Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: 1 [2]
16
Installation and Upgrades / Re: Before update with 3.2 version on 3.3 zentyal, zarafa not working
« on: December 19, 2013, 04:17:51 am »
I have the same problem. I upgraded from 3.2 to 3.3 and getting the exact same error. I tried disabling the mapi extension in /etc/php5/apache2/conf.d/zarafa.ini but still gives the error. I want to change over my mail server to my zentyal server, but cannot get past this. Been googling for hours! Similar errors on the net advise that it a compilation fault in mapi.so. How do we fix ?
17
Installation and Upgrades / Re: Open Firewall
« on: June 29, 2013, 09:48:31 pm »
Hi Christian. The firewall was blocking traffic that I needed to get through. Doesn't matter what I tried it did not let it through. Through the thread I mention that I added a rule in all sections at the top that ALLOW ALL, didn't actually allow all. Still blocked traffic.
So I reversed the process, to ALLOW by default, DROP what I didn't want.
Now everything works as it should. As jbahillo mentioned, I will lose this config when upgrading etc, so in the future I will add another nic and go with default zentyal config.
I am looking at syslog right now, and it's dropping packets that it should.
No one worked for the last 3 days, just youtubing and fb'ing ... NO MORE!!!!!
Anyways, thanks for your assistance christian and jbahillo. I will mark this thread solved.
So I reversed the process, to ALLOW by default, DROP what I didn't want.
Now everything works as it should. As jbahillo mentioned, I will lose this config when upgrading etc, so in the future I will add another nic and go with default zentyal config.
I am looking at syslog right now, and it's dropping packets that it should.
No one worked for the last 3 days, just youtubing and fb'ing ... NO MORE!!!!!
Anyways, thanks for your assistance christian and jbahillo. I will mark this thread solved.
18
Installation and Upgrades / Re: Open Firewall
« on: June 29, 2013, 06:18:18 pm »
Sorry for late reply all.
@jbahillo - tried, and unable to find which rule was blocking.
So I found the file that needs to be edited to change default rules, which is Iptables.pm. Did a quick lesson on Perl programming just to understand it a little more (Have prev programming experience). Removed the drop all rules and changed default policy to accept. Restarted firewall, now my firewall is open.. SUCCESS! Try RDP, works!
Add rules to allow services/ip's I need per previous installation, then add a LAST/FINAL rule to DENY ALL. SUCCESS blocks everything from coming in and going out that I don't allow.
Working well. Got my friend to try a few things remotely. So far so good. Unable to access.
I will be adding another NIC later on and changing back to orig Iptables.pm. Just needed it to work now. But in essence I am doing the same thing, just in reverse. Allowing what I want then Denying all, rather than Denying all and allowing what I want. I know what you are all saying, but it is working well at the moment and will try recommended config at a later time.
Also, on single nic config, my router only forwards ports that we are using, ie port 80, 22 etc to zentyal box. Everything else won't get through.
@jbahillo - tried, and unable to find which rule was blocking.
So I found the file that needs to be edited to change default rules, which is Iptables.pm. Did a quick lesson on Perl programming just to understand it a little more (Have prev programming experience). Removed the drop all rules and changed default policy to accept. Restarted firewall, now my firewall is open.. SUCCESS! Try RDP, works!
Add rules to allow services/ip's I need per previous installation, then add a LAST/FINAL rule to DENY ALL. SUCCESS blocks everything from coming in and going out that I don't allow.
Working well. Got my friend to try a few things remotely. So far so good. Unable to access.
I will be adding another NIC later on and changing back to orig Iptables.pm. Just needed it to work now. But in essence I am doing the same thing, just in reverse. Allowing what I want then Denying all, rather than Denying all and allowing what I want. I know what you are all saying, but it is working well at the moment and will try recommended config at a later time.
Also, on single nic config, my router only forwards ports that we are using, ie port 80, 22 etc to zentyal box. Everything else won't get through.
19
Installation and Upgrades / Re: Open Firewall
« on: June 28, 2013, 07:10:21 pm »
jbahillo, yes I could do that, but the question is why when I allow all in all sections, shouldn't that open the firewall. In essence I'm allowing everything regardless if the default policy is to drop. It still blocks, when I'm telling it to allow all. Also -P doesn't work on it's own, I've got to -F and -X, to completely remove all rules for it to work. If I only use -P accept, it still blocks. Now if I use -F and -X in post service then all the rules defined via GUI will be deleted aswell. So i may aswell write my own rules and not use zentyal GUI at all for firewall.
What I am thinking of doing is working in reverse. Have everything allowed by default, then add rules to allow which services and ip's, then add a rule at the end to block everything else. Otherwise, I will be on the phone with staff all the time, as they can't access this or that.
Christian, this is only the beginning. I may move all my services to zentyal, email, PDC, VPN etc. But I need this to work first.
