Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Re: Zentyal 8
« on: February 28, 2024, 01:39:34 pm »
This product is a secuirty nightmare. I wouldn't feel comfortable deploying it anywhere.
2
Contributions / Tips&Tricks / Features Requests / What Is Going On?
« on: February 28, 2024, 01:37:15 pm »
I used to deploy Zentyal a long time ago for customers. If I was still working in that role, I would definitely not be deploying it any more. The product is stuck in the past. Although the web interface is fantastic in many ways, the rest of the product is deeply flawed.
It's amazing that there is absolutely no support for IPv6. To me that makes a product like this unusable.
I received the email saying that version 8 has now been released. I thought I would have a look at how the product is going and deployed it to an Linux Container. There are so many problems with this software. After installation I noticed it had done bizarre things to the permissions of critical system files. I discovered this in an attempt to force netplan to apply network and it was complaining about insecure permissions on its yaml files.
If your server is hacked in any way, it is done for.
The funniest thing that happened was I forgot I even had a user account here because it was been around 12 years since I last posted. I did a forget password and in the email to reset it, it said my IP was 172.18.0.10. What the heck is going on here? Do you actually receive money from people for this product?
Where is the MFA support? OIDC? SAML? This is hilarious.
It's amazing that there is absolutely no support for IPv6. To me that makes a product like this unusable.
I received the email saying that version 8 has now been released. I thought I would have a look at how the product is going and deployed it to an Linux Container. There are so many problems with this software. After installation I noticed it had done bizarre things to the permissions of critical system files. I discovered this in an attempt to force netplan to apply network and it was complaining about insecure permissions on its yaml files.
If your server is hacked in any way, it is done for.
The funniest thing that happened was I forgot I even had a user account here because it was been around 12 years since I last posted. I did a forget password and in the email to reset it, it said my IP was 172.18.0.10. What the heck is going on here? Do you actually receive money from people for this product?
Where is the MFA support? OIDC? SAML? This is hilarious.
3
News and Announcements / Re: Zentyal Desktop for Windows 0.1 available for testing
« on: November 10, 2010, 12:26:57 pm »
You're doing an amazing job. This is fantastic. I will definitely be playing around with this.
4
Installation and Upgrades / Re: Error installing onto Ubuntu 10.04 Desktop
« on: September 12, 2010, 04:41:43 am »
sudo dpkg --configure -a
5
Installation and Upgrades / Block HTTPS by URL
« on: September 11, 2010, 12:19:58 pm »
I thought it was possible for squid to block HTTPS sites just by the URL. This is currently not working. I am not using transparent proxy.
I have Zentyal 2.0 installed.
What am I doing wrong?
I have Zentyal 2.0 installed.
What am I doing wrong?
6
Installation and Upgrades / Dansguardian Wildcards
« on: February 18, 2009, 01:50:36 am »
Is there any way to use wildcards on filtered domains?
7
Installation and Upgrades / Re: Reset Firewall settings to default?
« on: December 11, 2008, 02:10:13 am »
This is a pretty big problem with the iptables settings.
Just a quick note on my settings:
eth0
-external
-ip 192.168.0.2
eth1
-internal
-ip 192.168.1.1
tap0
-VPN
-ip 10.1.1.1
The right setting is in there for the proxy the only problem is that it gets blocked before it gets to this rule:
This is the order the rules are read in:
Now this is where I think the problem could lie...
Just a quick note on my settings:
eth0
-external
-ip 192.168.0.2
eth1
-internal
-ip 192.168.1.1
tap0
-VPN
-ip 10.1.1.1
The right setting is in there for the proxy the only problem is that it gets blocked before it gets to this rule:
Quote
Chain imodules (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- tap0 any anywhere anywhere udp dpt:route
369 17712 ACCEPT tcp -- eth1 any anywhere anywhere state NEW tcp dpt:3128
This is the order the rules are read in:
Quote
Chain INPUT (policy DROP 0 packets, 0 bytes)inospoof doesn't have any rules so it goes to iexternalmodules
pkts bytes target prot opt in out source destination
132K 64M ACCEPT all -- lo any anywhere anywhere
191K 155M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
2 120 ACCEPT icmp !f any any anywhere anywhere
21382 7050K inospoof all -- any any anywhere anywhere
21382 7050K iexternalmodules all -- any any anywhere anywhere
21382 7050K iexternal all -- any any anywhere anywhere
10634 3542K inoexternal all -- any any anywhere anywhere
10634 3542K imodules all -- any any anywhere anywhere
10265 3524K iintservs all -- any any anywhere anywhere
10265 3524K iglobal all -- any any anywhere anywhere
6095 2927K idrop all -- any any anywhere anywhere
Quote
Chain iexternalmodules (1 references)Now I am pretty sure the RETURN rule is a result of me setting all internal to external as allow all in ebox.
pkts bytes target prot opt in out source destination
10586 3540K RETURN all -- eth1 any anywhere anywhere
0 0 ACCEPT udp -- tap0 any anywhere anywhere udp dpt:route
0 0 ACCEPT tcp -- eth0 any anywhere anywhere tcp dpt:openvpn
Quote
Chain iexternal (1 references)There is more in that chain but they aren't important. RETURN rule again set as a result of me setting internal to ebox as allow all in ebox.
pkts bytes target prot opt in out source destination
10586 3540K RETURN all -- eth1 any anywhere anywhere
10748 3508K ACCEPT all -- any any anywhere anywhere state NEW
Now this is where I think the problem could lie...
