Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / Zentyal rebooting when dhcpd starting up. How do I fix this?
« on: September 05, 2012, 03:22:19 am »
Sorry to be so brief, but I only get about 1 - 2 minutes of internet access before the firewall reboots.
Last dmesg line:
[ 238.817545] type=1505 audit(1346805961.688:24): operation="profile_replace" pid=4116 name="/usr/sbin/dhcpd3"
The server had been running for almost 2 years (not continuously) and had been updated maybe 1 week ago.
Today, it was reported to me that we had lost internet access. It turns out the firewall had crashed and was hanging on reboot.
Suspecting hardware (a FitPC2i - ATOM based), I moved the hard disk to a workstation (Core i5 based) and booted it there. It reported errors in the file system and I had them corrected.
On the workstation, the system booted to the desktop.
Back on the FitPC2i hardware, it's rebooting either just after starting the firewall module, or just as it starts dhcpd.
Unfortunately, the web interface on this thing as always been ridiculously slow and it won't be up long enough for me to use it (it's a headless system) but since I can SSH into it, briefly, I should be able to cut/paste commands to it quickly to get something done. I just don't know what to do, exactly.
Last dmesg line:
[ 238.817545] type=1505 audit(1346805961.688:24): operation="profile_replace" pid=4116 name="/usr/sbin/dhcpd3"
The server had been running for almost 2 years (not continuously) and had been updated maybe 1 week ago.
Today, it was reported to me that we had lost internet access. It turns out the firewall had crashed and was hanging on reboot.
Suspecting hardware (a FitPC2i - ATOM based), I moved the hard disk to a workstation (Core i5 based) and booted it there. It reported errors in the file system and I had them corrected.
On the workstation, the system booted to the desktop.
Back on the FitPC2i hardware, it's rebooting either just after starting the firewall module, or just as it starts dhcpd.
Unfortunately, the web interface on this thing as always been ridiculously slow and it won't be up long enough for me to use it (it's a headless system) but since I can SSH into it, briefly, I should be able to cut/paste commands to it quickly to get something done. I just don't know what to do, exactly.
2
Installation and Upgrades / I need a good torrent server that permits storing files to specific folders
« on: March 06, 2011, 08:03:44 pm »
I moved to a FitPC2i because I wanted to set up a server that had absolute minimum power consumption. I'm down to 7W, which keeps my wife happy and hence keeps me happy.
One of the functions that I frequently use that keeps the computer on all night is a torrent server. I use Ktorrent on my desktop but I want to move this to my server.
When I went to install Ktorrent, I was shocked to see that it needed over 400MB of dependencies.
I was told about rtorrent, which I did install, but it, and most of the other torrent programs I've tried, use a flat file system which gets horrendously messy very quickly.
Can anyone recommend a torrent program that won't hog the Zentyal server's resources but allows torrents to be stored in individual folders? It would be an added bonus if it had a web interface like torrentflux had.
One of the functions that I frequently use that keeps the computer on all night is a torrent server. I use Ktorrent on my desktop but I want to move this to my server.
When I went to install Ktorrent, I was shocked to see that it needed over 400MB of dependencies.
I was told about rtorrent, which I did install, but it, and most of the other torrent programs I've tried, use a flat file system which gets horrendously messy very quickly.
Can anyone recommend a torrent program that won't hog the Zentyal server's resources but allows torrents to be stored in individual folders? It would be an added bonus if it had a web interface like torrentflux had.
3
Installation and Upgrades / How do I get a remote desktop?
« on: March 05, 2011, 03:04:05 pm »
I've used ebox for almost 2 years and have now upgraded the server to a FitPC2i. At the same time, I installed the latest version of Zentyal.
The FitPC runs headless and, indeed, as one of it's features, if it doesn't detect a monitor on startup, it disables it's video chipset to save energy. As an aside, my server currently consumes a whopping 9W.
Here's my problem: I use the web interface for most of the configuration and I use SSH to connect to the server to do console related work that I can't do via the Web, but once in a while I like to use the desktop environment.
If I need to do this on a regular Ubuntu PC, I just use ssh -X pcaddress and then type "nautilus" and voila - I get the desktop of what whatever user I logged in as with SSH.
