Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Gilberto Ferreira

Pages: [1] 2 3 ... 34
1
Portuguese / Re: Problema com Openvpn site2site
« on: October 27, 2021, 09:18:33 pm »
RESOLVIDO! Bastou mudar minha lan de 172.16 e 172.18 para 192.168.100 e 192.168.200 e agora tudo está funcionando

2
SOLVED!

Just change my lan from 172.16 and 172.18 to 192.168.100 and 192.168.200 and now everything is work

3
Portuguese / Problema com Openvpn site2site
« on: October 27, 2021, 09:04:14 pm »
Olá pessoal

Estou tentando criar uma VPN usando 2 Zentyal server, virtualizado no VirttualBox.
No VBox criei duas redes de hospedeiro:

vboxnet0 - 192.168.56.0/24
vboxnet1 - 192.168.57.0/24

zentyal1
vboxnet0 - 192.168.152.0/24 - IP do zentyal 192.168.152.100 (Externa WAN)
inetnet1 - 172.16.0.0/24 - IP Zentyal LAN 172.16.0.10 (é o gateway da vm windows 7 que fica atrás do zentyal1

zentyal2
vboxnet0 - 192.168.157.0/24 - IP do zentyal 192.168.157.100 (Externa WAN)
inetnet1 - 172.18.0./24 - IP Zentyal LAN 172.18.0.10 (é o gateway da vm windows 7 que fica atrás do zentyal1

Eu consigo fechar o tunnel corretamente mas não pinga do zentyal1 para o zentyal2 na faixa do IP 172.16 ou 172.18.0
Nem nas vms windows 7 atrás desses zentyal eu consigo pingar um ao outro.

Estou deixando o padrão da rede da VPN que é 192.168.0.X em ambos os lados.
Se eu mudo esse padrão para 192.168.10.0 no zentyal1 e 192.168.20.0 no zentyal2 aí consigo pingar um ao outro e dos 2 servidores zentyal eu consigo pingar nas vms com Windows 7.
Mas não consigo acesso nenhum entre os Windows 7 atrás desses servidores.

Como estou usando meu laptop eu tive que colocar algumas regras de iptables pra permitir o nat entre meu IP fisico e as vms do Zentyal pra elas navegarem na internet

+ iptables -F
+ iptables -t nat -F
+ iptables -A INPUT -i lo -j ACCEPT
+ iptables -A INPUT -i vboxnet0 -j ACCEPT
+ iptables -A INPUT -i vboxnet1 -j ACCEPT
+ iptables -A OUTPUT -o lo -j ACCEPT
+ iptables -A OUTPUT -o vboxnet0 -j ACCEPT
+ iptables -A OUTPUT -o vboxnet1 -j ACCEPT
+ iptables -A FORWARD -i vboxnet0 -o vboxnet1 -j ACCEPT
+ iptables -A FORWARD -i vboxnet1 -o vboxnet0 -j ACCEPT
+ iptables -A INPUT -s 192.168.152.0/24 -j ACCEPT
+ iptables -A INPUT -s 192.168.157.0/24 -j ACCEPT
+ iptables -t nat -A POSTROUTING -s 192.168.152.0/24 -j MASQUERADE
+ iptables -t nat -A POSTROUTING -s 192.168.157.0/24 -j MASQUERADE
+ sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

4
Anybody??

5
Installation and Upgrades / Openvpn site2site in Virtualbox (LABHOME)
« on: October 21, 2021, 07:19:57 pm »
Hi there

I have deploy two Zentyal Server 4.0 in VirtualBox (V 6.1.27 r147422). I am using my laptop to this purpose.

I also have create two host network, like:

vboxnet0 - 192.168.152.0
vboxnet1 - 192.168.157.0

Aditionaly I have create a few iptables rules in my laptop, to allow both zentyal servers to use the internet properly:
# Flush IPTABLES
iptables -F
iptables -t nat -F
# Loopack
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i vboxnet0 -j ACCEPT
iptables -A INPUT -i vboxnet1 -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow all from virtualbox
iptables -A INPUT -s 192.168.152.0/24 -j ACCEPT
iptables -A INPUT -s 192.168.157.0/24 -j ACCEPT

# Masquerade virtualbox network
iptables -t nat -A POSTROUTING -s 192.168.152.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.157.0/24 -j MASQUERADE

#turn on ip forwarding
sysctl -w net.ipv4.ip_forward=1

After install both zentyal server, I have create a openvpn tunnel between two server.
I was unable to use the default IP addrss inside the vpn tunnel, i.e 192.168.0.0 in both sides doesn't work.
I needed to use 192.168.10.0 in server1 and 192.168.20.0 in server2. After that I can now ping both side and the 2 windows 7 behind each servers.
But I can not reach the Windows Client behind VPN.

