This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
News and Announcements / Re: Usage of eBox Platform
« on: August 28, 2009, 01:31:57 pm »
All of the above comments resonated with my own experience, so I won't give a repeat of it. I've used a range of appliance routers (e.g., IPCop, Untangle) and I've had to tear down eBox a couple of times when I couldn't configure it to do what I needed. I'm getting ready to see if the current release will be a better fit.
- I'm no longer filtering email, as I'm routing through Postini (the rates are cheap enough).
- I would recommend some standard configurations for SOHO/SMB:
- Easy LAN segmentation (DMZ, internal, external, wifi)
- Default setups, which provide nearly everything to get started and clear areas for configuration.
- VPN is becoming more common for mobile professionals, and it's always been frustrating to configure.
- I'm no longer filtering email, as I'm routing through Postini (the rates are cheap enough).
- I would recommend some standard configurations for SOHO/SMB:
- Easy LAN segmentation (DMZ, internal, external, wifi)
- Default setups, which provide nearly everything to get started and clear areas for configuration.
- VPN is becoming more common for mobile professionals, and it's always been frustrating to configure.
2
Installation and Upgrades / [SOLVED] Re: Multiple NICS and rerouting inbound HTTP
« on: September 08, 2008, 04:09:24 pm »
Javi,
I didn't get a chance to read your note in time. I went ahead and de-configured the eBox and started from scratch. This time when I got to setting up the firewall rules for outbound access, it made sense that eBox was looking for a subnet range. Of course it had to be 192.168.1.0/24 !
I wasn't thinking in that way on my initial set-up, because I just assumed some sort of route was going to be configured for everything on eth1. Why ? Because that was my experience on IPCop and I've carried forward those perceptions.
So, the multiple NICS are humming, nicely. The port forwarding worked immediately for HTTP and SMTP on eth2. The DHCP is working great.
I'm looking forward to making the mail filters work and adding OpenVPN. Then, I'll be singing to everyone about eBox.
Thanks again, Javi.
I didn't get a chance to read your note in time. I went ahead and de-configured the eBox and started from scratch. This time when I got to setting up the firewall rules for outbound access, it made sense that eBox was looking for a subnet range. Of course it had to be 192.168.1.0/24 !
I wasn't thinking in that way on my initial set-up, because I just assumed some sort of route was going to be configured for everything on eth1. Why ? Because that was my experience on IPCop and I've carried forward those perceptions.
So, the multiple NICS are humming, nicely. The port forwarding worked immediately for HTTP and SMTP on eth2. The DHCP is working great.
I'm looking forward to making the mail filters work and adding OpenVPN. Then, I'll be singing to everyone about eBox.
Thanks again, Javi.
3
Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP
« on: September 07, 2008, 12:49:00 am »
Javi,
The /32 setting was the only setting that eBox would accept. It didn't make sense to me when I did the input, but eBox wouldn't accept /24. Weird.
I'm going to review the initial settings over this weekend, but I'm drawing a blank. I've doubled checked the NIC settings (ifconfig), and everything is set just as I recorded it for you.
The /32 setting was the only setting that eBox would accept. It didn't make sense to me when I did the input, but eBox wouldn't accept /24. Weird.
I'm going to review the initial settings over this weekend, but I'm drawing a blank. I've doubled checked the NIC settings (ifconfig), and everything is set just as I recorded it for you.
4
Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP
« on: September 02, 2008, 01:32:09 pm »
Thanks, Javi !
I'll rework it tonight and let you know the results. The reason I thought there was a need for two gateways, was based on the comments in the wiki.
I appreciate your feedback !
I'll rework it tonight and let you know the results. The reason I thought there was a need for two gateways, was based on the comments in the wiki.
I appreciate your feedback !
5
Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP
« on: September 02, 2008, 01:28:23 am »I spent some more time on the ebox, today and I'm still fuzzy about the GUI. For instance, I have DHCP successfully bonded to one of the NICS and the ebox is connected to my DSL router. If I'm on the ebox, I can access the Internet. However, if I connect via DHCP (I use dhclient in prompt, so I can see the activity), that client is unable to access the Internet.
