Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / Zentyal Firewall routing question
« on: June 25, 2012, 03:59:13 am »
I posted this question a few days ago but it does not show up here.
Question. I want to SSH to a machine on dhcp on the internet side of my Zentyal firewall from inside the firewall.
Somehow I am blocked to do this as Zentyal seemingly block the route for ssh to a 192.168.1.0 ip outside the firewall.
The internal ip address I ssh from is on 192.168.0.0
What is the Route I mausrt add in Zentyal firewall to do this, and where must I enter it ?
I already checked that I can ssh between machines on DHCP with the router so the problem does not lie there.
Question. I want to SSH to a machine on dhcp on the internet side of my Zentyal firewall from inside the firewall.
Somehow I am blocked to do this as Zentyal seemingly block the route for ssh to a 192.168.1.0 ip outside the firewall.
The internal ip address I ssh from is on 192.168.0.0
What is the Route I mausrt add in Zentyal firewall to do this, and where must I enter it ?
I already checked that I can ssh between machines on DHCP with the router so the problem does not lie there.
2
Installation and Upgrades / Firewall Routing
« on: June 20, 2012, 08:18:12 pm »
My network behind firewall is 192.168.1.0
The cable router before the firewall is on network 192.168.0.0 with laptops connecting wirelessly through router to internet.
I want to be able to SSH from my internal network (machine on network 192,168,1,0) to a machine on the router on other side of the firewall connected to the router on network 192.168.0.0.
What rule must I add toe the firewall to effect this?
It used to be easy with usual ipchains way back.
Anyone have an idea what rule needs tpo be added on Zentyal firewall ?
The cable router before the firewall is on network 192.168.0.0 with laptops connecting wirelessly through router to internet.
I want to be able to SSH from my internal network (machine on network 192,168,1,0) to a machine on the router on other side of the firewall connected to the router on network 192.168.0.0.
What rule must I add toe the firewall to effect this?
It used to be easy with usual ipchains way back.
Anyone have an idea what rule needs tpo be added on Zentyal firewall ?
3
Installation and Upgrades / Zentyal firewall question Port 25
« on: February 09, 2012, 05:56:01 pm »
Comcast silently blocked port 25 and caused an enormous amount of damage to my business as we had no clue why our mailservers stopped working.
They should be sued and really inform customers if they silently block ports.
anyway.
Could anyone tell me how to configure the zentyal firewall to redirect all smtp connections destined for port 25 to e.g. port 587.
Meaning: redirect all outgoing mail configured by postfix or sendmail to be connecting to remote mailserver:25 to mailserver:587
I know it is easy and the firewall config is really veryu nicely done, but I still find the redirects confusing.
Thanks
They should be sued and really inform customers if they silently block ports.
anyway.
Could anyone tell me how to configure the zentyal firewall to redirect all smtp connections destined for port 25 to e.g. port 587.
Meaning: redirect all outgoing mail configured by postfix or sendmail to be connecting to remote mailserver:25 to mailserver:587
I know it is easy and the firewall config is really veryu nicely done, but I still find the redirects confusing.
Thanks
4
Installation and Upgrades / Re: accidentally deleted the ebox admin entry
« on: November 10, 2011, 05:41:36 am »
Thanks a lot, that solved it.
5
Installation and Upgrades / Re: accidentally deleted the ebox admin entry
« on: November 09, 2011, 01:41:50 pm »
That is not the problem.
I can access the ebox control panel on the local machine zentyal resides on.
what I cannot do is to access it from another machine on the network anymore.
This is due to the fact that I removed the ebox admin ipchains rule in the firewall setup.
All I need is the details of the ebox admin entry in the firewall filters section.
It is easy to find. If you go through all the filtering sections one will have ebox admin as an entry.
Click on the edit button and all the details will be there.
Like, source destination ebox admin as service and so forth .
Also in which filter section it was found.
It is easy it is in everybody's firewall setup if you use zentyal.
I can reinstall zentyal from scratch and then it will be there, but I try to avoid it.
I can access the ebox control panel on the local machine zentyal resides on.
what I cannot do is to access it from another machine on the network anymore.
This is due to the fact that I removed the ebox admin ipchains rule in the firewall setup.
All I need is the details of the ebox admin entry in the firewall filters section.
It is easy to find. If you go through all the filtering sections one will have ebox admin as an entry.
Click on the edit button and all the details will be there.
Like, source destination ebox admin as service and so forth .
Also in which filter section it was found.
It is easy it is in everybody's firewall setup if you use zentyal.
I can reinstall zentyal from scratch and then it will be there, but I try to avoid it.
6
Installation and Upgrades / accidentally deleted the ebox admin entry
« on: November 09, 2011, 06:35:20 am »
I accidentally deleted the ebox admin entry in the filters setup.
I think it was in the internal to zentyal filters.
So since I removed that I cannot remotely log in by https to the administaration.
Anyone know what the filter entry is to get the acces back ?
Thanks
I think it was in the internal to zentyal filters.
So since I removed that I cannot remotely log in by https to the administaration.
Anyone know what the filter entry is to get the acces back ?
