This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / Zentyal 3.5 as a Gen2 Hyper-V guest OS?
« on: July 25, 2014, 09:46:06 pm »
I tried with Zentyal 3.4 a few months back and was unable to get it to boot and install as a Hyper-V Gen2 virtual machine.
I have an Ubuntu 14.04 server set up as a Gen2 VM which seems to run just fine, and I installed it from the ISO provided on their website. Because Zentyal 3.5 is built on top Ubuntu 14.04 Server, I am assuming I should be able to get a Zentyal 3.5 Gen2 VM up and running?
Has anybody had any experience with this yet?
I have an Ubuntu 14.04 server set up as a Gen2 VM which seems to run just fine, and I installed it from the ISO provided on their website. Because Zentyal 3.5 is built on top Ubuntu 14.04 Server, I am assuming I should be able to get a Zentyal 3.5 Gen2 VM up and running?
Has anybody had any experience with this yet?
2
Installation and Upgrades / proxy configuration, zentyal 2.2
« on: October 04, 2011, 09:32:50 pm »
Zentyal 2.2, Pentium 4 3.0ghz, 2GB RAM
I am wondering what you guys would recommend for configuring my proxy. There will be about 50 users going thru the proxy for internet only, all other higher bandwidth local area traffic is running thru another router. I wish to use the proxy for denying access to specific URLs, and for blocking Ads only.. I have decided not to use the content filter in the proxy, I would like to use Traffic Shaping and L7 filter instead as it has provided better results so far at stopping streaming video and P2P traffic. Is this an appropriate way to accomplish my objective?
Also, with approx. 50 users using the net with Ad Blocking enabled, what would you recommend I set the cache size to? Its at 100MB right now. I've also tried 50MB and 250MB and wasn't able to notice a difference, but it was after hours and there were no users besides myself at that particular moment. Is there a standard rule of thumb for determining the most appropriate cache size?
I am wondering what you guys would recommend for configuring my proxy. There will be about 50 users going thru the proxy for internet only, all other higher bandwidth local area traffic is running thru another router. I wish to use the proxy for denying access to specific URLs, and for blocking Ads only.. I have decided not to use the content filter in the proxy, I would like to use Traffic Shaping and L7 filter instead as it has provided better results so far at stopping streaming video and P2P traffic. Is this an appropriate way to accomplish my objective?
Also, with approx. 50 users using the net with Ad Blocking enabled, what would you recommend I set the cache size to? Its at 100MB right now. I've also tried 50MB and 250MB and wasn't able to notice a difference, but it was after hours and there were no users besides myself at that particular moment. Is there a standard rule of thumb for determining the most appropriate cache size?
3
Installation and Upgrades / Re: need eBox-Platform 1.4-2 ISO
« on: October 03, 2011, 09:07:25 pm »
perfect! Thank you!
4
Installation and Upgrades / need eBox-Platform 1.4-2 ISO
« on: October 03, 2011, 07:28:56 pm »
I cannot find a place to download the older eBox-Platform 1.4-2 ISO. My original CD is scratched to the point of uselessness and the ISO file I originally downloaded has gotten corrupted somehow and won't burn to a new CD. Can anybody help me locate a copy of the eBox-Platform 1.4-2 ISO for download so I can repair a machine running that version?
5
Installation and Upgrades / Re: Firewall rules not working
« on: September 23, 2011, 07:57:03 pm »
It seems to affect traffic going inbound from external to internal only. Port forwards are affected as well. Am I doing something wrong?
All of my internal -> Zentyal rules work just fine, and so do my internal -> internal rules..
All of my internal -> Zentyal rules work just fine, and so do my internal -> internal rules..