So, here are all the basic configuration details:
Active Module status:
network
firewall
ntp
dhcp server
logs
Domain Name Server
NETWORK
Network interfaces:
Name: eth0
Method: static
External: YES
IP: 66.92.167.36
Netmask: 255.255.255.0
(No virtual interfaces)
ETH0 connects to the DSL router. It's working fine.
Name: eth1
Method: static
External: no
IP: 192.168.1.1
Netmask: 255.255.255.0
(No virtual interfaces)
ETH1 is for the DHCP server and clients. It's the internal LAN
Name: eth2
Method: static
External: no
IP: 192.168.2.1
Netmask: 255.255.255.0
(No virtual interfaces)
ETH2 is for a web and mail server on a separate system.
DNS: 192.168.1.1
216.231.41.2
Routes: I tried it with none (it seemed optional). But, when I couldn't access the Internet from the ETH1 segment, I added the following route from the Network to the Gateway:
192.168.1.1/32 -> 66.92.167.36
Gateways: I have two Gateways, one for the Internet and one for the internal ETH1.
Internet Gateway (ETH0), 66.92.167.36, ETH0 (set as default)
ETH1 Gateway, 192.168.1.1, ETH1
OBJECTS
The ebox has no objects defined.
SERVICES
I haven't added any extra services.
FIREWALL
Packet filtering has been set up in these categories:
From Internal networks to ebox:
The following protocols/services accept any source: ipp, samba, http, ntp, mail system, dns, dhcp, tftp, ssh
For Internal networks, each of the NICS have been configured to access outside destinations:
66.92.167.36/32- Any - Any - "Outbound ETH0"
192.168.1.1/32 - Any - Any - "Outbound ETH1"
192.168.2.1/32 - Any - Any - "Outbound ETH2"
For traffic coming out of ebox
Any - Any - "Open up outbound for now"
For traffic coming in to ebox
No IPs are configured to accept connections
Redirects:
One redirect is in place, but I haven't tested it.
Interface: ETH0, External Port: 80, Protocol: TCP, IP: 192.168.2.2, PORT: 80
USERS Not configured
GROUPS Not configured
WEB SERVICE Not configured
OPENVPN Not configured
Japper Service: Not configured
PRINTERS: Not configured
DHCP:
Interface: ETH1
Default Gateway: Configured Ones, ETH1 Gateway
Search domain: None
Primary Nameserver: local eBox DNS
Secondary nameserver: <blank>
DHCP Ranges:
IP: 192.168.1.1
Subnet: 192.168.1.0/24
Available ranges: 192.168.1.1 -254
I created a range ("Range 1") from 192.168.1.50 to 192.168.1.100.
No fixed addresses
FILE SHARING: Not configured
TRAFFIC SHAPING: Not configured
SOFTWARE MANAGEMENT: Not configured
System is up to date
Automatice updates: Not configured
LOGS: I did set them for one week
HTTP PROXY: Not configured
MAIL: Not configured
DNS: Not configured
CERTIFICATE MANAGER: Not configured
EVENTS: Not configured
6
Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP
« on: September 01, 2008, 06:13:46 pm »
Alright, the best news is that everything sounds do-able. Your comments are very appreciated.
I've read through the eboxplatform forums, the wiki, and two years of the e-mail list.
My ebox is running (with the A, B, C NICS) and everything looks good (it's still not configured, but it's working).
The "smart host" option is what I was thinking would be a good choice.
The "A" NIC will be the gateway.
Now, I just have to configure the ebox to do these things. It's the creation of "objects" and "network services" that abstract out the details. I'm not sure what I'm doing. I'm not looking for a step-by-step, just "first configure an object, then create a network service."
Or, something.
When I'm done, I'll blog a more detailed overview on http://www.leadershipbynumbers.com so others can follow along.
Thanks !
I've read through the eboxplatform forums, the wiki, and two years of the e-mail list.
