This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Zentyal 6.2 Commercial version - issue when doing an "sudo apt-update"
« on: July 15, 2022, 11:02:09 am »
Hello,
When I do a sudo apt-update, i've got the following error:
E: Failed to fetch http://packages.zentyal.com/zentyal-qa/dists/6.2/InRelease 401 Unauthorized [IP: 3.121.107.3 80]
E: The repository 'http://packages.zentyal.com/zentyal-qa 6.2 InRelease' is no longer signed.
Any idea on how to resolve it ?
Kind regards,
V.
When I do a sudo apt-update, i've got the following error:
E: Failed to fetch http://packages.zentyal.com/zentyal-qa/dists/6.2/InRelease 401 Unauthorized [IP: 3.121.107.3 80]
E: The repository 'http://packages.zentyal.com/zentyal-qa 6.2 InRelease' is no longer signed.
Any idea on how to resolve it ?
Kind regards,
V.
2
Other modules / Firewall is blocking the traffic from internal network to Internet
« on: June 17, 2021, 10:53:57 am »
Hello,
I installed the commercial version of Zentyal. I've got issue with the firewall. The log shows that some of the packet coming from the inside network to the internet through the Zentyal Gateway are blocked by the Zentyal Firewall but my configuration is set to allow everything!
It's an Home (or Lab) network and my network is quite simple. The box from my Internet provider is linked to eth1 of Zentyal Server (the eth1 addresses are 192.168.9.x - the router from the Internet provider does not allows bridge mode, thus I put the Zentyal Server in the DMZ) then eth0 is connected to my home network (the eth0 addresses are 192.168.1.x). I have another eth2 which is a copy of the eth1 in order to inspect the traffic by the IPS Zentyal system. The Zentyal server is an VM hosted by the free Windows HyperV 2016. I've got at least two other VM which is the OpenVPN Linux turnkey and another Windows Media Server for Plex.
The Http Proxy is also enabled in the Zentyal Server. Any one have an idea why this traffic is blocked, even if it seems that everything is working on the Laptops or PC where the Firewall is blocking the traffic !
Link to screen copy and file of the configuration
https://it-cm.ch/mycloud/index.php/s/VvgEMfDAKiarKSv
Extract of the configuration file:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
preinput all -- anywhere anywhere
idrop all -- anywhere anywhere state INVALID
iaccept all -- anywhere anywhere state RELATED,ESTABLISHED
inospoof all -- anywhere anywhere
iexternalmodules all -- anywhere anywhere
iexternal all -- anywhere anywhere
inoexternal all -- anywhere anywhere
imodules all -- anywhere anywhere
iglobal all -- anywhere anywhere
iaccept icmp !f anywhere anywhere icmp echo-request state NEW
iaccept icmp !f anywhere anywhere icmp echo-reply state NEW
iaccept icmp !f anywhere anywhere icmp destination-unreachable state NEW
iaccept icmp !f anywhere anywhere icmp source-quench state NEW
iaccept icmp !f anywhere anywhere icmp time-exceeded state NEW
iaccept icmp !f anywhere anywhere icmp parameter-problem state NEW
idrop all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
preforward all -- anywhere anywhere
fdrop all -- anywhere anywhere state INVALID
faccept all -- anywhere anywhere state RELATED,ESTABLISHED
fnospoof all -- anywhere anywhere
fredirects all -- anywhere anywhere
fmodules all -- anywhere anywhere
ffwdrules all -- anywhere anywhere
fnoexternal all -- anywhere anywhere
fdns all -- anywhere anywhere
fglobal all -- anywhere anywhere
faccept icmp !f anywhere anywhere icmp echo-request state NEW
faccept icmp !f anywhere anywhere icmp echo-reply state NEW
faccept icmp !f anywhere anywhere icmp destination-unreachable state NEW
faccept icmp !f anywhere anywhere icmp source-quench state NEW
faccept icmp !f anywhere anywhere icmp time-exceeded state NEW
faccept icmp !f anywhere anywhere icmp parameter-problem state NEW
fdrop all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
preoutput all -- anywhere anywhere
odrop all -- anywhere anywhere state INVALID
oaccept all -- anywhere anywhere state RELATED,ESTABLISHED