6
Installation and Upgrades / Firewall rules not working
« on: September 23, 2011, 12:06:39 pm »
I recently upgraded my firewall from Zentyal 2.0 to Zentyal 2.2, and I'm having a problem with certain firewall rules not working. Has there been a change in the way Zentyal interprets firewall rules between 2.0 and 2.2? Help! Sorry for the lengthy post, but I want to be specific so you know exactly what I've done so far. Here's the situation:
This Zentyal 2.2 box sits in between our "perimeter" network and our "internal" network. Our perimeter network is 10.10.10.0/23, our external interface has an IP on this network. The internal network is 10.10.20.0/23 and the internal interface is the gateway for this network and is IP 10.10.20.1.
The modules installed are DNS, Firewall, Objects, Services, and Monitoring, Installed fresh from CD.
Previously, i could set up an object called "Network Printers" with the IPs of all the networked printers on the internal network. We have a few devices on the external network (a perimeter really, which includes all our wireless devices) which need to print. I would then create another group called "Allowed to print" or something similar which contained all the IP addresses of those clients who have ability to print through the firewall.
Next I would go to the firewall, to the "External networks to Internal Networks" section. I would then make a rule that says Allow any TCP traffic from group "Allowed to Print" to pass to printers on the internal network in the group "Network Printers"
Doing it in this manner has always worked before from ebox 1.4 through Zentyal 2.0 just fine, unless I am missing something and just can't remember it. I also have similar rules set up which allow my tablet on the wireless network (on the external side of Zentyal) to pass through the firewall to access remote desktop on a few of the servers we have on the internal network. These rules also also not working, and my traffic is stopped at the firewall and not passed to the desired machines on the internal network.
Just to be sure something was not working correctly, I created a rule at the top of the list which said to pass any traffic from the external network to any destination on the internal network, and still no traffic will pass.
Can anybody else help me out, or duplicate the issue if its a bug? Thanks!
-Andy
This Zentyal 2.2 box sits in between our "perimeter" network and our "internal" network. Our perimeter network is 10.10.10.0/23, our external interface has an IP on this network. The internal network is 10.10.20.0/23 and the internal interface is the gateway for this network and is IP 10.10.20.1.
The modules installed are DNS, Firewall, Objects, Services, and Monitoring, Installed fresh from CD.
Previously, i could set up an object called "Network Printers" with the IPs of all the networked printers on the internal network. We have a few devices on the external network (a perimeter really, which includes all our wireless devices) which need to print. I would then create another group called "Allowed to print" or something similar which contained all the IP addresses of those clients who have ability to print through the firewall.
Next I would go to the firewall, to the "External networks to Internal Networks" section. I would then make a rule that says Allow any TCP traffic from group "Allowed to Print" to pass to printers on the internal network in the group "Network Printers"
Doing it in this manner has always worked before from ebox 1.4 through Zentyal 2.0 just fine, unless I am missing something and just can't remember it. I also have similar rules set up which allow my tablet on the wireless network (on the external side of Zentyal) to pass through the firewall to access remote desktop on a few of the servers we have on the internal network. These rules also also not working, and my traffic is stopped at the firewall and not passed to the desired machines on the internal network.
Just to be sure something was not working correctly, I created a rule at the top of the list which said to pass any traffic from the external network to any destination on the internal network, and still no traffic will pass.
Can anybody else help me out, or duplicate the issue if its a bug? Thanks!
-Andy
7
Installation and Upgrades / How to use transparent proxy + traffic shaping together?
« on: September 22, 2011, 10:03:21 pm »
Hello! So I have upgraded my gateway machine to a Pentium 4 2.5Ghz + 2GB RAM. Also, I'm using Zentyal 2.2 i386 that was just recently released. This machine is basically serving as the gateway for my office's public wireless network. As such, I am trying to restrict traffic of certain non-essential types, and also attempting to use a proxy to completely forbid certain sites (and to block ads, nice feature!).
Here is how it works so far:
Using Trafficshaping + L7 Filters, I am able to catch and restrict certain types of content so that they don't work. For example, I can restrict internet video streaming traffic such that youtube.com loads fine just fine, however attempting to play a video will simply result in indefinite loading and never play. This is pretty much the result I am looking for: The site itself works fine, but the content I wish to block simply doesn't make it to the client machines. The restult: Trafficshaping works brilliantly for my intended purpose.
