Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - ap1821

Pages: 1 ... 3 4 [5]
Just tried changing the port. From 1194/udp to 1195/udp, also in the firewall I changed the port too. VPN now works, all traffic goes fine trough eth1. What the hell? Why doesn't it like 1194 port anymore?
about that problem,17039.0.html

OK! The gateway thing works fine from now on, seems like I had to reboot zentyal for at least one time for it to got working.
Now I have problems with VPN. All other things work perfectly, but when the VPN service is started and running, then I have no traffic on internal interface (eth1). I went deeper and found out that when I change Interface to listen on field to eth1 instead of eth0 or all interfaces, than the internal interface works fine (internet connectivity is fine and local networks can be accessed) otherwise there is suddenly no access to anything on computers connected to eth1.
eth0 is external and eth1 is internal to remember, and the internet connection remains fine on the server itself, no matter what the VPN settings are for the moment...
Here are my settings for the created VPN server:

I have created certificated for VPN clients and for VPN server itself, with this configuration the eth1 is fine.

On the other hand I tried the connection to VPN, of course it doesn't work from the internet. When I change eth1 to eth0 there (interface to listen on), I can access and connect to VPN server from internet, but can't ping anything on the server's internal network when connected.
Hope you understood and hope for help!  :)

I'm also interested in this. :)

I have never used GPO before, but now when I'm switching from 2.2 to 3.0 it could be really useful. Most workstations in my office is Windows.
So after the PDC is fully ready, I can simply login as pdc administrator into a Windows computer and use ?
So I can permit (for example) changing IP settings for a specific Zentyal user group?

Well I reinstalled the actual server and still get same problems with no internet. The firewall seems to be fine. Sometimes some skype traffic comes trough, still I can ping IP's and DNS adresses in local network and in the internet.
I'm currently trying in my home network with the server. Connected directly to internet modem and let DHCP take the adress when installing (acually I used DHCP when installing it the first time, maybe this messes something up). And I tried to use switch too, still same.
Now gonna try connecting server to my home router and not to use DHCP when installing.

EDIT: changed eth0 to static and typed currently leased DHCP adress and gateway manually, restarted server and it works. What the hell.... This really might be because I used DHCP in the cli installation....

EDIT: restarted server once again, it now works (directly connected to my home internet modem)! Seems that restarting server is the trick here. I didn't do that when tried the first time.

Maybe the problem was connecting eth1 directly to my laptop with ethernet cable? I already mentioned, I WAS able to resolve DNS names and even ping them, Windows 8 laptop I connected to the server said that there is internet connectivity, but no web pages could be opened.

I just installed fresh Zentyal on Virtualbox with eth0 as bridged to my home router ( so it has access to internet and my whole local home network. I set eth1 as Internal network in Virtualbox virtual machine settings. After configuring everything just as before (eth0 static external, eth1 static internal) I tried Windows XP machine and connected it to Virtualbox internal network. After finally setting everything up just the way I did with the actual server, I now have internet access and everything else working JUST FINE on that XP virtual machine (Zentyal set as gateway and DNS).

So firewall is definately not an issue anymore, if it works with virtualbox. I wonder what's wrong there with the actual server installation... I didn't had to change any firewall settings by the way, it worked with stock FW settings. Maybe I should connect it to a switch and then connect all workstations, dunno....

Filtering rules from external networks to internal networks

Has to be used only if you want to provide access to internal network when initiated from internet.
OK. So the internet connection should work without needing to add any rules to this section?

I'm pretty sure that my server had this one rule by default just as vbox test install:
If Packet Filter -> Internal Netowks  then there is one rule:
ALLOW TRAFFIC, Source Any, Destination Any, Service Any. 
AND Filtering rules from external networks to internal networks section contained no rules on the actual server.
Sorry, I can't test adding rules to Filtering rules from external networks to internal networks section right now, can't get to the server right now. But is this really really the problem cause here?