How do I do this with Zentyal? I've tried to just type "lxde" (or is it lxdm - either way it doesn't work)
I suppose I could (gag) use VNC but given that X and SSH are already there, I'd prefer to just use them.
The FitPC runs headless and, indeed, as one of it's features, if it doesn't detect a monitor on startup, it disables it's video chipset to save energy. As an aside, my server currently consumes a whopping 9W.
Here's my problem: I use the web interface for most of the configuration and I use SSH to connect to the server to do console related work that I can't do via the Web, but once in a while I like to use the desktop environment.
If I need to do this on a regular Ubuntu PC, I just use ssh -X pcaddress and then type "nautilus" and voila - I get the desktop of what whatever user I logged in as with SSH.
How do I do this with Zentyal? I've tried to just type "lxde" (or is it lxdm - either way it doesn't work)
I suppose I could (gag) use VNC but given that X and SSH are already there, I'd prefer to just use them.
4
Installation and Upgrades / Is there an easy way to migrate DNS from ebox to zentyal
« on: February 27, 2011, 04:50:16 am »
I have an ebox PIII server that I'm replacing with a FitPC2i which is now set up and running zentyal.
The ebox has about 70 domains entered in DNS and I'd like to copy them over as painlessly as possible.
I copied over the bind entries in the hopes that zentyal would parse the bind directory and update itself from there, but it doesn't.
Is there a configuration file on the ebox server that contains the list of all the DNS zone files that I can simply copy to the appropriate place in zentyal so that zentyal's gui properly reflects the DNS entries I have?
The ebox has about 70 domains entered in DNS and I'd like to copy them over as painlessly as possible.
I copied over the bind entries in the hopes that zentyal would parse the bind directory and update itself from there, but it doesn't.
Is there a configuration file on the ebox server that contains the list of all the DNS zone files that I can simply copy to the appropriate place in zentyal so that zentyal's gui properly reflects the DNS entries I have?
5
Installation and Upgrades / Problems with squid on eBox 1.4
« on: March 05, 2010, 04:51:52 am »
Squid has worked reliably for the most part although periodically it would crap out and require a reboot. Since upgrading to 1.4, I haven't been able to get it to work at all.
My settings under HTTP Proxy -> General
Transparent proxy - off
Port - 6020
Cache File Size - 100MB
Default Policy - Always allow (It used to be filter, but I changed it to see if it would get it working)
HTTP Proxy -> Objects Policy
Object -> MyLAN
Policy -> Always allow
under Services -> Squid Proxy
Protocol -> TCP
Source -> Any
Destination Port -> 6020
under Firewall -> Packet Filter -> Filtering rules from internal networks to eBox
The first entry is:
Decision -> Accept
Source Object -> MyLAN
Service -> Squid Proxy
Inverse Match -> no
Yet every attempt to connect with the proxy enabled in the browser (on port 6020) yields:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.tcm.com/schedule/month/?
The following error was encountered:
Connection to Failed
The system returned:
(101) Network is unreachable
The remote host or network may be down. Please try the request again.
Your cache administrator is webmaster.
Generated Fri, 05 Mar 2010 03:52:13 GMT by localhost (squid/2.6.STABLE18)
My settings under HTTP Proxy -> General
Transparent proxy - off
Port - 6020
Cache File Size - 100MB
Default Policy - Always allow (It used to be filter, but I changed it to see if it would get it working)
HTTP Proxy -> Objects Policy
Object -> MyLAN
Policy -> Always allow
under Services -> Squid Proxy
Protocol -> TCP
Source -> Any
Destination Port -> 6020
under Firewall -> Packet Filter -> Filtering rules from internal networks to eBox
The first entry is:
Decision -> Accept
Source Object -> MyLAN
Service -> Squid Proxy
Inverse Match -> no
Yet every attempt to connect with the proxy enabled in the browser (on port 6020) yields:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.tcm.com/schedule/month/?
The following error was encountered:
Connection to Failed
The system returned:
(101) Network is unreachable
The remote host or network may be down. Please try the request again.
Your cache administrator is webmaster.