Server1 has the IP 192.168.152.100 as WAN and 172.16.0.10 as LAN
Server2 has the IP 192.168.157.100 as WAN and 172.18.0.10 as LAN

I have dhcp serving IPS 172.16.0.0 to the Windows 7 behind server1 and I have dhcp serving IPS 172.18.0.0 to the Windows 7 behind server2

Both server1 and server2 are communicating. In both server1 and server2 I can ping Windows behind server1 and Windows behind server2

But inside Windows 7 behind server1 I can not reach Windows 7 behind server2.

What I missing??
I appreciated for any help!

Thank you.




6
Hi there

I had a problem here, when install Sogo.
After installed all modules, I notice a message indicate that was need to run dpkg --configure -a in Linux console.
So I opned a ssh session and ran the above command.
But I get a lot o errors such as:
sudo  dpkg --configure -a
[sudo] password for administrador:
Configurando sogo:amd64 (5.0.1.20201214-1) ...
======= Important SOGo post-installation note =======

SOGo database schemas are _not_ automatically upgraded by
the packaging system.

Please check the list of database schema upgrade scripts
inside /usr/share/doc/sogo/ and apply them if needed.

More details can be found in the Upgrading section:
https://sogo.nu/files/docs/SOGoInstallationGuide.html#_upgrading

apache2_invoke: Enable configuration SOGo
apache2_reload: Your configuration is broken. Not reloading Apache 2
apache2_reload: AH00526: Syntax error on line 47 of /etc/apache2/conf-enabled/SOGo.conf:
apache2_reload: Invalid command 'ProxyRequests', perhaps misspelled or defined by a module not included in the server configuration
Job for sogo.service failed because the control process exited with error code.
See "systemctl status sogo.service" and "journalctl -xe" for details.
invoke-rc.d: initscript sogo, action "start" failed.
● sogo.service - LSB: SOGo server
     Loaded: loaded (/etc/init.d/sogo; generated)
     Active: failed (Result: exit-code) since Mon 2021-08-09 13:41:49 -03; 27ms ago
       Docs: man:systemd-sysv-generator(8)
    Process: 69909 ExecStart=/etc/init.d/sogo start (code=exited, status=1/FAILURE)

ago 09 13:41:48 srv01 systemd[1]: Starting LSB: SOGo server...
ago 09 13:41:49 srv01 sogo[69909]:  * Starting SOGo sogo
ago 09 13:41:49 srv01 sogo[69989]: /usr/sbin/sogod: Uncaught exception NSInvalidArgumentException, reason: Tried to add nil to array
ago 09 13:41:49 srv01 sogo[69990]: chown: cannot access '/var/run/sogo/sogo.pid': No such file or directory
ago 09 13:41:49 srv01 systemd[1]: sogo.service: Control process exited, code=exited, status=1/FAILURE
ago 09 13:41:49 srv01 systemd[1]: sogo.service: Failed with result 'exit-code'.
ago 09 13:41:49 srv01 systemd[1]: Failed to start LSB: SOGo server.
dpkg: erro ao processar o pacote sogo:amd64 (--configure):
 o subprocesso instalado, do pacote sogo:amd64, o script post-installation retornou erro do status de saída 1
dpkg: problemas com dependências impedem a configuração de zentyal-sogo:
 zentyal-sogo depende de sogo (>= 5.0.1); porém:
  Pacote sogo:amd64 não está configurado ainda.

dpkg: erro ao processar o pacote zentyal-sogo (--configure):
 problemas de dependência - deixando desconfigurado
dpkg: problemas com dependências impedem a configuração de zentyal-groupware:
 zentyal-groupware depende de zentyal-sogo; porém:
  Pacote zentyal-sogo não está configurado ainda.

dpkg: erro ao processar o pacote zentyal-groupware (--configure):
 problemas de dependência - deixando desconfigurado
dpkg: problemas com dependências impedem a configuração de sogo-activesync:
 sogo-activesync depende de sogo (= 5.0.1.20201214-1); porém:
  Pacote sogo:amd64 não está configurado ainda.

dpkg: erro ao processar o pacote sogo-activesync (--configure):
 problemas de dependência - deixando desconfigurado
A processar 'triggers' para libc-bin (2.31-0ubuntu9.2) ...
Erros foram encontrados durante o processamento de:
 sogo:amd64
 zentyal-sogo
 zentyal-groupware
 sogo-activesync

And Yes! My Linux box is in PT-BR.

But after some strogle I figure out that need to trigger two steps:

Step 1 - touch /var/run/sogo/sogo.pid

After this I was to apply apt -f install but Apache2 configuration was in error.

