Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - JPB

Pages: 1 2 [3] 4 5 6
31
If you select the automatic mode, then the "use full disk" recipe of the Ubuntu Installer (not defined by Zentyal at all) is applied. If you don't like it, you just need to use the expert mode and define your custom partition layout...
Exactly My point, Do we Wish to have Zentyal only be installed by Experts .... Or can there be an well thought out - Auto Install eventually that include a Zentyal install for Dummies or Stoopid Ppl - eg automatic mode!

32
For some reason, they say its to be able to recover from desasters, some Linux users partition drives rather stupid. This layout is created by the Distribution CD.

Code: [Select]
Disk /dev/sda: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000c3dfd

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          32      248832   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/sda2              32      121602   976510977    5  Extended
/dev/sda5              32      121602   976510976   8e  Linux LVM
Code: [Select]
root@chaos:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/chaos-root
                      895G  653G  197G  77% /
none                  3.9G  272K  3.9G   1% /dev
none                  3.9G     0  3.9G   0% /dev/shm
none                  3.9G  4.2M  3.9G   1% /var/run
none                  3.9G  4.0K  3.9G   1% /var/lock
none                  3.9G     0  3.9G   0% /lib/init/rw
none                  895G  653G  197G  77% /var/lib/ureadahead/debugfs
/dev/sda1             228M  144M   73M  67% /boot

The problem is a few months down the line the / {root} partition fills up and voila big mess!

To fix the problem takes an anormous amount of time and Knowledge.

PPL keep it simple, Make backup, and Make One Pasrtition so that isf something Fill up its NOT the tmp directory or the root one!
If the Whole disk fills up then ok, the chances for this is somewhat smaller than the cylinders allocated by the Distribution.!!!

It happened 3x in RL running environments it will happen again.  PPL think about this find a nother solution if you absolutely HAVE to partition is pieces!

33
Installation and Upgrades / Sending all VoIP Out via different Gateway
« on: September 20, 2011, 07:21:12 am »
I need to split all VoiP traffic to a Seperate provider but I dont know how to accomplish this.
I have one Internal Network on eth0 where the VoIP come from
I have my STD ISP on eth1
I have my VoIP ISP on eth2

I added some trafic shaping rules for all VoIP services on both External interfaces, but my trunk from my dedicated VoIP server go through my default Gateway. Because of the Shaping its not to shabby but in high traffic it fails as the line is not shaped for voice on the provider side.  The eth2 provider does shape it also.

I made a Service called VoIP with these ports in

Protocol    Source port    Destination port
UDP    4569    4569    
UDP    2727    2727    
UDP    10000:20000    10000:20000    
UDP    5060    5060    
UDP    5036    5036    

And tried to use Loadbalance to redirect.

Is there any help on this?  ???

34
Installation and Upgrades / Re: Yet Another port forward Issue
« on: August 22, 2011, 02:44:29 pm »
3 Method's exist to ports forward, these are

PREROUTING/OUTPUT

Code: [Select]
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumber
iptables -t nat -I OUTPUT --src 0/0 --dst 192.168.1.5 -p tcp --dport 80 -j REDIRECT --to-ports 8123
PREROUTING/ FORWARD
Code: [Select]
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.2:8080
# iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 8080 -j ACCEPT

PREROUTING/ INPUT
Code: [Select]
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.50:80
iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth1 -j ACCEPT

Zentyal does this correct however I have no results, maybe i'm blocked by another app like IDS?

Code: [Select]
-A PREROUTING -d 196.209.241.111/32 -i ppp0 -p tcp -m tcp --dport 8443 -j DNAT --to-destination 192.168.10.251:443
-A FORWARD -j fredirects
-A fredirects -d 192.168.10.251/32 -i ppp0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

HOW do we get this sample below to work!!?? ???

35
Installation and Upgrades / Re: VirtualBox Coexist
« on: August 05, 2011, 01:38:29 pm »
root@cheetah:~# netstat -putan |grep 3389
tcp        0      0 0.0.0.0:3389            0.0.0.0:*               LISTEN      8011/VBoxHeadless

Chain fglobal (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:3389 dpt:3389

Chain iglobal (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:3389 dpt:3389 state NEW

Chain oglobal (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:3389 dpt:3389 state NEW


I duno if this is the Info you want else i can Post it all !