I edtited the post a bit also. So the filtering rules from external networks to internal networks is the right section?
What does the "Filtering rules for internal networks" does in my case, and that one rule there? (sorry to ask so stupid :D )


Because of this, not remembering what stock configuration is, I strongly believe that, by default, except for mandatory protocols, nothing is allowed. Then, when you deploy services, Zentyal handles (most of the time  ;D) firewall rules required to make this service operational.
All the time I've used Zentyal server connected to my office network as I described in the first post. Then I was able to configure all allowed services available to office computers in firewall section Packet Filter -> Internal networks to Zentyal. And the other things in the router by opening ports.
Frankly I'm not familiar with any other sections in Zentyal firewall :D
If this has to be in Packet Filter -> Filtering rules from internal networks to external networks then there is nothing added there in my testing vbox environment.
If Packet Filter -> Internal Netowks then there is one rule:
ALLOW TRAFFIC, Source Any, Destination Any, Service Any.
I'll check the server installation, then post. :)

Well I configured eth0 with ISP given parameters, same that were entered in the router previously. And the internet connection worked just fine on the server.

SERVER eth0 (external):
-ISP given network configuration, static

SERVER eth1 (internal):
-IP:, static
-Subnet mask:

CLIENT connected to eth1 (my laptop)
-Subnet mask :
-Default gateway: (so client has Zentyal server as default gateway)

And I can access Zentyal with no problems on the client, I can ping internet DNS and IP adresses, but cant open any with browser, Windows says that I have internet access, but actually I don't.
I had no switch for the moment to connect to eth1, so I connected my laptop directly to test it (I think his can't affect anything).
About that
ensure that Zentyal FW allow outgoing HTTP traffic
do I have to set some rules manually, stock configuration doesn't allow that? I also tried email client on my laptop and it didn't worked either.

Hello everyone! :) We have purchased a new more powerful server to our office and would like to get rid of router which routes all internet traffic. We want server to act as router.
I will try to describe the main current network structure here, hope you will understand:

                                                  [ALL OTHER WORKSTATIONS]

We would like to get rid of the router and directy put the cable coming from internet modem into eth0. So that would be the external network interface. eth1 would create internal network and it would look like this (sorry for the interesting diagrams ;D ):

                                                                               [ALL OTHER WORKSTATIONS]

I tried installing zentyal by selecting all gateway components and configuring eth0 as external with static ip's (provided by ISP) and configuring eth1 as static internal and assigning and netmask to it. After doing that I was able to access all  allowed Zentyal services from internal network (by connecting my laptop and manually assigning and zentyal DNS to it - just to test the internal network), BUT had no internet connection! I was able to ping and ping, the Windows network status also said that there is internet connectivity, but no pages could be opened except Zentyal administration page (
I also tried enabling transparent proxy, then very very slow traffic started to come trough (and then I broke something, so I'll try to reinstall it and try again), but I would like just to reroute the internet traffic to eth0 to eth1 with no proxy (I use non-transparent proxy for other reasons). What am I doing wrong? Also didn't get why the traffic was so slow with transparent proxy enabled (opening web page in 5-10 seconds)

The main point is get internet connection to work in internal networks by just rerouting it. The server has 2 network adapters, eth0 and eth1. If I cant do this then I'll have to stick with a router which tends to hang 1-2 times a month. I would also like the monitoring options I can get if I use Zentyal as router.


Same problem as author's problem. I have made a custom application which connects to LDAP and autheticates users trough it. Well now it's completely broken and I haven't still managed to fix it. What the hell have they done with LDAP in 3.0. In 2.2 it was working well, how about 3.1?
By the way the application I made was made using PHP, maybe someone has some good scripts to authenticate users with PHP? And one more thing, I won't be able to authenticate linux users via ldap and pam now, right?

EDIT: Okay, I wrote a custom script in PHP using bind to rootdn, so now this seems to work, and most linux distros can be joined to domain now using likewise-open? I admit that it is a more secure approach, but not all applications work with it. In my script i'm still using cn=zentyal user to get into LDAP and the port must be 390.

Pages: 1 ... 3 4 [5]