Thanks
7
Installation and Upgrades / Re: Help with making webserver on a third interace (DMZ) visible to internet.
« on: November 04, 2011, 07:03:33 pm »
I decided to drop Bluequartz/Strongbolt as there is no service or support from either, even though I bought and paid for service.
As I can use a standard linux server with domainname as ip address on the DMZ and do not need reverse proxy in that case it is the way to go.
I will keep zentyal as firewall.
I agree that the inability of Strongbolt/bluequartz to use ip as domainname will require reverse proxy, but only in that case, as I proved for myself that a webserver works perfectly on DMZ without proxy if the domainname is the ip address and could browse it.
Thanks for all the help it is appreciated.
I will delete the network details post thanks.
As I can use a standard linux server with domainname as ip address on the DMZ and do not need reverse proxy in that case it is the way to go.
I will keep zentyal as firewall.
I agree that the inability of Strongbolt/bluequartz to use ip as domainname will require reverse proxy, but only in that case, as I proved for myself that a webserver works perfectly on DMZ without proxy if the domainname is the ip address and could browse it.
Thanks for all the help it is appreciated.
I will delete the network details post thanks.
8
Installation and Upgrades / Re: Help with making webserver on a third interace (DMZ) visible to internet.
« on: November 04, 2011, 01:09:08 am »
To add further:
If you dont use basic mode, then and only then Squid will install.
Clearly a bug, but not serious at all as it is onl;y interface related.
Another question.
Since I have squid installed, where is the reverse proxy? I cannot find it in the squid setup as suggested.
If you dont use basic mode, then and only then Squid will install.
Clearly a bug, but not serious at all as it is onl;y interface related.
Another question.
Since I have squid installed, where is the reverse proxy? I cannot find it in the squid setup as suggested.
9
Installation and Upgrades / Re: Help with making webserver on a third interace (DMZ) visible to internet.
« on: November 02, 2011, 04:13:30 am »
BTW, there seems to be a bug in the Zentyal interface,
If I go to Zentyal Software Management, then Components and select View-Basic-Mode, and then highligh Proxy for installation, it clearly installs Users and Groups rather tan proxy !!
That is why I couldnt activate proxy in the checkbox to start it as I reported earlier.
I repeated it twice here and it still does it.
See for yourself.
If I go to Zentyal Software Management, then Components and select View-Basic-Mode, and then highligh Proxy for installation, it clearly installs Users and Groups rather tan proxy !!
That is why I couldnt activate proxy in the checkbox to start it as I reported earlier.
I repeated it twice here and it still does it.
See for yourself.
10
Installation and Upgrades / Re: Help with making webserver on a third interace (DMZ) visible to internet.
« on: November 01, 2011, 06:33:02 pm »
The ip addresses are bogus but originals were batch replaced so there will nt be any errors.
removed as it is not needed anymore.
removed as it is not needed anymore.
11
Installation and Upgrades / Re: Help with making webserver on a third interace (DMZ) visible to internet.
« on: November 01, 2011, 04:26:45 pm »
Ok I will write it up and post it.
But, it is clear to me that there is one of two problems.
1) a DNS issue on Strongbolt/bluquartz, although I doubt it as zentyal dont masquerade the webserver on DMZ bot does on LAN, clearly the same DNS error cannot give those two different results.
2) The default Iptables on zentyal is different for two internal nics creating the discrepancy.
Iptables is a pain and errors are easy to make, i wont be surprised if that is the case and it sure looks like, but it will be nice if it is just a simple DNS error.
But, it is clear to me that there is one of two problems.
1) a DNS issue on Strongbolt/bluquartz, although I doubt it as zentyal dont masquerade the webserver on DMZ bot does on LAN, clearly the same DNS error cannot give those two different results.
2) The default Iptables on zentyal is different for two internal nics creating the discrepancy.
Iptables is a pain and errors are easy to make, i wont be surprised if that is the case and it sure looks like, but it will be nice if it is just a simple DNS error.
12
Installation and Upgrades / Re: Help with making webserver on a third interace (DMZ) visible to internet.
« on: November 01, 2011, 01:04:42 pm »
What I dont understand is why the webserver works on Lan but not DMZ.
On lan it loads pages, does not need proxy or reverse proxy and masquerades the ip all perfect.
There seems to be something different with zentyal as soon as you add a third interface.
All internal interfaces should be handled the same until you make changes to differentiate them.
Clearly the example of sucessfully deploying a webserver on lan but fails on dmz proves that neither is squid or anything extra needed, but that there is a problem with the third interface in the default rules in zentyal.
On lan it loads pages, does not need proxy or reverse proxy and masquerades the ip all perfect.
There seems to be something different with zentyal as soon as you add a third interface.
All internal interfaces should be handled the same until you make changes to differentiate them.
Clearly the example of sucessfully deploying a webserver on lan but fails on dmz proves that neither is squid or anything extra needed, but that there is a problem with the third interface in the default rules in zentyal.
13
Installation and Upgrades / Re: Help with making webserver on a third interace (DMZ) visible to internet.
« on: November 01, 2011, 03:05:13 am »
I took Christian's advice and configured a webserver on my lan (2nd nic).