Step 2 - in order to finish the installation I was indeed need to activate the proxy Apache module using:

a2enmod proxy

Then, after this apache2conf configtest ran smootlhy.

Just wanna report this problem.


Thanks.



7
Portuguese / Re: Fazer máquina interna sair por outro IP externo.
« on: April 05, 2021, 04:31:04 pm »
Amigo geralmente esse direcionamento faço nas regras dos gateways, onde determino a saída de um determinado objeto ou IP da rede interna pelo gateway escolhido, se os dois roteadores ou modens da operadora estão na mesma faixa, muda eles pra uma faixa diferente.

É mas no caso eu tenho IPS publicos que estão todos na mesma faixa de rede, máscara e gateway.
Inclusive o Zentyal nem deixou eu criar uma 4 placa de rede com outro IP na mesma mascara. Achei estranho já que o IPFire aceitou.
Obrigado pela sua resposta.

8
Hello guys.

I need to create an iptables rule that causes an internal host to outgoing via a different public IP.
Let's say you have 2 public IPs:
aaa.bbb.ccc.ddd
aaa.bbb.ccc.eee

The end ddd is standard.
The end eee would be the secondary.

It turns out that Zentyal, at least in version 6.2, does not let me insert a second network interface using the same network.
For example, eth0 has the ip aaa.bbb.ccc.ddd, eth1 and eth2 have internal IP's and eth3 would have the aaa.bbb.ccc.eee IP which would be the secondary one.
But when I try to insert the IP into eth3 he says that there is already an IP of that network configured in eth0!
So what I did was set up a virtual interface hanging on eth0 with the ip aaa.bbb.ccc.eee, type eth0: 1.
Then I tried to create an SNAT rule but it doesn't work. When I go to the internal host it still takes the default external IP aaa.bbb.ccc.ddd.

I installed an IPFIRE (www.ipfire.org) which is very simple and in it I managed to do it smoothly.
BTW, ​​it was from this IPFIRE that I took the rule of iptables.
I tried like this:
iptables -N NAT_SOURCE
iptables -t nat POSTROUTING -j NAT_SOURCE
ptables -t nat -A NAT_SOURCE -s IP / 32 -j SNAT --to-source aaa.bbb.ccc.eee

But without success!

Thanks to anyone who can help me.

9
Portuguese / Fazer máquina interna sair por outro IP externo.
« on: April 02, 2021, 04:01:32 pm »
Olá amigos

Eu preciso criar uma regra de iptables que faça com que um host interno sai por um IP publico diferente.
Digamos que tenha 2 IPs publicos:
aaa.bbb.ccc.ddd
aaa.bbb.ccc.eee

O final ddd é padrão.
O final eee seria o secundário.

Acontece que o Zentyal, pelo menos na versão 6.2 não me deixa inserir uma segunda interface de rede usando a mesma rede.
Por exemplo, a eth0 tem o ip aaa.bbb.ccc.ddd, a eth1 e eth2 tem IP's internos e a eth3 teria o IP aaa.bbb.ccc.eee que seria o secundário.
Mas quando tento inserir o IP na eth3 ele diz que ja existe um IP dessa rede configurado na eth0!
Aí o que fiz foi configurar uma interface virtual pendurada no eth0 com o ip aaa.bbb.ccc.eee, tipo eth0:1.
Aí eu tentei criar uma regra SNAT mas não funciona. Quando vou no host interno ele ainda pega o IP externo padrão aaa.bbb.ccc.ddd.

Eu instalei um IPFIRE (www.ipfire.org) que é bem simples e nele eu consegui fazer isso tranquilo.
Alias foi dele que eu tirei a regra do iptables.
Tentei assim:
iptables -N NAT_SOURCE
iptables -t nat POSTROUTING -j NAT_SOURCE
ptables -t nat -A NAT_SOURCE -s IP/32 -j SNAT --to-source aaa.bbb.ccc.eee

Mas sem sucesso!

Obrigado a quem puder me ajudar.



