Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
61
Installation and Upgrades / Good configuration HOWTO, not eBox
« on: June 09, 2009, 04:47:34 am »
Guys, This was a very interesting HOWTO, not about eBox but replicates a lot of the functionality. Good explanations and discussion about the configuration of these tools. May be of help when digging deep.
http://ubuntuforums.org/showthread.php?t=640760&highlight=eBox
-jeff
http://ubuntuforums.org/showthread.php?t=640760&highlight=eBox
-jeff
62
Installation and Upgrades / Re: LVM Idea
« on: June 04, 2009, 04:41:49 am »
Sam,
I like the vertical approach better. but both are really good at laying it all out.
-jeff
I like the vertical approach better. but both are really good at laying it all out.
-jeff
63
Installation and Upgrades / Re: anti-spam tweaks
« on: June 04, 2009, 04:17:48 am »
cheesyking, Outstanding suggestion!
-jeff
-jeff
64
Installation and Upgrades / Re: ICRA chat PICS labeling level exceeded on the above site
« on: June 02, 2009, 05:47:47 pm »
All,
Just to follow up on what Javier posted below, if you do modify the "PICS" please let us know how and why so that we can all learn.
-jeff
Just to follow up on what Javier posted below, if you do modify the "PICS" please let us know how and why so that we can all learn.
-jeff
65
Installation and Upgrades / Re: LVM Idea
« on: June 02, 2009, 05:45:27 pm »
Sam,
I would think that both models should stay, they complement each other. That way a "Lateral" thinker can see a "Lateral" layout and a "Vertical" thinker can see the "Vertical" layout.
-jeff
I would think that both models should stay, they complement each other. That way a "Lateral" thinker can see a "Lateral" layout and a "Vertical" thinker can see the "Vertical" layout.
-jeff
66
Installation and Upgrades / Re: EBOX with 3 Interfaces - LAN, WAN and DMZ
« on: June 02, 2009, 05:40:06 pm »
clicerioneto,
Configuration 2 would provide protection for the servers in DMZ 2 from the workstations. This is not commonly a concern. which is why most enterprises use Configuration 1.
As to the abilities of the eBox Firewall (iptables) to really provide this level of protection effectively, you'll need to do some research. Do a Google on iptables and see what resources there are out there. I know once before when I was looking I was impressed with the amount of stuff out there. I did not dig deep at that time, I was only looking for some pretty easy stuff.
If you do dig deep and learn a lot please be sure to pass the results and pointers back to us. I for one will need to start learning a lot more about iptables, but that is still quite a ways off, other things are higher on my list right now...
-jeff
Configuration 2 would provide protection for the servers in DMZ 2 from the workstations. This is not commonly a concern. which is why most enterprises use Configuration 1.
As to the abilities of the eBox Firewall (iptables) to really provide this level of protection effectively, you'll need to do some research. Do a Google on iptables and see what resources there are out there. I know once before when I was looking I was impressed with the amount of stuff out there. I did not dig deep at that time, I was only looking for some pretty easy stuff.
If you do dig deep and learn a lot please be sure to pass the results and pointers back to us. I for one will need to start learning a lot more about iptables, but that is still quite a ways off, other things are higher on my list right now...
-jeff
67
Installation and Upgrades / Re: router wifi - wifi ebox to wired computer
« on: June 02, 2009, 12:29:51 am »
mbradley,
I can understand the desire not to string that cable. I'd not want to either.
One thing to consider when you do the wireless is that if the exterior walls of the two building are causing signal issues, one way to help that cheap is to buy one directional antenna for each box and point them at each other, through the walls. Or put them both in the attic where the walls aren't. I've seen lots of people do that. Also with the DD-WRT third party firmware you will be able to turn up the transmit power on the boxes. Just be very careful with that and monitor the heat load on the box for a good 6 hours. I know that one of the guys on ebay sells the boxes with extra large heat sinks installed to address this very issue.