All I need is to open the firewall completely - no blocks, and how to do that. It's that simple. Allowing all in all sections doesn't work. Question is should it work if I allow all in all sections? Does default policy of DROP stop this etc ?
What I am thinking of doing is working in reverse. Have everything allowed by default, then add rules to allow which services and ip's, then add a rule at the end to block everything else. Otherwise, I will be on the phone with staff all the time, as they can't access this or that.
Christian, this is only the beginning. I may move all my services to zentyal, email, PDC, VPN etc. But I need this to work first.
All I need is to open the firewall completely - no blocks, and how to do that. It's that simple. Allowing all in all sections doesn't work. Question is should it work if I allow all in all sections? Does default policy of DROP stop this etc ?
20
Installation and Upgrades / Re: Open Firewall
« on: June 28, 2013, 06:37:26 pm »
Thanks jbahillo, I will give it a go.
But still, why can't I open the firewall completely? I mean, why doesn't allow all in all sections work ?
Also, still trying to find how to make the deafult policy to ACCEPT for input/output/forward when ever the firewall restarts. Any clues on that one ?
But still, why can't I open the firewall completely? I mean, why doesn't allow all in all sections work ?
Also, still trying to find how to make the deafult policy to ACCEPT for input/output/forward when ever the firewall restarts. Any clues on that one ?
21
Installation and Upgrades / Re: Open Firewall
« on: June 28, 2013, 05:55:51 pm »
Np Christian, thanks for your time anyway.
In reality, all i'm really after is how to open the firewall completely. In essence, to work in reverse. Allow everything, then block what I don't want. As it is now, it blocks everything, and to allow what I want. If I tell it to allow all, it is still blocking for some reason.
Maybe someone could direct me on how to change the default policy template of zentyal to allow rather than drop.
In reality, all i'm really after is how to open the firewall completely. In essence, to work in reverse. Allow everything, then block what I don't want. As it is now, it blocks everything, and to allow what I want. If I tell it to allow all, it is still blocking for some reason.
Maybe someone could direct me on how to change the default policy template of zentyal to allow rather than drop.
22
Installation and Upgrades / Re: Open Firewall
« on: June 28, 2013, 08:58:19 am »
Thanks Christian.
My client PC's don't have access to change the gateway on their workstations, so they can't bypass, unless they try to hack. And with my staff, good luck to them
My staff would RDP from their home into the work network, to work from home on their workstations. Worked well, with ver 2.xx and for many years.
My point with SSH was, that even with allow any as the top rule, it would not let me through, I had to add the SSH service to the ruleset aswell. Why wouldn't it let me through if allow any should ALLOW ANY, without adding any extra rules. Regardless of anything else I wish to use it for other than PROXY server to block websites, if I was to allow any in all sections of the firewall, it should not drop packets.
If I clear all rules form IPTABLES and change policy to ACCEPT, it works fine. So how do I get to allow all traffic through Zentyal interface? Still don't understand how ALLOW ANY still blocks packets is my point here.
My client PC's don't have access to change the gateway on their workstations, so they can't bypass, unless they try to hack. And with my staff, good luck to them
My staff would RDP from their home into the work network, to work from home on their workstations. Worked well, with ver 2.xx and for many years.
My point with SSH was, that even with allow any as the top rule, it would not let me through, I had to add the SSH service to the ruleset aswell. Why wouldn't it let me through if allow any should ALLOW ANY, without adding any extra rules. Regardless of anything else I wish to use it for other than PROXY server to block websites, if I was to allow any in all sections of the firewall, it should not drop packets.
If I clear all rules form IPTABLES and change policy to ACCEPT, it works fine. So how do I get to allow all traffic through Zentyal interface? Still don't understand how ALLOW ANY still blocks packets is my point here.
23
Installation and Upgrades / Re: Open Firewall
« on: June 28, 2013, 08:16:12 am »
It's how I had me previous set up with ver 2.xx.
Zentyal acts as the gateway for all my clients.
I set up Network/interfaces eth0, static, External(WAN) ticked (if I don't tick https doesn't work), static ip address (192.168.0.102) and netmask (255.255.255.0)
Network/Gateways points to my router 192.168.0.1
Network/DNS points to my router. (192.168.0.1)
HTTP Proxy/General Settings, just ticked Transparent proxy.
Set up all Client pc's to Static Ip address, 192.168.0.xx, mask 255.255.255.0, gateway 192.168.0.102 (zentyal), and dns server 192.168.0.102 (zentyal)
My aim is to restrict access to certain sites, with the proxy server,
And it works.
All computers within the network connect and access the internet without any browser config etc.
My aim (as with ebox 2.xx) is to restrict users to certain websites etc. Ebox worked very well and have had it running for a few years now. Once configured, never really touched it unless looking at logs etc.
The packets that are being dropped are when clients try to RDP into their workstation. It won't let them through.
But my main point is, zentyal how do I make zentyal allow all traffic/services, both in and out.