Now then, I also wanted the proxy to block ads from sites, and also forbid specific sites. I have also decided (simply because the option was there) to try blocking certain extensions as well (such as avi, mpeg, flv, ETC) and MIME types (although I really don't know what these do...)
Here's where things get complicated. It seems that once I enable the proxy, it over-rides the trafficshaping. So now, sites that I have forbidden are blocked, and ads are also correctly blocked, however any content that was previously caught by Trafficshaping is now let thru.. and also it seems that restricting certain MIME types and file extensions does nothing. For example, if I block all of the video MIME types, as well as flash video and all video extensions, youtube, netflix, and many other sites still continue to display video completely unfiltered or throttled.
Is there a way to all trafficshaping to work and ALSO use transparent proxy to block ads and certain urls?
Here is how it works so far:
Using Trafficshaping + L7 Filters, I am able to catch and restrict certain types of content so that they don't work. For example, I can restrict internet video streaming traffic such that youtube.com loads fine just fine, however attempting to play a video will simply result in indefinite loading and never play. This is pretty much the result I am looking for: The site itself works fine, but the content I wish to block simply doesn't make it to the client machines. The restult: Trafficshaping works brilliantly for my intended purpose.
Now then, I also wanted the proxy to block ads from sites, and also forbid specific sites. I have also decided (simply because the option was there) to try blocking certain extensions as well (such as avi, mpeg, flv, ETC) and MIME types (although I really don't know what these do...)
Here's where things get complicated. It seems that once I enable the proxy, it over-rides the trafficshaping. So now, sites that I have forbidden are blocked, and ads are also correctly blocked, however any content that was previously caught by Trafficshaping is now let thru.. and also it seems that restricting certain MIME types and file extensions does nothing. For example, if I block all of the video MIME types, as well as flash video and all video extensions, youtube, netflix, and many other sites still continue to display video completely unfiltered or throttled.
Is there a way to all trafficshaping to work and ALSO use transparent proxy to block ads and certain urls?
8
Installation and Upgrades / Re: hosts file and DNS resolution questions
« on: September 14, 2011, 09:17:42 pm »
So I decided to make a separate box specifically for content filtering... I installed traffic shaping and got it working perfectly, and then I configured my proxy settings, but as soon as I enable transparent proxy, traffic shaping ceases to function at all. So now I can block sites using the proxy, but I cannot use traffic shaping to restrict bandwidth on things like video streaming or P2P software...
Any ideas what I've done wrong? Or does Traffic shaping simply not work combined with transparent proxy?
Any ideas what I've done wrong? Or does Traffic shaping simply not work combined with transparent proxy?
9
Installation and Upgrades / Re: hosts file and DNS resolution questions
« on: September 06, 2011, 08:45:09 pm »Hi!
I'm not sure Zentyal is the best choice for you if you only need it to act as a router/firewall, especially on a PIII hardware.
I'd suggest you to drop an eye over "pfSense", which is a very powerful router based on freeBSD. Very easy to install and manage, very safe... A PIII PC is perfect to run it.
Have a look and test it with LiveCD : http://www.pfsense.org/
Well its not not only a firewall/router, but it also needs to be able to do some QOS, trafficshaping and packet filtering too. I read up real quick and pfSense does look interesting, but their site doesn't say much in the way of trafficshaping and stuff. Looks interesting, I'm gonna fire it up on a live cd on my laptop and test it out
10
Installation and Upgrades / Re: hosts file and DNS resolution questions
« on: September 06, 2011, 08:34:36 pm »Quote
1 - What are you trying to achieve? when you write "I have tried a few different options..." what did you try exactly. Using web browser? Sorry but I don't understand what you did.What I'm trying to achieve is simple in concept... perhaps not possible the way I was told it should work. I am trying to make basically a single central 'hosts' file for the whole network. One I can use to block ads, certain sites, and when I need to update it, I only update the one hosts file on the server and it affects the way ALL OTHER MACHINES on the network resolve those addresses. Somebody informed me that this is as simple as placing the hosts file in the correct folder and enabling DNS on a Windows 2003 server, then using that Windows 2003 server as the DNS server for the network. I assumed that DNS was DNS and thus it should work the same way here too.... either I was totally misinformed and you cannot use a "central hosts file" on a DNS server, or it simply doesn't work the same way on Zentyal as it does in Windows 2003 DNS server..