-jeff
I can understand the desire not to string that cable. I'd not want to either.
One thing to consider when you do the wireless is that if the exterior walls of the two building are causing signal issues, one way to help that cheap is to buy one directional antenna for each box and point them at each other, through the walls. Or put them both in the attic where the walls aren't. I've seen lots of people do that. Also with the DD-WRT third party firmware you will be able to turn up the transmit power on the boxes. Just be very careful with that and monitor the heat load on the box for a good 6 hours. I know that one of the guys on ebay sells the boxes with extra large heat sinks installed to address this very issue.
-jeff
68
Installation and Upgrades / Re: ebox setup: Availability
« on: June 02, 2009, 12:21:18 am »
SixStone,
Cool, as long as were good. I never want to offend anyone.
-jeff
Cool, as long as were good. I never want to offend anyone.
-jeff
69
Installation and Upgrades / Re: LVM Idea
« on: June 02, 2009, 12:19:52 am »
Sam,
They LOOK WONDERFUL. really helps to understand how the different levels, disks, partitions, volumes and whats mounted. Thanks.
-jeff
They LOOK WONDERFUL. really helps to understand how the different levels, disks, partitions, volumes and whats mounted. Thanks.
-jeff
70
Installation and Upgrades / Re: VPN Settings Question
« on: June 02, 2009, 12:05:09 am »
Dazzaling69,
I'll be watching this to see what answer you get. The only thing that I can add to this is that your NAT'ed Firewall will have to allow those packets to get to and from the eBox.
-jeff
I'll be watching this to see what answer you get. The only thing that I can add to this is that your NAT'ed Firewall will have to allow those packets to get to and from the eBox.
-jeff
71
Installation and Upgrades / Re: router wifi - wifi ebox to wired computer
« on: May 31, 2009, 10:31:30 pm »
Sam, Thanks, I should have mentioned that. The 100 meter limit is from electronic device to electronic device, so that ALL cable lengths need to be accounted for.
-jeff
-jeff
72
Installation and Upgrades / Re: router wifi - wifi ebox to wired computer
« on: May 31, 2009, 08:24:34 pm »
mbradley,
One other thing, the limit for cable runs is not 100 feet but 100 meters, almost 3 times the length. You may want to consider that as well.
-jeff
One other thing, the limit for cable runs is not 100 feet but 100 meters, almost 3 times the length. You may want to consider that as well.
-jeff
73
Installation and Upgrades / Re: router wifi - wifi ebox to wired computer
« on: May 31, 2009, 08:22:48 pm »
mbradley,
I know that currently eBox does not support WIFI. There is a good chance that it will in a couple of versions.
What you are talking about is setting up a wireless bridge between your home network and the garage network. The simplest and cleanest way to do that is to use a pair of wireless routers that can be configured in Bridged mode and then you are golden no matter what happens with eBox or any other solution you bring into your environment.
I have been up on ebay looking at Linksys wireless routers that can do this and there are lots of them up there fairly cheap. I personally like the Linksys WRT54G-TM models with DD-WRT firmware preloaded, but most any of the Linksys WRT54G models will work and almost all of them can be loaded with the DD-WRT firmware. I currently have two Linksys wireless systems in the house, and I am bidding on a couple more to expand the coverage at my house. I've loaded the firmware and it is not really difficult to do, and they have a pretty good set of instructions (a HOWTO) up on the site. They also have some good instructions on setting up a Bridged link like you are wanting. If you are using wireless for any other reason then the wireless routers will need to be set up in both AP and Bridged mode, that is also very easy to do. If you need any help just send me a private email on this system and I'll get back to you. I typically get on the site every couple of days.
Any way I hope that this helps a little.
-jeff
I know that currently eBox does not support WIFI. There is a good chance that it will in a couple of versions.
What you are talking about is setting up a wireless bridge between your home network and the garage network. The simplest and cleanest way to do that is to use a pair of wireless routers that can be configured in Bridged mode and then you are golden no matter what happens with eBox or any other solution you bring into your environment.
