Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Zentyal as home firewall crashing every two hours
« on: April 28, 2012, 09:06:19 pm »
I've been running eBox/Zentyal as my home firewall for several years now. At the moment I'm running 2.2.7 - mostly just as a firewall/DNS/DHCP/VPN. One upstream port - three downside ports - internal segregated wireless zone, internal home network zone, internal server zone (external web and zimbra email servers - currently shut down).
After updating with the community updates a couple days ago - the Zentyal firewall will only stay up for about 2-3 hours at a time - after which it becomes unresponsive and requires a hard reboot - then works fine for another 2-3 hours.
The only thing I can find is that after about 1 to 1 and 1/2 hours postgres starts to use 90+% of the cpu and stays that high until the firewall becomes unresponsive after about another hour.
Any thoughts?
After updating with the community updates a couple days ago - the Zentyal firewall will only stay up for about 2-3 hours at a time - after which it becomes unresponsive and requires a hard reboot - then works fine for another 2-3 hours.
The only thing I can find is that after about 1 to 1 and 1/2 hours postgres starts to use 90+% of the cpu and stays that high until the firewall becomes unresponsive after about another hour.
Any thoughts?
2
Installation and Upgrades / Does Zentyal support VPN passthrough for clients behind the firewall?
« on: February 01, 2011, 07:15:53 pm »
I have a Zentyal 2.02 server on my home network with three internal zones (external server, home network, wireless) and one WAN connection.
I'm working from home with my work laptop connecting via wireless and trying to connect to work via a Cisco VPN client but it can't seem to make a connection. I can connect via the Cisco VPN client from other wireless networks so I know that part works.
Does Zentyal support VPN passthrough? I didn't find any mention of it in the documentation.
Thank you,
Eric
I'm working from home with my work laptop connecting via wireless and trying to connect to work via a Cisco VPN client but it can't seem to make a connection. I can connect via the Cisco VPN client from other wireless networks so I know that part works.
Does Zentyal support VPN passthrough? I didn't find any mention of it in the documentation.
Thank you,
Eric
3
Installation and Upgrades / add alternate netmask to static address config?
« on: February 25, 2008, 10:11:59 pm »
In eBox Network -> Interfaces... when setting a host interface to a static address, the Netmask is a pull down menu. If the netmask needed is not in the selection list (in this case 255.255.248.0) - what is the best way of adding it?
Thanks,
Eric
Thanks,
Eric
4
Installation and Upgrades / how to change the ebox system hostname?
« on: February 25, 2008, 10:06:52 pm »
If I need/want to change the ebox system's hostname - what's the best way of doing that? I tried vi'ing /etc/hostname, but then after a reboot none of the services started.
Thanks,
Eric
Thanks,
Eric
5
Installation and Upgrades / DHCP on multiple internal networks?
« on: February 14, 2008, 03:59:49 pm »
From the documentation at http://www.ebox-platform.com/usersguide/en/html-chunk/ch13.html and the configuration it would appear that DHCP can only be bonded to one nic?
What if you have two nics in addition to the wan nic that represent two separate internal networks? Is it possible to configure DHCP for each internal network or only one?
Thank you,
Eric
What if you have two nics in addition to the wan nic that represent two separate internal networks? Is it possible to configure DHCP for each internal network or only one?
Thank you,
Eric
6
Installation and Upgrades / eBox as wireless access point?
« on: February 13, 2008, 06:28:48 pm »
Has anyone tried using eBox as a wireless access point?
What I was thinking of trying was...
eBox host
wired ethernet nic 1: wan port
wired ethernet nic 2: internal desktops
wired ethernet nic 3: internal servers
wired ethernet nic 4: external public/semi-public servers
wireless 802.11g PCI nic: wireless access point/zone
OpenVPN virtual zone: with internal server network zone advertised to access internal servers
Ideally, what I'd really like to do is to set the eBox machine up so that local wireless clients would connect to the wireless zone but could do nothing - not even connect to the Internet - unless they make an OpenVPN connection to the eBox OpenVPN zone and then they can access the internal servers and the Internet via the certificate authenticated OpenVPN connection.
Everything but the wireless zone looks to be straightforward and I haven't dug too deeply into the documentation, but should the above be possible with eBox?
Also not sure if the Debian version would support the wireless nic - may have to wait for the Ubuntu based version for that.
Thanks,
Eric
What I was thinking of trying was...
eBox host
wired ethernet nic 1: wan port
wired ethernet nic 2: internal desktops
wired ethernet nic 3: internal servers
wired ethernet nic 4: external public/semi-public servers
wireless 802.11g PCI nic: wireless access point/zone
OpenVPN virtual zone: with internal server network zone advertised to access internal servers
Ideally, what I'd really like to do is to set the eBox machine up so that local wireless clients would connect to the wireless zone but could do nothing - not even connect to the Internet - unless they make an OpenVPN connection to the eBox OpenVPN zone and then they can access the internal servers and the Internet via the certificate authenticated OpenVPN connection.