10
Hi there friends...

I have zentyal 4 works fine, but sometimes I see this message is syslog

Nov 13 08:29:20 servidor kernel: [46271.777040] init: zentyal.set-uid-gid-numbers main process (5337) killed by TERM signal
Nov 13 08:31:26 servidor kernel: [46397.332330] init: zentyal.squid3-external main process (11425) killed by KILL signal
Nov 13 10:22:34 servidor kernel: [53058.929901] init: isc-dhcp-server main process (6625) killed by TERM signal
Nov 13 10:22:53 servidor kernel: [53078.020586] init: zentyal.squid3-external main process (1191) killed by KILL signal
Nov 13 10:24:16 servidor kernel: [53160.763082] init: isc-dhcp-server main process (17178) killed by TERM signal
Nov 13 10:34:37 servidor kernel: [53781.188780] init: isc-dhcp-server main process (19818) killed by TERM signal
Nov 13 10:34:56 servidor kernel: [53800.450145] init: zentyal.squid3-external main process (18356) killed by KILL signal
Nov 13 10:39:24 servidor kernel: [54067.794495] init: isc-dhcp-server main process (21955) killed by TERM signal
Nov 13 10:46:18 servidor kernel: [54481.453223] init: zentyal.squid3-external main process (23132) killed by KILL signal
Nov 13 10:46:22 servidor kernel: [54485.832787] init: ebox.loggerd main process (28496) killed by TERM signal
Nov 13 12:05:32 servidor kernel: [59231.181414] init: zentyal.squid3-external main process (29111) killed by KILL signal
Nov 13 12:05:35 servidor kernel: [59233.623781] init: ebox.loggerd main process (29215) killed by TERM signal
Nov 13 13:43:28 servidor kernel: [65100.929273] init: ebox.loggerd main process (22277) killed by TERM signal
Nov 13 13:55:25 servidor kernel: [65818.057803] init: zentyal.squid3-external main process (22142) killed by KILL signal
Nov 13 13:55:28 servidor kernel: [65820.470901] init: ebox.loggerd main process (320) killed by TERM signal

And I thing this errors make squid restart (at least the process) and kill internet access for a moment, than back online again...

Any body get this error too???

Thanks

11
Installation and Upgrades / Re: Zentyal 4 HA
« on: November 07, 2019, 12:59:37 pm »
I managed to solved this issue, creating the script bellow:

#!/bin/bash


statusip=$(crm_mon -1 | grep IPHALOCAL | grep servidor2)

status="$?"

echo $status

if [[ $status -eq 1 ]]
then
 echo "That's great :-)"
elif [[ $status -eq 0 ]]
then
 echo "(exit status=$status)"
/etc/init.d/samba force-reload
fi

And add to crontab, to run every minute...


12
Installation and Upgrades / Zentyal 4 HA
« on: November 06, 2019, 12:53:35 pm »
Hi there

I have set two servers, working with HA and so far so good... I have tested powered off one server and the secondary server got the IP and DHCP services...  But, when secondary server assume this services, I needed to restart samba manually, in order to get backup folders shares work properly. So my question is, how can I set samba into HA service like ip or dhcp does, in order to samba restart automatic when primary server gone away?
I also tryied to use hooks scripts but when do so, the DHCP return fail status in crm_mon 1

Thanks for any kind of help!

13
Installation and Upgrades / Zentyal HA - Error in dhcp
« on: September 24, 2019, 08:34:14 pm »
Hi

I have this error in zentyal ha running version 4.0

ipha150 (ocf::heartbeat:IPaddr2):       Started srv01
dhcp    (ocf::zentyal:Zentyal): Started (unmanaged) FAILED [ srv01 srv02 ]

Failed actions:
    dhcp_stop_0 (node=srv01, call=78, rc=1, status=Timed Out, last-rc-change=Tue Sep 24 15:27:58 2019
, queued=20002ms, exec=0ms
): unknown error

14
Installation and Upgrades / Add resource in HA - Zentyal 4.0
« on: September 23, 2019, 07:08:45 pm »
Hi there

I am playing aroud HA setup in Zentyal 4.0, and I wonder if there is something way to add ohters resources into cluster

How can I do this?

Thanks

15
Installation and Upgrades / Re: Manual install on 18.04 no networking
« on: August 12, 2019, 05:42:55 am »
Hello,

I setup a new box with Ubuntu 18.04 LTS and manually installed the zentyal packages.
On the configuration page I wanted to install networking, but it failed.
Upon trying to manually install zentyal-network through apt, it showed a conflict with netplan.io
As I thought zentyal will take over the tasks (otherwise why would it have a conflict) I removed netplan and installed the zentyal packages.

But now after booting it doesn't get any network connection.
It does have an IP address and I can access it through ssh in my local network,
but any attempt at outgoing connections (apt-get update, ping, ...) result in name resolution errors.
The DNS is set correctly (at least it's listed on the webportal) and there is no gateway (even setting it statically in the webportal didn't change anything)

HI there

You can add a dns nameserver into /etc/resolv.conf, using this comand:

echo 'nameserver 8.8.8.8' > /etc/resolv.conf

Or edit it with nano

And you can add a default gateway using this:


route add default gw <gateway IP>

Then try use apt update and so on...

Pages: [1] 2 3 ... 34