Generated Fri, 05 Mar 2010 03:52:13 GMT by localhost (squid/2.6.STABLE18)
6
Installation and Upgrades / Bind not working properly after updating ebox
« on: March 04, 2010, 02:44:49 am »
I've upgraded ebox to 1.4.1 and now my DNS, which was a happy camper before, is no longer working.
If I query the server for a non-authoritative address (say, google.ca) it gives me the correct answer.
If I query it for an address for which it is supposed to be authoritative, I no longer get the name of the appropriate internal server, but rather:
*** Can't find yeildmanager.com: No answer
(and, yes, it is spelled yeildmanager.com)
Previously, I was using DNS to not only identify internal workstations, but to act as an authoritative server for a whole bunch of advertisement domains which directs the workstations to an internal apache server that serves up a blank box in place of embedded ads that would normally appear.
If I query the server for a non-authoritative address (say, google.ca) it gives me the correct answer.
If I query it for an address for which it is supposed to be authoritative, I no longer get the name of the appropriate internal server, but rather:
*** Can't find yeildmanager.com: No answer
(and, yes, it is spelled yeildmanager.com)
Previously, I was using DNS to not only identify internal workstations, but to act as an authoritative server for a whole bunch of advertisement domains which directs the workstations to an internal apache server that serves up a blank box in place of embedded ads that would normally appear.
7
Installation and Upgrades / What are the correct permissions for ebox.log?
« on: November 16, 2009, 07:01:41 pm »
I've been trying to solve a problem with the failure of DNS on my ebox server.
To try to restart the server, I've used:
sudo /etc/init.d/ebox bind9 restart
An error message comes up saying that it does not have permission to write to /var/log/ebox/ebox.log
Checking /var/log/ebox/ebox.log, I see that it has 644 root root permissions whereas the ebox.log.1.gz file has 644 ebox ebox permissions.
Is this correct? I'm not conscious of having changed any permissions anywhere on the server.
To try to restart the server, I've used:
sudo /etc/init.d/ebox bind9 restart
An error message comes up saying that it does not have permission to write to /var/log/ebox/ebox.log
Checking /var/log/ebox/ebox.log, I see that it has 644 root root permissions whereas the ebox.log.1.gz file has 644 ebox ebox permissions.
Is this correct? I'm not conscious of having changed any permissions anywhere on the server.
8
Installation and Upgrades / Help! DNS failure for LAN hosts
« on: October 31, 2009, 05:49:52 pm »
This morning we've been using our PCs until we suddenly couldn't resolve names any more.
I've done the following to no avail:
manually restarted bind9
rebooted the server
removed and re-added the DNS service via the eBox GUI
removed and re-added the DNS firewall rule via the eBox GUI
DNS still fails for workstations, however, all this time, nslookups from the server are successful, so bind9 appears to be working but it has the appearance of a firewall issue yet I can't figure out how to test it.
Here's a tcpdump of a DNS request:
12:14:18.779652 IP 192.168.0.200.34513 > 192.168.0.201.domain: 21370+ A? mail.wecare.ca. (32)
12:14:18.876891 IP 192.168.0.201.domain > 192.168.0.200.34513: 21370 ServFail 0/0/0 (32)
12:14:18.877174 IP 192.168.0.200.57257 > 192.168.0.201.domain: 59780+ A? mail.wecare.ca. (32)
12:14:19.013693 IP 192.168.0.201.domain > 192.168.0.200.57257: 59780 ServFail 0/0/0 (32)
12:14:19.907888 IP 192.168.0.200.netbios-ns > 192.168.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:14:19.930315 IP 192.168.0.201.netbios-ns > 192.168.0.200.netbios-ns: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST
Curiously, I'm noticing that my last firewall log entry stops at 11:20 - around the time things went bust.
I've done the following to no avail:
manually restarted bind9
rebooted the server
removed and re-added the DNS service via the eBox GUI
removed and re-added the DNS firewall rule via the eBox GUI
DNS still fails for workstations, however, all this time, nslookups from the server are successful, so bind9 appears to be working but it has the appearance of a firewall issue yet I can't figure out how to test it.
