=209 MARK=0x1
Dec 20 18:07:12 gw1 kernel: [ 5301.084762] ebox-firewall drop IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:dc:70:86:08:00 SRC=192.168.0.133 DST=192.168.0.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=23 DF PROTO=UDP SPT=137 DPT=137 LEN=58 MARK=0x1
Dec 20 18:07:12 gw1 kernel: [ 5301.085121] ebox-firewall drop IN=eth3 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:dc:70:87:08:00 SRC=192.168.29.133 DST=192.168.29.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24 DF PROTO=UDP SPT=137 DPT=137 LEN=58 MARK=0x1
Dec 20 18:07:13 gw1 kernel: [ 5301.667802] ebox-firewall drop IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:c6:a9:12:4d:08:00 SRC=192.168.0.102 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=56912 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Dec 20 18:07:13 gw1 kernel: [ 5302.211549] ebox-firewall drop IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:c6:a9:12:4d:08:00 SRC=192.168.0.102 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=56918 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Dec 20 18:07:13 gw1 kernel: [ 5302.211575] ebox-firewall drop IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:c6:a9:12:4d:08:00 SRC=192.168.0.102 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=56919 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Dec 20 18:07:13 gw1 kernel: [ 5302.211595] ebox-firewall drop IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:c6:a9:12:4d:08:00 SRC=192.168.0.102 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=56920 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Dec 20 18:07:13 gw1 kernel: [ 5302.211615] ebox-firewall drop IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:c6:a9:12:4d:08:00 SRC=192.168.0.102 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=56921 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Dec 20 18:07:13 gw1 kernel: [ 5302.211634] ebox-firewall drop IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:c6:a9:12:4d:08:00 SRC=192.168.0.102 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=56922 PROTO=UDP SPT=137 DPT=137 LEN=76 MARK=0x1
Dec 20 18:07:13 gw1 kernel: [ 5302.212335] ebox-firewall drop IN=eth3 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:0c:dc:70:87:08:00 SRC=192.168.29.133 DST=192.168.29.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=25 DF PROTO=UDP SPT=137 DPT=137 LEN=58 MARK=0x1


So, any ideas?

Regards!

18
Portuguese / Re: Controle HTTPS no Proxy Transparente ou Autenticado
« on: December 01, 2011, 12:24:05 pm »
Caríssimos, se pudessemos efectuar manipulação das comunicações de HTTPS significaria que teriamos acesso ao seu conteudo, logo a funcionalidade de HTTPS (segurança/encriptação) estava desfeita.

No entanto existe segundo me peslicaram pelo menos um proxy de HTTPS (parece um contracenso face ao que disse antes), no entanto este sistema não é legal/válido, pois faz uso da técnica "man in the middle", em que no lugar de estarmos a establecer uma ligação segura com o site destino estamos com um intermédio desconhecido... q poderá...
O que nem é compativel com certos sites que fazem uso de todas as potencialidades do SSL e por tal não se consegue efectuar assim uma sessão HTTPS.

A solução é firewall... plo menos do que conheço nos clientes medios e empresariais que já tive.

19
Portuguese / Re: Como integrar alias de postfix com a gestão de mail interna do Zentyal
« on: December 01, 2011, 12:13:23 pm »
Obrigado!

Logo que possivel farei os testes e parilharei o resultado.

Cumprimentos!

20
Portuguese / Como integrar alias de postfix com a gestão de mail interna do Zentyal
« on: October 21, 2011, 11:49:48 pm »
Tenho um postfix já com 9 anos.
Nele está configurado um majordomo 2 com umas mailling lists.

Para quem não conhece, o majordomo recebe em seus scripts os mails por alias configurados para o postfix.
No final os scripts do majordomo usa o posfix para fazer sair os seus mails já processados como simples relay.

A minha questão prende-se com a necessidade de usar o Zentyal normalmente  e na mesma máquina ter o majordomo 2. Há alguem com experiência nesta arquitectura?

Como evito o possível esmagamento das minhas configurações para o majordomo 2 a quando de configurações via GUI do Zentyal?

Alguém tem outra sugestão?
Obrigado!

Pages: 1 [2]