I have been up on ebay looking at Linksys wireless routers that can do this and there are lots of them up there fairly cheap. I personally like the Linksys WRT54G-TM models with DD-WRT firmware preloaded, but most any of the Linksys WRT54G models will work and almost all of them can be loaded with the DD-WRT firmware. I currently have two Linksys wireless systems in the house, and I am bidding on a couple more to expand the coverage at my house. I've loaded the firmware and it is not really difficult to do, and they have a pretty good set of instructions (a HOWTO) up on the site. They also have some good instructions on setting up a Bridged link like you are wanting. If you are using wireless for any other reason then the wireless routers will need to be set up in both AP and Bridged mode, that is also very easy to do. If you need any help just send me a private email on this system and I'll get back to you. I typically get on the site every couple of days.
Any way I hope that this helps a little.
-jeff
74
Installation and Upgrades / Re: EBOX with 3 Interfaces - LAN, WAN and DMZ
« on: May 31, 2009, 07:20:52 pm »
Clicerioneto,
External is where your INTERNET connection is, period. Both the DMZ and the LAN are internal. With a multiple internal NIC configuration the eBox only routes to the best of my knowledge. there is no FIREWALL between those two networks, no Squid, no Dansguardian, ect. If you want what is called a protected DMZ or a Firewalled DMZ, then you need two eBox systems configured each with and external and internal interface or NIC. the exterior eBox sits between the INTERNET and your systems. This is the network where your DMZ sits. in this network is where the 2nd eBox sits. It's external interface is in the DMZ and its internal interface is where your non-DMZ systems sit. This one protects your non-DMZ systems from everything in the INTERNET and from your DMZ. Your external eBox protects your DMZ from the INTERNET and provides the first level of protection for your non-DMZ systems.
With iptables - the actual "Firewall" you can setup routing rules between internal networks that provide a lot if not all of the same protection as the configuration above, but almost all of the people that I deal with as a computer security professional feel that the "Protected DMZ" architecture is the best approach to take. I am not an iptables guy and don't really understand it but it is fairly good.
-jeff
BTW I plan to run a similar configuration here at my house. If things start to worry me I'll just take the home computers and route them through another eBox to provide them with the extra protection. I'd configure it so that nothing but requested content gets through that firewall. and In the DMZ I'd have to allow some external traffic for specific services.
External is where your INTERNET connection is, period. Both the DMZ and the LAN are internal. With a multiple internal NIC configuration the eBox only routes to the best of my knowledge. there is no FIREWALL between those two networks, no Squid, no Dansguardian, ect. If you want what is called a protected DMZ or a Firewalled DMZ, then you need two eBox systems configured each with and external and internal interface or NIC. the exterior eBox sits between the INTERNET and your systems. This is the network where your DMZ sits. in this network is where the 2nd eBox sits. It's external interface is in the DMZ and its internal interface is where your non-DMZ systems sit. This one protects your non-DMZ systems from everything in the INTERNET and from your DMZ. Your external eBox protects your DMZ from the INTERNET and provides the first level of protection for your non-DMZ systems.
With iptables - the actual "Firewall" you can setup routing rules between internal networks that provide a lot if not all of the same protection as the configuration above, but almost all of the people that I deal with as a computer security professional feel that the "Protected DMZ" architecture is the best approach to take. I am not an iptables guy and don't really understand it but it is fairly good.
-jeff
BTW I plan to run a similar configuration here at my house. If things start to worry me I'll just take the home computers and route them through another eBox to provide them with the extra protection. I'd configure it so that nothing but requested content gets through that firewall. and In the DMZ I'd have to allow some external traffic for specific services.
75
Installation and Upgrades / Re: Ebox as WINS server - newbie question -SOLVED
« on: May 31, 2009, 07:00:24 pm »
Abgar
you too!
-jeff
you too!
-jeff