Here's a tcpdump of a DNS request:
12:14:18.779652 IP 192.168.0.200.34513 > 192.168.0.201.domain: 21370+ A? mail.wecare.ca. (32)
12:14:18.876891 IP 192.168.0.201.domain > 192.168.0.200.34513: 21370 ServFail 0/0/0 (32)
12:14:18.877174 IP 192.168.0.200.57257 > 192.168.0.201.domain: 59780+ A? mail.wecare.ca. (32)
12:14:19.013693 IP 192.168.0.201.domain > 192.168.0.200.57257: 59780 ServFail 0/0/0 (32)
12:14:19.907888 IP 192.168.0.200.netbios-ns > 192.168.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:14:19.930315 IP 192.168.0.201.netbios-ns > 192.168.0.200.netbios-ns: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST
Curiously, I'm noticing that my last firewall log entry stops at 11:20 - around the time things went bust.
9
Installation and Upgrades / Monitoring network traffic volumes
« on: October 30, 2009, 02:44:53 am »
I know that on the Dashboard, there are network graphs available which I assume are graphic overall bytes sent/received rates. That is to say, I presume they are measuring in KB/s although the values only read "KB". First of all, is that intended to be Kilo Bytes or Kilo Bits?
The main reason for my post is that I would like to see a breakdown on who is accounting for the most traffic. Currently, my workstation is at a snails (when connecting to the server) yet the server dashboard says it's receiving at over 500KB (/s?) so I'd like to know which workstation is saturating the connection. Is there a way to list traffic volume by IP?
The main reason for my post is that I would like to see a breakdown on who is accounting for the most traffic. Currently, my workstation is at a snails (when connecting to the server) yet the server dashboard says it's receiving at over 500KB (/s?) so I'd like to know which workstation is saturating the connection. Is there a way to list traffic volume by IP?
10
Installation and Upgrades / How do I run a logout script?
« on: October 26, 2009, 03:53:03 am »
I've created a work-around for the problem that eBox doesn't allow a wildcard " * " to be used as an alias in DNS records. To do this, I manually run a script after logging off the eBox interface.
What I want to do is to have the script run automatically when I log off eBox.
First of all, where would I do this? I've been guessing it's in the /usr/share/perl5/EBox/CGI/Logout/Logout.pm module.
At the end of sub _process, I added:
exec ("/setwildcard")
which is the script I have in the root directory.
I presume that since eBox has the rights to edit the DNS entries, that it can also do it via the script. Run manually, the script works. Called from the Logout.pm module, nothing happens, and I don't know what log to check to see if there was an error.
For that matter, I'm not even sure I have this in the right location and that it's being run at all.
Any help would be appreciated.
What I want to do is to have the script run automatically when I log off eBox.
First of all, where would I do this? I've been guessing it's in the /usr/share/perl5/EBox/CGI/Logout/Logout.pm module.
At the end of sub _process, I added:
exec ("/setwildcard")
which is the script I have in the root directory.
I presume that since eBox has the rights to edit the DNS entries, that it can also do it via the script. Run manually, the script works. Called from the Logout.pm module, nothing happens, and I don't know what log to check to see if there was an error.
For that matter, I'm not even sure I have this in the right location and that it's being run at all.
Any help would be appreciated.
11
Installation and Upgrades / Report summaries missing sections
« on: October 25, 2009, 05:30:22 pm »
I've just tried a report summary for the HTTP Proxy traffic and the "Access Requests" and "Traffic Size" sections are blank. Are they supposed to be?
12
Installation and Upgrades / Manual configuration changes.
« on: October 25, 2009, 04:35:36 am »
I have a need to create a wildcard in Bind yet eBox doesn't allow "*" for an alias name so I did a workaround: I created an alias called "wildcard".
I then went to the configuration file for db.mydomain.net and edited it to change "wildcard" to " * ", saved it, restarted BIND9 and tested. Now, if any hostname on mydomain.net is typed incorrectly, the resulting DNS record will point to the apache server. That's what I wanted.
The problem is that when I go to another domain and create a "wildcard" alias and then save it, the DNS record for mydomain.net gets overwritten with the version that used "wildcard" instead of my manually edited " * ".
It's really annoying since I wasn't editing the mydomain.net records.
