Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Contributions / Tips&Tricks / Features Requests / What Is Going On?
« on: February 28, 2024, 01:37:15 pm »
I used to deploy Zentyal a long time ago for customers. If I was still working in that role, I would definitely not be deploying it any more. The product is stuck in the past. Although the web interface is fantastic in many ways, the rest of the product is deeply flawed.
It's amazing that there is absolutely no support for IPv6. To me that makes a product like this unusable.
I received the email saying that version 8 has now been released. I thought I would have a look at how the product is going and deployed it to an Linux Container. There are so many problems with this software. After installation I noticed it had done bizarre things to the permissions of critical system files. I discovered this in an attempt to force netplan to apply network and it was complaining about insecure permissions on its yaml files.
If your server is hacked in any way, it is done for.
The funniest thing that happened was I forgot I even had a user account here because it was been around 12 years since I last posted. I did a forget password and in the email to reset it, it said my IP was 172.18.0.10. What the heck is going on here? Do you actually receive money from people for this product?
Where is the MFA support? OIDC? SAML? This is hilarious.
It's amazing that there is absolutely no support for IPv6. To me that makes a product like this unusable.
I received the email saying that version 8 has now been released. I thought I would have a look at how the product is going and deployed it to an Linux Container. There are so many problems with this software. After installation I noticed it had done bizarre things to the permissions of critical system files. I discovered this in an attempt to force netplan to apply network and it was complaining about insecure permissions on its yaml files.
If your server is hacked in any way, it is done for.
The funniest thing that happened was I forgot I even had a user account here because it was been around 12 years since I last posted. I did a forget password and in the email to reset it, it said my IP was 172.18.0.10. What the heck is going on here? Do you actually receive money from people for this product?
Where is the MFA support? OIDC? SAML? This is hilarious.
2
Installation and Upgrades / Block HTTPS by URL
« on: September 11, 2010, 12:19:58 pm »
I thought it was possible for squid to block HTTPS sites just by the URL. This is currently not working. I am not using transparent proxy.
I have Zentyal 2.0 installed.
What am I doing wrong?
I have Zentyal 2.0 installed.
What am I doing wrong?
3
Installation and Upgrades / Dansguardian Wildcards
« on: February 18, 2009, 01:50:36 am »
Is there any way to use wildcards on filtered domains?
4
Installation and Upgrades / Reset Firewall settings to default?
« on: December 09, 2008, 06:53:05 am »
I was wondering if there is a way to reset all the firewall settings to default.
I was going to try:
The reason I need to reset the firewall settings to default is because for some reason it is gradually blocking requests sent to the proxy port 3128. If I restart the server everyone is able to get to sites for about 15 minutes before they start getting blocked again. I can see this in the logs showing that port 3128 is being denied.
Any help appreciated.
I was going to try:
Code: [Select]
apt-get purge ebox-firewallBut that wanted to completely remove ebox. I have purged the proxy before and reinstalled it without having to do this.The reason I need to reset the firewall settings to default is because for some reason it is gradually blocking requests sent to the proxy port 3128. If I restart the server everyone is able to get to sites for about 15 minutes before they start getting blocked again. I can see this in the logs showing that port 3128 is being denied.
Any help appreciated.
5
Installation and Upgrades / [SOLVED] OpenVPN continuous reconnects and no SSH access
« on: December 04, 2008, 03:15:11 am »
Ok... now I had previously had access via SSH.
IP Addresses were originally:
External: 192.168.1.101
Internal: 192.168.1.102
Gateway: 192.168.1.1
This was purely for testing.
Now I have made it a production server and changed the IPs:
External: 192.168.0.2
Internal: 192.168.1.1
Gateway: 192.168.0.1
The proxy is now working correctly which I previously had problems with (most likely due to the IP configuration).
Now I am unable to SSH to the box. It looks like iptables is now completely blocking port 22.
OpenVPN still connects but then is instantly dropped off but reconnects again straight away and this loops.