My ebox is running (with the A, B, C NICS) and everything looks good (it's still not configured, but it's working).
The "smart host" option is what I was thinking would be a good choice.
The "A" NIC will be the gateway.
Now, I just have to configure the ebox to do these things. It's the creation of "objects" and "network services" that abstract out the details. I'm not sure what I'm doing. I'm not looking for a step-by-step, just "first configure an object, then create a network service."
Or, something.
When I'm done, I'll blog a more detailed overview on http://www.leadershipbynumbers.com so others can follow along.
Thanks !
7
Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP
« on: September 01, 2008, 04:05:20 pm »
Javi, thanks for helping out !
- My EBOX does not have a wi/fi NIC, it only has three 10/100 NICs (which I will call A, B, C).
- I'd like NIC A to be connected to a static IP on my DSL router.
- I'd like NIC B to route to a subnet (192.168.2.x), which has my external e-mail server and http server.
- I'd like NIC C to route to a subnet (192.168.1.x) to my internal LAN, which includes a wi/fi router.
With that set-up, here's what I'd hope the end functionality would include:
- SPAM and AV filter for inbound SMTP.
- Redirect the processed SMTP to the external e-mail server (192.168.2.2)
- Redirect the HTTP to the external web server (also on 192.168.2.2)
- Provide DHCP for the clients that connect on the 192.168.1.x segment
- OpenVPN, so that I can remotely connect to the 192.168.1.x segment
- My EBOX does not have a wi/fi NIC, it only has three 10/100 NICs (which I will call A, B, C).
- I'd like NIC A to be connected to a static IP on my DSL router.
- I'd like NIC B to route to a subnet (192.168.2.x), which has my external e-mail server and http server.
- I'd like NIC C to route to a subnet (192.168.1.x) to my internal LAN, which includes a wi/fi router.
With that set-up, here's what I'd hope the end functionality would include:
- SPAM and AV filter for inbound SMTP.
- Redirect the processed SMTP to the external e-mail server (192.168.2.2)
- Redirect the HTTP to the external web server (also on 192.168.2.2)
- Provide DHCP for the clients that connect on the 192.168.1.x segment
- OpenVPN, so that I can remotely connect to the 192.168.1.x segment
8
Installation and Upgrades / [SOLVED]Multiple NICS and rerouting inbound HTTP
« on: August 28, 2008, 02:32:26 am »
Ebox looks fantastic, but the level of abstraction is making it hard for me to use (oddly enough). I'm replacing a venerable IPCop with EBox, and after reading the documentation, successfully installing Ebox, reading multiple Ebox how-tos, and skimming through this forum - - it's still a little confusing.
My layout:
3 NICS
- one connects directly to the Internet on a static IP through my DSL router
- a second NIC connects to the internal LAN (with wifi)
- a third NIC connects to the HTTP and SMTP server.
So, do I need to do the following?
(1) Create a service
(2) Create a rule to route the Internet NIC traffic (defined by the service) to the third NIC ?
My layout:
3 NICS
- one connects directly to the Internet on a static IP through my DSL router
- a second NIC connects to the internal LAN (with wifi)
- a third NIC connects to the HTTP and SMTP server.
So, do I need to do the following?
(1) Create a service
(2) Create a rule to route the Internet NIC traffic (defined by the service) to the third NIC ?
9
Installation and Upgrades / Is it possible to redirect inbound HTTP headers to different back-end IPs?
« on: April 07, 2008, 04:10:45 am »
I'd like to host more than one HTTP service/server through a single IP.
While I can support multiple virtual hosts on the same server (allowing multiple DNS to be serviced on one IP). I'd like to be able to do something like a port redirect, only with the HTTP Header (or the called DNS).
Can e-box do this?
While I can support multiple virtual hosts on the same server (allowing multiple DNS to be serviced on one IP). I'd like to be able to do something like a port redirect, only with the HTTP Header (or the called DNS).
Can e-box do this?
Pages: [1]