I changed the port forward to forward :80 to that server.
It worked perfectly this time and I could load the webpage from the internet AND it was masqueraded !
I then want to see what the effect of squid is, and I completely uninstalled squid. For good measure I rebooted Zentyal.
It came back up and still forwarded the lan website masqueraded !
So squid is not needed (it seems pending the following caveat which might need it)
1) Opening a browser from within zentyal which is the firewall, I can browse both website by entering their ip address in the url.
Now I am bamboozled.
If I can browse both from within zetyal then why does the port forward work for only lan but not DMZ!!?
Both Lan and DMZ has completely the same rules! (DMZ is only DMZ if port forward is used) and both can be browsed on zentyal, but a port forward works for one but not the other.
Any ideas?
I changed the port forward to forward :80 to that server.
It worked perfectly this time and I could load the webpage from the internet AND it was masqueraded !
I then want to see what the effect of squid is, and I completely uninstalled squid. For good measure I rebooted Zentyal.
It came back up and still forwarded the lan website masqueraded !
So squid is not needed (it seems pending the following caveat which might need it)
1) Opening a browser from within zentyal which is the firewall, I can browse both website by entering their ip address in the url.
Now I am bamboozled.
If I can browse both from within zetyal then why does the port forward work for only lan but not DMZ!!?
Both Lan and DMZ has completely the same rules! (DMZ is only DMZ if port forward is used) and both can be browsed on zentyal, but a port forward works for one but not the other.
Any ideas?
14
Installation and Upgrades / Re: Help with making webserver on a third interace (DMZ) visible to internet.
« on: November 01, 2011, 01:20:06 am »
Christian,
the page that is not loading is just the bluequartz default placeholder page, vanilla html, it cant get simpler.
All you mention has been achieved. All I need is for the page to load. That's all and it would be great if I can find the reason why it does this and if I dont have to use a proxy.
You can see the blank yourself
at 70.90.83.249.
It looks exactly like this one (I searched for someone running bluequartz that did not have their website configured yet.)
It might change soon when they upload their site, but foir now it is the best example. As you can see simple.
"http://www.blue-quartz.co.uk/"
Vshaulk.
I installed the http proxy, configured it, but when I go to modules I cannot tick the box for http proxy... wont allow it.
I can tick and untick all that was already ticked....weird!
Do yo0u know why it does that? as proxy cannot be activated without starting the daemon.
I made sure after I installed proxy, configured it, I saved it, but still the modules section does not allow me to switch it on. Tickbox is disabled. Bandwidth Monitor.
The last three boxes in particular are completely disabled.
Logs
File Sharing
HTTP Proxy
To both of you:
What may happen is that the webserver responds as the url indicates, but in order to load the html page reverselookup of localdomain is done for some reason and therefore redirects loading the page to /null.
It is easy to test if I was allowed to use my ip address as domain in bluequartz, but bluequartz doesnt allow it which I find silly!
So I cant test that. I am not sure if what I say above is correct. If so I would need a proxy or some form of masquerade at least to avoid the client on the web to do a dns lookup and redirect to /null .
If not, then I dont need a proxy and something else is amiss.
the page that is not loading is just the bluequartz default placeholder page, vanilla html, it cant get simpler.
All you mention has been achieved. All I need is for the page to load. That's all and it would be great if I can find the reason why it does this and if I dont have to use a proxy.
You can see the blank yourself
at 70.90.83.249.
It looks exactly like this one (I searched for someone running bluequartz that did not have their website configured yet.)
It might change soon when they upload their site, but foir now it is the best example. As you can see simple.
"http://www.blue-quartz.co.uk/"
Vshaulk.
I installed the http proxy, configured it, but when I go to modules I cannot tick the box for http proxy... wont allow it.
I can tick and untick all that was already ticked....weird!
Do yo0u know why it does that? as proxy cannot be activated without starting the daemon.
I made sure after I installed proxy, configured it, I saved it, but still the modules section does not allow me to switch it on. Tickbox is disabled. Bandwidth Monitor.
The last three boxes in particular are completely disabled.
Logs
File Sharing
HTTP Proxy
To both of you:
What may happen is that the webserver responds as the url indicates, but in order to load the html page reverselookup of localdomain is done for some reason and therefore redirects loading the page to /null.
It is easy to test if I was allowed to use my ip address as domain in bluequartz, but bluequartz doesnt allow it which I find silly!
So I cant test that. I am not sure if what I say above is correct. If so I would need a proxy or some form of masquerade at least to avoid the client on the web to do a dns lookup and redirect to /null .
If not, then I dont need a proxy and something else is amiss.
15
Installation and Upgrades / Re: Help with making webserver on a third interace (DMZ) visible to internet.
« on: October 31, 2011, 08:43:40 pm »
Can you give me a few starting pointers where I can read up to install proxy on zentyal.
I guess I can download squid and read the man pages, but I first need to know if zentyal has a proxy server and if it is documented somewhere or an example how to use it for a dmz or third nic.
I guess I can download squid and read the man pages, but I first need to know if zentyal has a proxy server and if it is documented somewhere or an example how to use it for a dmz or third nic.
Pages: [1] 2