I see the packets drop as I try to connect.
Jun 28 15:57:51 primary kernel: [11187.111546] ebox-firewall drop IN=eth0 OUT=eth0 MAC=08:00:27:26:c8:57:00:14:fd:10:49:b6:08:00 SRC=192.168.0.105 DST=110.174.52.193 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=8080 DPT=2354 WINDOW=5840 RES=0x00 ACK SYN URGP=0 MARK=0x1
Even though I have ANY/ANY ALLOW in every section.
I couldn't ssh into my box without adding ALLOW source/any service/SSH into External networks to Zentyal, even with ALLOW any at the top of the ruleset.
My question is, how come if I ALLOW any service, source and destination, in all sections of configure rules for packet filter and they are the top of the list, why does then it still block traffic, even if I delete all other rules and just leave allow any.
I will be migrating to the zentyal email server aswell, and maybe use it as a PDC.
Zentyal acts as the gateway for all my clients.
I set up Network/interfaces eth0, static, External(WAN) ticked (if I don't tick https doesn't work), static ip address (192.168.0.102) and netmask (255.255.255.0)
Network/Gateways points to my router 192.168.0.1
Network/DNS points to my router. (192.168.0.1)
HTTP Proxy/General Settings, just ticked Transparent proxy.
Set up all Client pc's to Static Ip address, 192.168.0.xx, mask 255.255.255.0, gateway 192.168.0.102 (zentyal), and dns server 192.168.0.102 (zentyal)
My aim is to restrict access to certain sites, with the proxy server,
And it works.
All computers within the network connect and access the internet without any browser config etc.
My aim (as with ebox 2.xx) is to restrict users to certain websites etc. Ebox worked very well and have had it running for a few years now. Once configured, never really touched it unless looking at logs etc.
The packets that are being dropped are when clients try to RDP into their workstation. It won't let them through.
But my main point is, zentyal how do I make zentyal allow all traffic/services, both in and out.
I see the packets drop as I try to connect.
Jun 28 15:57:51 primary kernel: [11187.111546] ebox-firewall drop IN=eth0 OUT=eth0 MAC=08:00:27:26:c8:57:00:14:fd:10:49:b6:08:00 SRC=192.168.0.105 DST=110.174.52.193 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=8080 DPT=2354 WINDOW=5840 RES=0x00 ACK SYN URGP=0 MARK=0x1
Even though I have ANY/ANY ALLOW in every section.
I couldn't ssh into my box without adding ALLOW source/any service/SSH into External networks to Zentyal, even with ALLOW any at the top of the ruleset.
My question is, how come if I ALLOW any service, source and destination, in all sections of configure rules for packet filter and they are the top of the list, why does then it still block traffic, even if I delete all other rules and just leave allow any.
I will be migrating to the zentyal email server aswell, and maybe use it as a PDC.
24
Installation and Upgrades / [SOLVED] Open Firewall
« on: June 28, 2013, 06:26:21 am »
Hello all.
Was running Ebox 2.xx for ages with no problems. Upgraded server and decided to install latest version. Core 3.0.21.
Running off Virtualbox, win7 host, guest additions installed.
Everything installed fine and seems to be running fine.
Single NIC (eth0) config (ticked as external in interfaces).
Only using it for proxy and firewall services. Proxy works as clients connect and access internet via transparent proxy.
I know that DROP is default policy for firewall.
I add a rule in all sections to ALLOW any section, any source and any destination.
I check log and still get DROPped packets.
I have removed all rules, and added ALLOW rules in each section, and still get DROPPED packets.
If I change IPTABLES policy from terminal to ACCEPT in INPUT,OUTPUT,FORWARD, and -F flush and -X, leaving me with no rules, it works. But of course as soon as firewall is restarted, the rules return.
Question is, how do I make the firewall accept everything and deny nothing? and why doesnt adding ALLOW ALL to all sections doesn't work ?
Was running Ebox 2.xx for ages with no problems. Upgraded server and decided to install latest version. Core 3.0.21.
Running off Virtualbox, win7 host, guest additions installed.
Everything installed fine and seems to be running fine.
Single NIC (eth0) config (ticked as external in interfaces).
Only using it for proxy and firewall services. Proxy works as clients connect and access internet via transparent proxy.
I know that DROP is default policy for firewall.
I add a rule in all sections to ALLOW any section, any source and any destination.
I check log and still get DROPped packets.
I have removed all rules, and added ALLOW rules in each section, and still get DROPPED packets.
If I change IPTABLES policy from terminal to ACCEPT in INPUT,OUTPUT,FORWARD, and -F flush and -X, leaving me with no rules, it works. But of course as soon as firewall is restarted, the rules return.
Question is, how do I make the firewall accept everything and deny nothing? and why doesnt adding ALLOW ALL to all sections doesn't work ?
Pages: 1 [2]