ointernal all -- anywhere anywhere
omodules all -- anywhere anywhere
oglobal all -- anywhere anywhere
oaccept icmp !f anywhere anywhere icmp echo-request state NEW
oaccept icmp !f anywhere anywhere icmp echo-reply state NEW
oaccept icmp !f anywhere anywhere icmp destination-unreachable state NEW
oaccept icmp !f anywhere anywhere icmp source-quench state NEW
oaccept icmp !f anywhere anywhere icmp time-exceeded state NEW
oaccept icmp !f anywhere anywhere icmp parameter-problem state NEW
odrop all -- anywhere anywhere
Chain drop (3 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 50/min burst 10 LOG level debug prefix "zentyal-firewall drop "
DROP all -- anywhere anywhere
Chain faccept (12 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0
NFQUEUE all -- anywhere anywhere NFQUEUE num 0
ACCEPT all -- anywhere anywhere
Chain fdns (1 references)
target prot opt source destination
Chain fdrop (8 references)
target prot opt source destination
drop all -- anywhere anywhere
Chain ffwdrules (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain fglobal (1 references)
target prot opt source destination
faccept all -- anywhere anywhere
Chain fmodules (1 references)
target prot opt source destination
Chain fnoexternal (1 references)
target prot opt source destination
fdrop all -- anywhere anywhere state NEW
Chain fnospoof (1 references)
target prot opt source destination
fnospoofmodules all -- anywhere anywhere
fdrop all -- 192.168.1.0/24 anywhere
fdrop all -- 192.168.9.0/24 anywhere
fdrop all -- 192.168.3.0/24 anywhere
fdrop all -- 192.168.99.0/24 anywhere
Chain fnospoofmodules (1 references)
target prot opt source destination
Chain fredirects (1 references)
target prot opt source destination
faccept tcp -- anywhere 192.168.1.124 state NEW tcp dpt:https
faccept tcp -- anywhere 192.168.1.66 state NEW tcp dpt:32400
faccept udp -- anywhere 192.168.1.124 state NEW udp dpt:openvpn
Chain ftoexternalonly (0 references)
target prot opt source destination
faccept all -- anywhere anywhere
fdrop all -- anywhere anywhere
Chain iaccept (54 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0
NFQUEUE all -- anywhere anywhere NFQUEUE num 0
ACCEPT all -- anywhere anywhere
Chain idrop (7 references)
target prot opt source destination
drop all -- anywhere anywhere
Chain iexternal (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
iaccept tcp -- anywhere anywhere tcp dpt:5223 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:imaps state NEW
iaccept tcp -- anywhere anywhere tcp dpt:submission state NEW
iaccept tcp -- anywhere anywhere tcp dpt:https state NEW
iaccept tcp -- anywhere anywhere tcp dpt:http state NEW
iaccept tcp -- anywhere anywhere tcp dpt:smtp state NEW
iaccept tcp -- anywhere anywhere tcp dpt:32400 state NEW
iaccept udp -- anywhere anywhere udp dpts:32410:32414 state NEW
Chain iexternalmodules (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain iglobal (1 references)
target prot opt source destination
iaccept tcp -- anywhere anywhere tcp dpt:5223 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:imaps state NEW
iaccept tcp -- anywhere anywhere tcp dpt:submission state NEW
iaccept tcp -- anywhere anywhere tcp dpt:https state NEW
iaccept tcp -- anywhere anywhere tcp dpt:http state NEW
iaccept tcp -- anywhere anywhere tcp dpt:smtp state NEW
iaccept udp -- anywhere anywhere udp dpt:ntp state NEW
iaccept tcp -- anywhere anywhere tcp dpt:32400 state NEW
iaccept udp -- anywhere anywhere udp dpts:32410:32414 state NEW
iaccept udp -- anywhere anywhere udp dpt:35622 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:35623 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:35621 state NEW
iaccept tcp -- anywhere anywhere tcp dpts:55413:55415 state NEW
iaccept udp -- anywhere anywhere udp dpt:35623 state NEW
iaccept udp -- anywhere anywhere udp dpt:zabbix-agent state NEW
iaccept tcp -- anywhere anywhere tcp dpt:zabbix-agent state NEW
iaccept udp -- anywhere anywhere udp dpt:zabbix-trapper state NEW
iaccept tcp -- anywhere anywhere tcp dpt:zabbix-trapper state NEW