This is the error I get when it drops out:
IP Addresses were originally:
External: 192.168.1.101
Internal: 192.168.1.102
Gateway: 192.168.1.1
This was purely for testing.
Now I have made it a production server and changed the IPs:
External: 192.168.0.2
Internal: 192.168.1.1
Gateway: 192.168.0.1
The proxy is now working correctly which I previously had problems with (most likely due to the IP configuration).
Now I am unable to SSH to the box. It looks like iptables is now completely blocking port 22.
OpenVPN still connects but then is instantly dropped off but reconnects again straight away and this loops.
This is the error I get when it drops out:
Quote
Thu Dec 04 12:44:16 2008 TCP/UDP: Closing socket
Thu Dec 04 12:44:16 2008 SIGUSR1[soft,connection-reset] received, process restarting
Thu Dec 04 12:44:16 2008 Restart pause, 5 second(s)
6
Installation and Upgrades / [SOLVED] Squid and Dansguardian problem
« on: December 02, 2008, 01:59:55 am »
Hey,
The problem so far:
Unable to use proxy at all unless I create a rule in the firewall section; "Filtering rules from external networks to eBox" that allows all source ports to be allowed through the squid port (3128).
Unable to use Proxy with filtering on. It doesn't get to dansguardian, it always comes up with the page "ERROR: The requested URL could not be retrieved"
If I put the dansguardian port into my proxy settings i can't get anywhere.
Here is some of my iptables config:
iptables -L
Chain iexternal (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:3129 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3129 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:3128 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3128 state NEW
Chain imodules (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:route
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3129
DROP tcp -- anywhere anywhere state NEW tcp dpt:3128
iptable -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
premodules all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
postmodules all -- anywhere anywhere
SNAT all -- !192.168.1.101 anywhere to:192.168.1.101
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain postmodules (1 references)
target prot opt source destination
MASQUERADE all -- 10.1.1.0/24 anywhere
Chain premodules (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere 192.168.1.102 tcp dpt:3128 redir ports 3129
This is setup as non-transparent proxy on default port and filter on default port. The default proxy setting is to filter.
Cheers for the help
The problem so far:
Unable to use proxy at all unless I create a rule in the firewall section; "Filtering rules from external networks to eBox" that allows all source ports to be allowed through the squid port (3128).
Unable to use Proxy with filtering on. It doesn't get to dansguardian, it always comes up with the page "ERROR: The requested URL could not be retrieved"
If I put the dansguardian port into my proxy settings i can't get anywhere.
Here is some of my iptables config:
iptables -L
Chain iexternal (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:3129 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3129 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:3128 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3128 state NEW
Chain imodules (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:route
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3129
DROP tcp -- anywhere anywhere state NEW tcp dpt:3128
iptable -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
premodules all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
postmodules all -- anywhere anywhere
SNAT all -- !192.168.1.101 anywhere to:192.168.1.101
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain postmodules (1 references)
target prot opt source destination
MASQUERADE all -- 10.1.1.0/24 anywhere
Chain premodules (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere 192.168.1.102 tcp dpt:3128 redir ports 3129
This is setup as non-transparent proxy on default port and filter on default port. The default proxy setting is to filter.
Cheers for the help
7
Installation and Upgrades / Firewall blocking Road Warriors
« on: November 19, 2008, 04:59:03 am »
I was just wondering if the Firewall blocks access to most internal ports from remote VPN users.
I was attempting to Remote Desktop to a PC on the internal network remotely but was unable to do so. I also found that I was unable to map network drives.
I changed the firewalls "Filtering rules from external networks to internal networks" by adding an allow all rule. This fixed the problem... why is the VPN considered as being an external network?
I was attempting to Remote Desktop to a PC on the internal network remotely but was unable to do so. I also found that I was unable to map network drives.
I changed the firewalls "Filtering rules from external networks to internal networks" by adding an allow all rule. This fixed the problem... why is the VPN considered as being an external network?
Pages: [1]