Everything but the wireless zone looks to be straightforward and I haven't dug too deeply into the documentation, but should the above be possible with eBox?
Also not sure if the Debian version would support the wireless nic - may have to wait for the Ubuntu based version for that.
Thanks,
Eric
7
Installation and Upgrades / site-to-site OpenVPN problem
« on: February 11, 2008, 06:21:20 pm »
Hello,
As a new eBox user - my emphatic compliments to the development team - eBox is an incredible package!
For my problem -- I have set up the following test configuration. Any advice would be most appreciated.
following http://www.ebox-platform.com/usersguide/en/html-chunk/ch17s02.html
four hosts with ethernet cross-over cables between them
client A1 -> 192.168.1.2
'lan A' -> 192.168.1.0/255.255.255.0
ebox 0.11.2 server A
ebox lan A port -> 192.168.1.1
ebox openvpn server - Allow eBox to eBox tunnels is checked
ebox openvpn address pool -> 192.168.2.0/255.255.255.0
ebox openvpn advertised network -> 192.168.1.0/255.255.255.0
ebox wan port -> 192.168.3.2
ebox 0.11.2 server B
ebox wan port -> 192.168.3.3
ebox openvpn client with certificates and keys from ebox A
ebox openvpn client points to 192.168.3.2 for its openvpn server
ebox lan B port -> 192.168.4.1
'lan B' -> 192.168.4.0/255.255.255.0
client B1 -> 192.168.4.2
client A1 can ping ebox server A and the wan port of ebox server B
client B1 can ping ebox server B and the wan port of ebox server A
ebox server A can ping client A1 and the wan port of ebox server B
ebox server B can ping client B1 and the wan port of ebox server A
in the OpenVPN logs of ebox server A - ebox server B appears to connect and authenticate correctly to ebox server A - however...
client A1 cannot ping client B1
client B1 cannot ping client A1
ebox server A cannot ping client B1
ebox server B cannot ping client A1
Do I need to set up any firewall rules to allow traffic from the 192.168.2.* virtual address space to talk to hosts in the 192.168.1.* address space?
Do I need to set up any firewall rules to allow traffic from the 192.168.1.* address space to talk to hosts in the 192.168.4.* address space?
Does anything get logged when host B1 would access resources in lan A?
Does anything get logged when host A1 would access resources in lan B?
From the documentation it would appear host B1 should be able to see any resource in the advertised lan A - however, should host A1 be able to see any resource in lan B?
Thank you very much for any advice you can offer.
Eric
As a new eBox user - my emphatic compliments to the development team - eBox is an incredible package!
For my problem -- I have set up the following test configuration. Any advice would be most appreciated.
following http://www.ebox-platform.com/usersguide/en/html-chunk/ch17s02.html
four hosts with ethernet cross-over cables between them
client A1 -> 192.168.1.2
'lan A' -> 192.168.1.0/255.255.255.0
ebox 0.11.2 server A
ebox lan A port -> 192.168.1.1
ebox openvpn server - Allow eBox to eBox tunnels is checked
ebox openvpn address pool -> 192.168.2.0/255.255.255.0
ebox openvpn advertised network -> 192.168.1.0/255.255.255.0
ebox wan port -> 192.168.3.2
ebox 0.11.2 server B
ebox wan port -> 192.168.3.3
ebox openvpn client with certificates and keys from ebox A
ebox openvpn client points to 192.168.3.2 for its openvpn server
ebox lan B port -> 192.168.4.1
'lan B' -> 192.168.4.0/255.255.255.0
client B1 -> 192.168.4.2
client A1 can ping ebox server A and the wan port of ebox server B
client B1 can ping ebox server B and the wan port of ebox server A
ebox server A can ping client A1 and the wan port of ebox server B
ebox server B can ping client B1 and the wan port of ebox server A
in the OpenVPN logs of ebox server A - ebox server B appears to connect and authenticate correctly to ebox server A - however...
client A1 cannot ping client B1
client B1 cannot ping client A1
ebox server A cannot ping client B1
ebox server B cannot ping client A1
Do I need to set up any firewall rules to allow traffic from the 192.168.2.* virtual address space to talk to hosts in the 192.168.1.* address space?
Do I need to set up any firewall rules to allow traffic from the 192.168.1.* address space to talk to hosts in the 192.168.4.* address space?
Does anything get logged when host B1 would access resources in lan A?
Does anything get logged when host A1 would access resources in lan B?
From the documentation it would appear host B1 should be able to see any resource in the advertised lan A - however, should host A1 be able to see any resource in lan B?
Thank you very much for any advice you can offer.
Eric
Pages: [1]