iaccept udp -- anywhere anywhere udp dpt:kerberos state NEW
iaccept tcp -- anywhere anywhere tcp dpt:kerberos state NEW
iaccept tcp -- anywhere anywhere tcp dpt:loc-srv state NEW
iaccept udp -- anywhere anywhere udp dpt:netbios-ns state NEW
iaccept udp -- anywhere anywhere udp dpt:netbios-dgm state NEW
iaccept tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW
iaccept udp -- anywhere anywhere udp dpt:ldap state NEW
iaccept tcp -- anywhere anywhere tcp dpt:ldap state NEW
iaccept tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW
iaccept udp -- anywhere anywhere udp dpt:kpasswd state NEW
iaccept tcp -- anywhere anywhere tcp dpt:kpasswd state NEW
iaccept tcp -- anywhere anywhere tcp dpt:ldaps state NEW
iaccept tcp -- anywhere anywhere tcp dpt:3268 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:3269 state NEW
iaccept tcp -- anywhere anywhere tcp dpts:49152:65535 state NEW
iaccept udp -- anywhere anywhere udp dpt:domain state NEW
iaccept tcp -- anywhere anywhere tcp dpt:domain state NEW
iaccept tcp -- anywhere anywhere tcp dpt:ssh state NEW
iaccept tcp -- anywhere anywhere tcp dpt:8450 state NEW
Chain imodules (1 references)
target prot opt source destination
iaccept tcp -- anywhere anywhere state NEW tcp dpt:3128
iaccept tcp -- anywhere anywhere state NEW tcp dpt:3128
DROP tcp -- anywhere anywhere state NEW tcp dpt:3129
Chain inoexternal (1 references)
target prot opt source destination
idrop all -- anywhere anywhere state NEW
Chain inointernal (0 references)
target prot opt source destination
Chain inospoof (1 references)
target prot opt source destination
inospoofmodules all -- anywhere anywhere
idrop all -- 192.168.1.0/24 anywhere
idrop all -- 192.168.9.0/24 anywhere
idrop all -- 192.168.3.0/24 anywhere
idrop all -- 192.168.99.0/24 anywhere
Chain inospoofmodules (1 references)
target prot opt source destination
Chain log (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 50/min burst 10 LOG level debug prefix "zentyal-firewall log "
RETURN all -- anywhere anywhere
Chain oaccept (13 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain odrop (2 references)
target prot opt source destination
drop all -- anywhere anywhere
Chain oglobal (1 references)
target prot opt source destination
oaccept all -- anywhere anywhere state NEW
Chain ointernal (1 references)
target prot opt source destination
Chain omodules (1 references)
target prot opt source destination
oaccept tcp -- anywhere anywhere tcp dpt:http
oaccept udp -- anywhere anywhere udp dpt:domain
oaccept tcp -- anywhere anywhere tcp dpt:domain
oaccept tcp -- anywhere anywhere state NEW tcp dpt:http
oaccept tcp -- anywhere anywhere state NEW tcp dpt:https
Chain preforward (1 references)
target prot opt source destination
Chain preinput (1 references)
target prot opt source destination
Chain preoutput (1 references)
target prot opt source destination
I installed the commercial version of Zentyal. I've got issue with the firewall. The log shows that some of the packet coming from the inside network to the internet through the Zentyal Gateway are blocked by the Zentyal Firewall but my configuration is set to allow everything!
It's an Home (or Lab) network and my network is quite simple. The box from my Internet provider is linked to eth1 of Zentyal Server (the eth1 addresses are 192.168.9.x - the router from the Internet provider does not allows bridge mode, thus I put the Zentyal Server in the DMZ) then eth0 is connected to my home network (the eth0 addresses are 192.168.1.x). I have another eth2 which is a copy of the eth1 in order to inspect the traffic by the IPS Zentyal system. The Zentyal server is an VM hosted by the free Windows HyperV 2016. I've got at least two other VM which is the OpenVPN Linux turnkey and another Windows Media Server for Plex.
The Http Proxy is also enabled in the Zentyal Server. Any one have an idea why this traffic is blocked, even if it seems that everything is working on the Laptops or PC where the Firewall is blocking the traffic !