Quote
2 - something perhaps misleading in my previous answer: DNS uses ... DNS. This looks like a stupid comment but this means to say that updating hosts file on Zentyal will not impact the way machines on LAN using Zentyal DNS as DNS will resolve names and IPs. NSS permits to control how local services are behaving. This means that HTTP PROXY will use first /etc/hosts then DNS thus clients using proxy will benefit from this but if you request DNS server, it will use DNS... (NSS controls "host" service, not DNS). This is maybe why your test failed?I think you may be on the right track.... I am starting to think that perhaps my original idea of a single hosts file for the network isn't going to work... or at least not in this way. The local server already used the hosts file just fine and blocked the sites as it should... I want this same behavior to apply to all local machines on this network too.
11
Installation and Upgrades / Re: hosts file and DNS resolution questions
« on: September 01, 2011, 09:05:24 pm »
thanks christian.
I decided to take both of your combined advice into consideration, so I uninstalled trafficshaping and l7 filter modules, and installed 'groups and users' and the proxy service.
I configured it, and it does work, when I was testing it alone... but like I figured the machine simply doesn't have the resources available and the whole "filtered" segment of the network came crumbling down to the point of total unreliability as soon as we started getting a few users attempting to use the web at the same time...
It seems that until I upgrade to a better machine, the hosts file method will have to suffice. I went into the DNS service on the web GUI and looked for an option to resolve to hosts file before internet nameservers... couldn't find it. Is this something I will need to edit in the nsswitch.conf file or something?
**edit**
So I went and looked at the nsswitch.conf file, the hosts line already was filled with files first, then dns as the default setting, which is as I figured it would have been. I have tried a few different options, for example using 127.0.0.1, as well as an arbitrary non-functional IP on the network for example 10.10.0.255 which is a valid local ip but no machine is located at that address.... neither worked. It appears the DNS server is still using external name servers rather than simply passing to clients the IP found in the hosts file..
Any ideas? If not, its back to square one I guess....
I have another older machine that isn't being used.... an Athlon XP @ 2.2ghz with 1GB of DDR400... definitely a large step up from the pentium 3 box I described above which I'm currently using.... I might be able to get that machine prepped to be my new "router/proxy/traffic shaping" machine. I am hoping that this machine would be able to run all of these services effectively. My current issue with the P3 box (besides the DNS thing) is that while traffic shaping works well on the designated interfaces, it does effectively reduce bandwidth BETWEEN my internal networks to a max of a couple MB/sec... still enough to let intranetwork tasks like printing work well enough, but not good for transferring files and such. I guess this machine just doesn't have the needed resources to do its job.
I decided to take both of your combined advice into consideration, so I uninstalled trafficshaping and l7 filter modules, and installed 'groups and users' and the proxy service.
I configured it, and it does work, when I was testing it alone... but like I figured the machine simply doesn't have the resources available and the whole "filtered" segment of the network came crumbling down to the point of total unreliability as soon as we started getting a few users attempting to use the web at the same time...
It seems that until I upgrade to a better machine, the hosts file method will have to suffice. I went into the DNS service on the web GUI and looked for an option to resolve to hosts file before internet nameservers... couldn't find it. Is this something I will need to edit in the nsswitch.conf file or something?
**edit**
So I went and looked at the nsswitch.conf file, the hosts line already was filled with files first, then dns as the default setting, which is as I figured it would have been. I have tried a few different options, for example using 127.0.0.1, as well as an arbitrary non-functional IP on the network for example 10.10.0.255 which is a valid local ip but no machine is located at that address.... neither worked. It appears the DNS server is still using external name servers rather than simply passing to clients the IP found in the hosts file..