36
Installation and Upgrades / VirtualBox Coexist
« on: July 26, 2011, 11:14:08 pm »
I have an Zentyal Server and also Installed Virtualbox on the Zentyal-Ubuntu
I also have successfully Installed VPN

Code: [Select]
nmap -T4 -A -v localhost result show the RDP client running3389/tcp  open  microsoft-rdp VirtualBox VM Remote Desktop Service

If I use SSH to the Zentyal Server and I can tunnel the port 3389 (RDP) and Connect to localhost through the tunnel
I cannot get the RDP via VPN to work, Can someone help!!

I have created the RDP service VirtualBox as TCP 3389, added the RDP Service to the firewall packet filter (alow)source(any) in Internal networks to Zentyal, Internal networks (redundent because Source, Destination, Service Any,Any,any exist) and Traffic coming out from Zentyal (redundent because Destination, Service Any,any exist)

As the VPN is an "Internal" network the first setting should open the port up for it to work, but it does not.
What did I miss?
Thanx

37
Installation and Upgrades / Yet Another port forward Issue
« on: July 02, 2011, 06:31:23 am »
I want to get external port for ssh on 222 to forward to internal on port 22 through my Zentyal

I make the service:
Service name:ssh-222
Protocol: tcp
Source port: Single Port 222
Destination port: 22

I create the Port forward entry:
Interface: eth1   * my external internet port
Original destination: zentyal
Original destination port: Single port 222
Protocol: tcp
Source: any
Destination IP: 192.168.10.252
Port: other 22

I open the Filtering rules from external networks to Zentyal
Decision: ACCEPT   
Source: any
Service: ssh-222

I open the Filtering rules from external networks to internal networks
Decision: ACCEPT
Source: any
Destination: Destination IP 192.168.10.252/32
Service: ssh-222

My result from outside:
I do get loging on port 22
root@poseidon:~# ssh chaos.zone.tld
root@chaos.zone.tld's password:

I get no forward to inside server
root@poseidon:~# ssh chaos.zone.tld -p 222
ssh: connect to host chaos.zone.tld port 222: No route to host

My iptables after:
Code: [Select]
root@chaos:~# iptables-save >ipt
root@chaos:~# cat ipt |grep 22
-A PREROUTING -d 196.215.137.120/32 -i ppp0 -p tcp -m tcp --dport 222 -j DNAT --to-destination 192.168.10.252:22
-A ffwdrules -d 192.168.10.252/32 -p tcp -m tcp --sport 222 --dport 22 -j ACCEPT
-A fredirects -d 192.168.10.252/32 -i ppp0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A iexternal -p tcp -m tcp --sport 222 --dport 22 -m state --state NEW -j ACCEPT
-A iexternal -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A iglobal -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT

Please help!

38
Installation and Upgrades / snort! or not
« on: February 28, 2011, 03:47:12 pm »
root@chaos:~# tail -vf /var/log/ebox/ebox.log
==> /var/log/ebox/ebox.log <==
2011/02/28 16:34:21 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: logs
2011/02/28 16:35:46 INFO> Service.pm:706 EBox::Module::Service::restartService -
Code: [Select]
Restarting service for module: ids
2011/02/28 16:35:47 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command /etc/init.d/snort status failed.
Error output:
Command output:  * Status of snort daemon(s)
    ...fail!
.
Exit value: 3
^C
root@chaos:~# /etc/init.d/snort status
 * Status of snort daemon(s)
                                   

 ???HMM ... I wonder, looks to me that Zentayl cant restart snort but command line root user can!  I changed the IP number of one eth2 (2nd Internet Gateway) I do loadbalance shaping and failover.  what I Did not do was follow an procedure to undo the first settings and then remake the new.  If it is required for me to first remove all relational settings for an interface/gateway before reconfiguring, then i'd say Zentyal team has much more work cut out for them.  Zentyal can't expect the average user to predict the errors caused by changes of configuration.  Zentyal will need to think undo/redo and changes trough.

39
Hey Francesco,

Thanks a lot for this how to. We will  probably include a small module ebox-pptp to automatize this as it's pretty simple.