Quote
Chain inoexternal (1 references)This is on the INPUT rules so I was thinking that this rule would be dropping all data that hits another rule. This one is just above the imodules chain which contains the rule to allow all through eth1 for 3128...
pkts bytes target prot opt in out source destination
0 0 idrop all -- eth0 any anywhere anywhere state NEW
8
Installation and Upgrades / Re: Reset Firewall settings to default?
« on: December 09, 2008, 07:23:37 am »
It seems that the settings implemented by enabling the firewall logging were denying all requests. I think it is because it was Redirecting non-dropped packets to the LOG and the log was then redirecting them and dropping them.
9
Installation and Upgrades / Reset Firewall settings to default?
« on: December 09, 2008, 06:53:05 am »
I was wondering if there is a way to reset all the firewall settings to default.
I was going to try:
The reason I need to reset the firewall settings to default is because for some reason it is gradually blocking requests sent to the proxy port 3128. If I restart the server everyone is able to get to sites for about 15 minutes before they start getting blocked again. I can see this in the logs showing that port 3128 is being denied.
Any help appreciated.
I was going to try:
Code: [Select]
apt-get purge ebox-firewallBut that wanted to completely remove ebox. I have purged the proxy before and reinstalled it without having to do this.The reason I need to reset the firewall settings to default is because for some reason it is gradually blocking requests sent to the proxy port 3128. If I restart the server everyone is able to get to sites for about 15 minutes before they start getting blocked again. I can see this in the logs showing that port 3128 is being denied.
Any help appreciated.
10
Installation and Upgrades / Re: Users / Groups Permission
« on: December 06, 2008, 03:16:43 am »
Javi... this seems to be the same SID problem as most people have had.
11
Installation and Upgrades / Re: Firewall blocking Road Warriors
« on: December 06, 2008, 03:13:38 am »
BUMP
12
Installation and Upgrades / Re: OpenVPN continuous reconnects and no SSH access
« on: December 06, 2008, 03:10:02 am »
Cheers for the help.
It seems the problem was with certificates because it is all working fine now after playing around with the certificates.
Also, the problem with SSH I think may have something to do with the configuration possibly not allowing connections from all hosts.
It seems the problem was with certificates because it is all working fine now after playing around with the certificates.
Also, the problem with SSH I think may have something to do with the configuration possibly not allowing connections from all hosts.
13
Installation and Upgrades / Re: OpenVPN continuous reconnects and no SSH access
« on: December 04, 2008, 12:22:34 pm »
I have found that iptables seems to be allowing port 22 through but for some reason the Connection is being refused by sshd. I changed the ssh firewall rule to LOG instead of allow and they were coming up in the logs but I didn't even recieve the "Connection Refused" error message like I do when it is allowed.
Yeah, I've changed the IP for the server and OpenVPN connects but it continuously cycles the connection.
Yeah, I've changed the IP for the server and OpenVPN connects but it continuously cycles the connection.
14
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 04, 2008, 03:15:56 am »
It seems that the IP's being in the same subnet were causing problems.
Thanks heaps.
Thanks heaps.
15
Installation and Upgrades / [SOLVED] OpenVPN continuous reconnects and no SSH access
« on: December 04, 2008, 03:15:11 am »
Ok... now I had previously had access via SSH.
IP Addresses were originally:
External: 192.168.1.101
Internal: 192.168.1.102
Gateway: 192.168.1.1
This was purely for testing.
Now I have made it a production server and changed the IPs:
External: 192.168.0.2
Internal: 192.168.1.1
Gateway: 192.168.0.1
The proxy is now working correctly which I previously had problems with (most likely due to the IP configuration).
Now I am unable to SSH to the box. It looks like iptables is now completely blocking port 22.
OpenVPN still connects but then is instantly dropped off but reconnects again straight away and this loops.
This is the error I get when it drops out:
IP Addresses were originally:
External: 192.168.1.101
Internal: 192.168.1.102
Gateway: 192.168.1.1
This was purely for testing.
Now I have made it a production server and changed the IPs:
External: 192.168.0.2
Internal: 192.168.1.1
Gateway: 192.168.0.1
The proxy is now working correctly which I previously had problems with (most likely due to the IP configuration).
Now I am unable to SSH to the box. It looks like iptables is now completely blocking port 22.
OpenVPN still connects but then is instantly dropped off but reconnects again straight away and this loops.
This is the error I get when it drops out:
Quote
Thu Dec 04 12:44:16 2008 TCP/UDP: Closing socket
Thu Dec 04 12:44:16 2008 SIGUSR1[soft,connection-reset] received, process restarting
Thu Dec 04 12:44:16 2008 Restart pause, 5 second(s)