Any ideas? If not, its back to square one I guess....
I have another older machine that isn't being used.... an Athlon XP @ 2.2ghz with 1GB of DDR400... definitely a large step up from the pentium 3 box I described above which I'm currently using.... I might be able to get that machine prepped to be my new "router/proxy/traffic shaping" machine. I am hoping that this machine would be able to run all of these services effectively. My current issue with the P3 box (besides the DNS thing) is that while traffic shaping works well on the designated interfaces, it does effectively reduce bandwidth BETWEEN my internal networks to a max of a couple MB/sec... still enough to let intranetwork tasks like printing work well enough, but not good for transferring files and such. I guess this machine just doesn't have the needed resources to do its job.
12
Installation and Upgrades / Re: hosts file and DNS resolution questions
« on: September 01, 2011, 01:23:26 am »
Thanks for the reply Marcus,
currently NOT using the proxy...
Here's my concern: I have basically re-purposed an old Pentium3 machine into a router, and I am worried that it doesn't have enough power to run all the services I require. Its running on a 150mhz bus and memory speed, 256MB of RAM and 1050mhz Pentium3 (still runs overclocked rock stable after like 13 years!)
Currently I am running the following modules:
-Networking
-Network Objects
-Firewall
-Traffic Shaping
-L7 Filter
-ebox Software
-Monitor
-Logs
With the currently installed modules, Zentyal's utilization is still pretty low.. Monitor shows the router's utilization averaging ~0.50 while actively connected to the control panel, and ~0.25 average when its just doing its thing... However the memory is mostly filled most of the time...
Do you think the computer is capable of handling a proxy? My understanding is that a properly functioning proxy would require a machine with quite a bit more memory.... what do you think?
Is there no way of having the DNS server on the Zentyal box use its hosts file first when resolving URLs for connected clients?
Most people using the web here don't know how to modify a hosts file, or even really know what it is... so, while a concern for the long run, at the moment it would do the trick while I have time to get a beefier computer to replace this one.
currently NOT using the proxy...
Here's my concern: I have basically re-purposed an old Pentium3 machine into a router, and I am worried that it doesn't have enough power to run all the services I require. Its running on a 150mhz bus and memory speed, 256MB of RAM and 1050mhz Pentium3 (still runs overclocked rock stable after like 13 years!)
Currently I am running the following modules:
-Networking
-Network Objects
-Firewall
-Traffic Shaping
-L7 Filter
-ebox Software
-Monitor
-Logs
With the currently installed modules, Zentyal's utilization is still pretty low.. Monitor shows the router's utilization averaging ~0.50 while actively connected to the control panel, and ~0.25 average when its just doing its thing... However the memory is mostly filled most of the time...
Do you think the computer is capable of handling a proxy? My understanding is that a properly functioning proxy would require a machine with quite a bit more memory.... what do you think?
Is there no way of having the DNS server on the Zentyal box use its hosts file first when resolving URLs for connected clients?
Most people using the web here don't know how to modify a hosts file, or even really know what it is... so, while a concern for the long run, at the moment it would do the trick while I have time to get a beefier computer to replace this one.
13
Installation and Upgrades / hosts file and DNS resolution questions
« on: August 30, 2011, 08:29:55 pm »
First off, I am using Zentyal 2.0, installed from the most recent CD ISO and updated to the most recent versions of all installed packages.
I noticed that there is no way to manage the hosts file from within the Web GUI, so I went on to the actual console and created a new hosts file for ad-blocking purposes, and to block certain web sites that I do not want employees to have access too while at work.
I opened up terminal, moved to the /etc folder, and used the following command to edit the hosts file
I put in all the necessary lines to resolve all desired URLs to 127.0.0.1, saved the hosts file, and then reset Zentyal and all client machines...