So, how do I force eBox to accept a wildcard alias?
or
How do I prevent eBox from overwriting domain entries that I'm not editing?
or
How do I edit eBox's cached copy of the db.mydomain.net file so that if it's going to overwrite all my domains, it at least writes the changes that I wanted, which the GUI wouldn't allow.?
I then went to the configuration file for db.mydomain.net and edited it to change "wildcard" to " * ", saved it, restarted BIND9 and tested. Now, if any hostname on mydomain.net is typed incorrectly, the resulting DNS record will point to the apache server. That's what I wanted.
The problem is that when I go to another domain and create a "wildcard" alias and then save it, the DNS record for mydomain.net gets overwritten with the version that used "wildcard" instead of my manually edited " * ".
It's really annoying since I wasn't editing the mydomain.net records.
So, how do I force eBox to accept a wildcard alias?
or
How do I prevent eBox from overwriting domain entries that I'm not editing?
or
How do I edit eBox's cached copy of the db.mydomain.net file so that if it's going to overwrite all my domains, it at least writes the changes that I wanted, which the GUI wouldn't allow.?
13
Installation and Upgrades / Adding an external USB drive
« on: September 25, 2009, 05:00:00 am »
On my previous server, I had my user's files stored on an external USB drive in NTFS format. Now I figured I could just plug it into the eBox server, create shares and go.
Apparently not. What do I need to do to get ebox to recognize the USB drive? I had expected it to auto-mount in /mnt.
For those of us who aren't particularly command-line savvy, how do I go about doing this?
I know I should probably be using the mount command, along the lines of:
sudo mount usbdev2.1_ep00 /mnt/shares
but there are so many usbdev*** devices that I don't know where to start.
Apparently not. What do I need to do to get ebox to recognize the USB drive? I had expected it to auto-mount in /mnt.
For those of us who aren't particularly command-line savvy, how do I go about doing this?
I know I should probably be using the mount command, along the lines of:
sudo mount usbdev2.1_ep00 /mnt/shares
but there are so many usbdev*** devices that I don't know where to start.
14
Installation and Upgrades / Firewall rule order
« on: September 09, 2009, 04:16:05 am »
I hadn't come across this in the manual, although I might have missed it.
When eBox evaluates firewall rules, are the rules that apply based on "first match", "last match" or "most restrictive" order?
When eBox evaluates firewall rules, are the rules that apply based on "first match", "last match" or "most restrictive" order?
15
Installation and Upgrades / Accessing an FTP server on eBox from the LAN
« on: September 09, 2009, 04:12:16 am »
I have the latest version of eBox installed on a dedicated server. I wanted to make use of the web services by installing some custom web pages for my kids with links to their favorite web sites, which they could edit themselves. I added a couple of virtual hosts and confirmed that they each have a directory under /var/www.
From another PC I am able to access these "pages".
The problem comes in editing the content. The idea was that the kids would edit the pages on their own PC's and upload them to the server. I am able to do this with samba and sharing the directories, but I'd like to do it with FTP too.
To that end, I installed vsftp on the eBox server.
From the command line on the eBox server, I am able to access the FTP server but not from a workstation on the LAN. I added a firewall rule in the Access eBox from the LAN category which allows any source using FTP.
It didn't work. It occurred to me that I had set the client PC to use a network proxy (the eBox server) which included FTP and that, perhaps the proxy server was dropping the connection, so I removed the network proxy settings from the client but I still can't connect.
Can anyone shed some light on this for me?
From another PC I am able to access these "pages".
The problem comes in editing the content. The idea was that the kids would edit the pages on their own PC's and upload them to the server. I am able to do this with samba and sharing the directories, but I'd like to do it with FTP too.
To that end, I installed vsftp on the eBox server.
From the command line on the eBox server, I am able to access the FTP server but not from a workstation on the LAN. I added a firewall rule in the Access eBox from the LAN category which allows any source using FTP.
It didn't work. It occurred to me that I had set the client PC to use a network proxy (the eBox server) which included FTP and that, perhaps the proxy server was dropping the connection, so I removed the network proxy settings from the client but I still can't connect.
Can anyone shed some light on this for me?
Pages: [1] 2