Link to screen copy and file of the configuration
https://it-cm.ch/mycloud/index.php/s/VvgEMfDAKiarKSv
Extract of the configuration file:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
preinput all -- anywhere anywhere
idrop all -- anywhere anywhere state INVALID
iaccept all -- anywhere anywhere state RELATED,ESTABLISHED
inospoof all -- anywhere anywhere
iexternalmodules all -- anywhere anywhere
iexternal all -- anywhere anywhere
inoexternal all -- anywhere anywhere
imodules all -- anywhere anywhere
iglobal all -- anywhere anywhere
iaccept icmp !f anywhere anywhere icmp echo-request state NEW
iaccept icmp !f anywhere anywhere icmp echo-reply state NEW
iaccept icmp !f anywhere anywhere icmp destination-unreachable state NEW
iaccept icmp !f anywhere anywhere icmp source-quench state NEW
iaccept icmp !f anywhere anywhere icmp time-exceeded state NEW
iaccept icmp !f anywhere anywhere icmp parameter-problem state NEW
idrop all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
preforward all -- anywhere anywhere
fdrop all -- anywhere anywhere state INVALID
faccept all -- anywhere anywhere state RELATED,ESTABLISHED
fnospoof all -- anywhere anywhere
fredirects all -- anywhere anywhere
fmodules all -- anywhere anywhere
ffwdrules all -- anywhere anywhere
fnoexternal all -- anywhere anywhere
fdns all -- anywhere anywhere
fglobal all -- anywhere anywhere
faccept icmp !f anywhere anywhere icmp echo-request state NEW
faccept icmp !f anywhere anywhere icmp echo-reply state NEW
faccept icmp !f anywhere anywhere icmp destination-unreachable state NEW
faccept icmp !f anywhere anywhere icmp source-quench state NEW
faccept icmp !f anywhere anywhere icmp time-exceeded state NEW
faccept icmp !f anywhere anywhere icmp parameter-problem state NEW
fdrop all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
preoutput all -- anywhere anywhere
odrop all -- anywhere anywhere state INVALID
oaccept all -- anywhere anywhere state RELATED,ESTABLISHED
ointernal all -- anywhere anywhere
omodules all -- anywhere anywhere
oglobal all -- anywhere anywhere
oaccept icmp !f anywhere anywhere icmp echo-request state NEW
oaccept icmp !f anywhere anywhere icmp echo-reply state NEW
oaccept icmp !f anywhere anywhere icmp destination-unreachable state NEW
oaccept icmp !f anywhere anywhere icmp source-quench state NEW
oaccept icmp !f anywhere anywhere icmp time-exceeded state NEW
oaccept icmp !f anywhere anywhere icmp parameter-problem state NEW
odrop all -- anywhere anywhere
Chain drop (3 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 50/min burst 10 LOG level debug prefix "zentyal-firewall drop "
DROP all -- anywhere anywhere
Chain faccept (12 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0
NFQUEUE all -- anywhere anywhere NFQUEUE num 0
ACCEPT all -- anywhere anywhere
Chain fdns (1 references)
target prot opt source destination
Chain fdrop (8 references)
target prot opt source destination
drop all -- anywhere anywhere
Chain ffwdrules (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain fglobal (1 references)
target prot opt source destination
faccept all -- anywhere anywhere
Chain fmodules (1 references)
target prot opt source destination
Chain fnoexternal (1 references)
target prot opt source destination
fdrop all -- anywhere anywhere state NEW
Chain fnospoof (1 references)
target prot opt source destination
fnospoofmodules all -- anywhere anywhere
fdrop all -- 192.168.1.0/24 anywhere
fdrop all -- 192.168.9.0/24 anywhere
fdrop all -- 192.168.3.0/24 anywhere
fdrop all -- 192.168.99.0/24 anywhere
Chain fnospoofmodules (1 references)
target prot opt source destination
Chain fredirects (1 references)
target prot opt source destination
faccept tcp -- anywhere 192.168.1.124 state NEW tcp dpt:https
faccept tcp -- anywhere 192.168.1.66 state NEW tcp dpt:32400
faccept udp -- anywhere 192.168.1.124 state NEW udp dpt:openvpn
Chain ftoexternalonly (0 references)
target prot opt source destination
faccept all -- anywhere anywhere
fdrop all -- anywhere anywhere
Chain iaccept (54 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0
NFQUEUE all -- anywhere anywhere NFQUEUE num 0
ACCEPT all -- anywhere anywhere
Chain idrop (7 references)
target prot opt source destination
drop all -- anywhere anywhere
Chain iexternal (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
iaccept tcp -- anywhere anywhere tcp dpt:5223 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:imaps state NEW