Unfortunately, it seems that it did not work as expected, and all client machines using Zentyal to resolve DNS names still manage to access the sites which I had hoped to block.
Anybody know where I went wrong??
I noticed that there is no way to manage the hosts file from within the Web GUI, so I went on to the actual console and created a new hosts file for ad-blocking purposes, and to block certain web sites that I do not want employees to have access too while at work.
I opened up terminal, moved to the /etc folder, and used the following command to edit the hosts file
Code: [Select]
sudo leafpad hosts
I put in all the necessary lines to resolve all desired URLs to 127.0.0.1, saved the hosts file, and then reset Zentyal and all client machines...
Unfortunately, it seems that it did not work as expected, and all client machines using Zentyal to resolve DNS names still manage to access the sites which I had hoped to block.
Anybody know where I went wrong??
14
Installation and Upgrades / Re: Zentyal 2.0.1 Port Forward problems
« on: September 22, 2010, 11:46:30 pm »
I removed all Zentyal software that uses squid with the software manager, however it didn't actually remove or disable anything.... it just removed it from the Zentyal UI so I can no longer change any settings.
So now Zentyal tells me that these modules aren't installed and I can't configure them anymore from the UI, but when I can see that squid still starts up by watching the console screen when the Zentyal box boots. So there is a problem with the software module. Cause its not actually disabling or removing software from the machine... only removes it from the Zentyal interface but the packages stay installed and active (and misconfigured, leading the whole box not to work properly).
Also, once packages are uninstalled, the software module will not re-install them if I ask it to. It says it installed and restarts Zentyal yet the software silently fails to install and doesn't show up in Zentyal again.
I have tried completely re-downloading the install media and re-installing the whole system and it still fails to properly work.
I got sick of these problems and have reverted back to Ebox 1.4-2 (ebox core vers 1.4.9). Not only does Ebox seem to work correctly, its also MUCH faster on the same hardware as compared to Zentyal. It honestly seems to me that Zentyal was rushed together for its September 1st release date when it wasn't ready. Or at least it doesn't work well on MY hardware.... Ebox 1.4 still runs perfect as it always used to....
I guess I'll try Zentyal again once the next update is released, but in its current form it just doesn't seem to work right.
So now Zentyal tells me that these modules aren't installed and I can't configure them anymore from the UI, but when I can see that squid still starts up by watching the console screen when the Zentyal box boots. So there is a problem with the software module. Cause its not actually disabling or removing software from the machine... only removes it from the Zentyal interface but the packages stay installed and active (and misconfigured, leading the whole box not to work properly).
Also, once packages are uninstalled, the software module will not re-install them if I ask it to. It says it installed and restarts Zentyal yet the software silently fails to install and doesn't show up in Zentyal again.
I have tried completely re-downloading the install media and re-installing the whole system and it still fails to properly work.
I got sick of these problems and have reverted back to Ebox 1.4-2 (ebox core vers 1.4.9). Not only does Ebox seem to work correctly, its also MUCH faster on the same hardware as compared to Zentyal. It honestly seems to me that Zentyal was rushed together for its September 1st release date when it wasn't ready. Or at least it doesn't work well on MY hardware.... Ebox 1.4 still runs perfect as it always used to....
I guess I'll try Zentyal again once the next update is released, but in its current form it just doesn't seem to work right.
15
Installation and Upgrades / Re: Zentyal 2.0.1 Port Forward problems
« on: September 17, 2010, 09:16:28 am »
Do you have any idea which modules rely on squid so I can disable them and hopefully bypass the problem?
I was under the assumption that squid was primarily part of the traffic shaping module. When I disable traffic shaping and leave only Network, Objects, Firewall, DNS and Monitor enabled, I'm still not able to get traffic to pass.
I was under the assumption that squid was primarily part of the traffic shaping module. When I disable traffic shaping and leave only Network, Objects, Firewall, DNS and Monitor enabled, I'm still not able to get traffic to pass.
Pages: [1] 2