Thanks!!!1
Even Microsoft {MurderSoft} drop this PPTP thing in favour for L2TP

I'd like to see L2TP thow as it is really a better solution - Implemented on the Level 2 of the OSI Stack it make more sense.  I have a couple Sony-Ericson X10's and they have native L2TP / PPTP IPSec Support in Android (The Google Mobile Phone Software)

40
Installation and Upgrades / Zentyal & Blackberry
« on: December 15, 2010, 09:02:51 am »
I have had many problems with Blackberry and there days other PDA type phones.  The network provider remove or disable the pop3/imap4/smtp functions from the Blackberry connection by default and then blackmail the user to pay extra to re-gain the functionality.  Although this is unacceptable in general terms as it infringe on the "freedom" that exist on the internet, we need to live with it. (my Apologies, I had to get this off my chest)

The problem is that by default the providers allow connectivity to MS Exchange server in a Domain.

Is it possible for me to configure the Zentyal / postfix / Groupware (Zarafa) to allow direct MS Exchange connectivity from the Blackberry? ???

41
Installation and Upgrades / SMTP-AUTH and TLS
« on: November 10, 2010, 10:18:58 am »
ZenTyal is Almost there, For SMTP-AUTH and TLS to work you need to have some Authentication installed.

Even if you set Mail -> General -> Mail server options:
TLS for SMTP server:    yes
Require authentication:   Yes

If you see the lines

250-STARTTLS

and

250-AUTH LOGIN PLAIN

everything is fine.

The output on my system looks like this:

Code: [Select]
root@cheetah:/var/log# telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 cheetah.ame.local ESMTP Postfix (Ubuntu)
ehlo localhost 25
250-cheetah.ame.local
250-PIPELINING
250-SIZE
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@cheetah:/var/log# telnet localhost 465
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 cheetah.ame.local ESMTP Postfix (Ubuntu)
ehlo localhost
250-cheetah.ame.local
250-PIPELINING
250-SIZE
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
That mean No one will be able to Authenticate for SMTP-AUTH from in or outside.  I need my roaming stations (notebooks/PDA's) to be able to relay mail via this server instead of the default ISP server because they simply mess up the setting if they need to change it every time they go to another country.

Is there Any Intelligence out there about getting this to work?



42
Installation and Upgrades / Re: HOWTO configure HTTP Proxy with Exceptions
« on: September 16, 2010, 10:57:53 pm »
I found a workaround that is working but it has potential miss-behavour

"Synopsis
This option makes Squid to ignore any Expect: 100-continue header present in the request.
Note: Enabling this violates HTTP standard. But some clients may not handle it well.
"

http://www.visolve.com/squid/squid27/delaypools.php instructs me to add the line
ignore_expect_100 on to /etc/squid/squid.conf

In this case you need to add it to the zentyal master template located at /usr/share/ebox/stubs/squid/squid.conf.mas  add the line to the end of the file os ok
then change something in HTTP Proxy inside the Zentyal Dashboard.  This will force and update.

43
I need to by-pass the HTTP Proxy [Transparent] with the following to allow people to play Lotro MMORPG
The data I need to enter in the exception is:
*.lotro.com;*.turbine.com;12.130.63.*;206.17.109.*

HTTP Proxy > Filter Profiles > select edit default configuration > Domains filtering > Add new lotro.com and another one turbine.com

But How do I add the IP Literal's [12.130.63.*;206.17.109.*]?

44
Installation and Upgrades / Re: Postgress Password
« on: September 10, 2010, 01:36:38 pm »
No need afterall :)

45
Installation and Upgrades / Re: Zentyal have Vary Bad Public support!
« on: September 10, 2010, 11:10:03 am »
Quote
The issue in this posting is that Zentyal need to respond when its obvious that community can't like this issue with the passwords.

The actual issues are:

 
  • eBox doesn't connect to postgres using a user/password. The auth is based on the user connecting through a Unix socket. Or at least, that's how it worked in 1.4
  • The configuration is not stored in postgres. It is stored in redis. So a postgres password would be usless :)

I think it's safe to say that Zentyal Stepped up to the plate and so far this morning I have had several issues addressed by Zentyal personel - Good job please keep an eye out for them issues !
javi and J. A. Calvo responded, Thank you very Much  ;D

Pages: 1 2 [3] 4 5 6