iaccept tcp -- anywhere anywhere tcp dpt:submission state NEW
iaccept tcp -- anywhere anywhere tcp dpt:https state NEW
iaccept tcp -- anywhere anywhere tcp dpt:http state NEW
iaccept tcp -- anywhere anywhere tcp dpt:smtp state NEW
iaccept tcp -- anywhere anywhere tcp dpt:32400 state NEW
iaccept udp -- anywhere anywhere udp dpts:32410:32414 state NEW
Chain iexternalmodules (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain iglobal (1 references)
target prot opt source destination
iaccept tcp -- anywhere anywhere tcp dpt:5223 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:imaps state NEW
iaccept tcp -- anywhere anywhere tcp dpt:submission state NEW
iaccept tcp -- anywhere anywhere tcp dpt:https state NEW
iaccept tcp -- anywhere anywhere tcp dpt:http state NEW
iaccept tcp -- anywhere anywhere tcp dpt:smtp state NEW
iaccept udp -- anywhere anywhere udp dpt:ntp state NEW
iaccept tcp -- anywhere anywhere tcp dpt:32400 state NEW
iaccept udp -- anywhere anywhere udp dpts:32410:32414 state NEW
iaccept udp -- anywhere anywhere udp dpt:35622 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:35623 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:35621 state NEW
iaccept tcp -- anywhere anywhere tcp dpts:55413:55415 state NEW
iaccept udp -- anywhere anywhere udp dpt:35623 state NEW
iaccept udp -- anywhere anywhere udp dpt:zabbix-agent state NEW
iaccept tcp -- anywhere anywhere tcp dpt:zabbix-agent state NEW
iaccept udp -- anywhere anywhere udp dpt:zabbix-trapper state NEW
iaccept tcp -- anywhere anywhere tcp dpt:zabbix-trapper state NEW
iaccept udp -- anywhere anywhere udp dpt:kerberos state NEW
iaccept tcp -- anywhere anywhere tcp dpt:kerberos state NEW
iaccept tcp -- anywhere anywhere tcp dpt:loc-srv state NEW
iaccept udp -- anywhere anywhere udp dpt:netbios-ns state NEW
iaccept udp -- anywhere anywhere udp dpt:netbios-dgm state NEW
iaccept tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW
iaccept udp -- anywhere anywhere udp dpt:ldap state NEW
iaccept tcp -- anywhere anywhere tcp dpt:ldap state NEW
iaccept tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW
iaccept udp -- anywhere anywhere udp dpt:kpasswd state NEW
iaccept tcp -- anywhere anywhere tcp dpt:kpasswd state NEW
iaccept tcp -- anywhere anywhere tcp dpt:ldaps state NEW
iaccept tcp -- anywhere anywhere tcp dpt:3268 state NEW
iaccept tcp -- anywhere anywhere tcp dpt:3269 state NEW
iaccept tcp -- anywhere anywhere tcp dpts:49152:65535 state NEW
iaccept udp -- anywhere anywhere udp dpt:domain state NEW
iaccept tcp -- anywhere anywhere tcp dpt:domain state NEW
iaccept tcp -- anywhere anywhere tcp dpt:ssh state NEW
iaccept tcp -- anywhere anywhere tcp dpt:8450 state NEW
Chain imodules (1 references)
target prot opt source destination
iaccept tcp -- anywhere anywhere state NEW tcp dpt:3128
iaccept tcp -- anywhere anywhere state NEW tcp dpt:3128
DROP tcp -- anywhere anywhere state NEW tcp dpt:3129
Chain inoexternal (1 references)
target prot opt source destination
idrop all -- anywhere anywhere state NEW
Chain inointernal (0 references)
target prot opt source destination
Chain inospoof (1 references)
target prot opt source destination
inospoofmodules all -- anywhere anywhere
idrop all -- 192.168.1.0/24 anywhere
idrop all -- 192.168.9.0/24 anywhere
idrop all -- 192.168.3.0/24 anywhere
idrop all -- 192.168.99.0/24 anywhere
Chain inospoofmodules (1 references)
target prot opt source destination
Chain log (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 50/min burst 10 LOG level debug prefix "zentyal-firewall log "
RETURN all -- anywhere anywhere
Chain oaccept (13 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain odrop (2 references)
target prot opt source destination
drop all -- anywhere anywhere
Chain oglobal (1 references)
target prot opt source destination
oaccept all -- anywhere anywhere state NEW
Chain ointernal (1 references)
target prot opt source destination
Chain omodules (1 references)
target prot opt source destination
oaccept tcp -- anywhere anywhere tcp dpt:http
oaccept udp -- anywhere anywhere udp dpt:domain
oaccept tcp -- anywhere anywhere tcp dpt:domain
oaccept tcp -- anywhere anywhere state NEW tcp dpt:http
oaccept tcp -- anywhere anywhere state NEW tcp dpt:https
Chain preforward (1 references)
target prot opt source destination
Chain preinput (1 references)
target prot opt source destination
Chain preoutput (1 references)
target prot opt source destination
Pages: [1]