Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Zentyal 3.5 as a Gen2 Hyper-V guest OS?
« on: July 25, 2014, 09:46:06 pm »
I tried with Zentyal 3.4 a few months back and was unable to get it to boot and install as a Hyper-V Gen2 virtual machine.
I have an Ubuntu 14.04 server set up as a Gen2 VM which seems to run just fine, and I installed it from the ISO provided on their website. Because Zentyal 3.5 is built on top Ubuntu 14.04 Server, I am assuming I should be able to get a Zentyal 3.5 Gen2 VM up and running?
Has anybody had any experience with this yet?
I have an Ubuntu 14.04 server set up as a Gen2 VM which seems to run just fine, and I installed it from the ISO provided on their website. Because Zentyal 3.5 is built on top Ubuntu 14.04 Server, I am assuming I should be able to get a Zentyal 3.5 Gen2 VM up and running?
Has anybody had any experience with this yet?
2
Installation and Upgrades / proxy configuration, zentyal 2.2
« on: October 04, 2011, 09:32:50 pm »
Zentyal 2.2, Pentium 4 3.0ghz, 2GB RAM
I am wondering what you guys would recommend for configuring my proxy. There will be about 50 users going thru the proxy for internet only, all other higher bandwidth local area traffic is running thru another router. I wish to use the proxy for denying access to specific URLs, and for blocking Ads only.. I have decided not to use the content filter in the proxy, I would like to use Traffic Shaping and L7 filter instead as it has provided better results so far at stopping streaming video and P2P traffic. Is this an appropriate way to accomplish my objective?
Also, with approx. 50 users using the net with Ad Blocking enabled, what would you recommend I set the cache size to? Its at 100MB right now. I've also tried 50MB and 250MB and wasn't able to notice a difference, but it was after hours and there were no users besides myself at that particular moment. Is there a standard rule of thumb for determining the most appropriate cache size?
I am wondering what you guys would recommend for configuring my proxy. There will be about 50 users going thru the proxy for internet only, all other higher bandwidth local area traffic is running thru another router. I wish to use the proxy for denying access to specific URLs, and for blocking Ads only.. I have decided not to use the content filter in the proxy, I would like to use Traffic Shaping and L7 filter instead as it has provided better results so far at stopping streaming video and P2P traffic. Is this an appropriate way to accomplish my objective?
Also, with approx. 50 users using the net with Ad Blocking enabled, what would you recommend I set the cache size to? Its at 100MB right now. I've also tried 50MB and 250MB and wasn't able to notice a difference, but it was after hours and there were no users besides myself at that particular moment. Is there a standard rule of thumb for determining the most appropriate cache size?
3
Installation and Upgrades / need eBox-Platform 1.4-2 ISO
« on: October 03, 2011, 07:28:56 pm »
I cannot find a place to download the older eBox-Platform 1.4-2 ISO. My original CD is scratched to the point of uselessness and the ISO file I originally downloaded has gotten corrupted somehow and won't burn to a new CD. Can anybody help me locate a copy of the eBox-Platform 1.4-2 ISO for download so I can repair a machine running that version?
4
Installation and Upgrades / Firewall rules not working
« on: September 23, 2011, 12:06:39 pm »
I recently upgraded my firewall from Zentyal 2.0 to Zentyal 2.2, and I'm having a problem with certain firewall rules not working. Has there been a change in the way Zentyal interprets firewall rules between 2.0 and 2.2? Help! Sorry for the lengthy post, but I want to be specific so you know exactly what I've done so far. Here's the situation:
This Zentyal 2.2 box sits in between our "perimeter" network and our "internal" network. Our perimeter network is 10.10.10.0/23, our external interface has an IP on this network. The internal network is 10.10.20.0/23 and the internal interface is the gateway for this network and is IP 10.10.20.1.
The modules installed are DNS, Firewall, Objects, Services, and Monitoring, Installed fresh from CD.
Previously, i could set up an object called "Network Printers" with the IPs of all the networked printers on the internal network. We have a few devices on the external network (a perimeter really, which includes all our wireless devices) which need to print. I would then create another group called "Allowed to print" or something similar which contained all the IP addresses of those clients who have ability to print through the firewall.
Next I would go to the firewall, to the "External networks to Internal Networks" section. I would then make a rule that says Allow any TCP traffic from group "Allowed to Print" to pass to printers on the internal network in the group "Network Printers"
Doing it in this manner has always worked before from ebox 1.4 through Zentyal 2.0 just fine, unless I am missing something and just can't remember it. I also have similar rules set up which allow my tablet on the wireless network (on the external side of Zentyal) to pass through the firewall to access remote desktop on a few of the servers we have on the internal network. These rules also also not working, and my traffic is stopped at the firewall and not passed to the desired machines on the internal network.
Just to be sure something was not working correctly, I created a rule at the top of the list which said to pass any traffic from the external network to any destination on the internal network, and still no traffic will pass.
Can anybody else help me out, or duplicate the issue if its a bug? Thanks!
-Andy
This Zentyal 2.2 box sits in between our "perimeter" network and our "internal" network. Our perimeter network is 10.10.10.0/23, our external interface has an IP on this network. The internal network is 10.10.20.0/23 and the internal interface is the gateway for this network and is IP 10.10.20.1.
The modules installed are DNS, Firewall, Objects, Services, and Monitoring, Installed fresh from CD.
Previously, i could set up an object called "Network Printers" with the IPs of all the networked printers on the internal network. We have a few devices on the external network (a perimeter really, which includes all our wireless devices) which need to print. I would then create another group called "Allowed to print" or something similar which contained all the IP addresses of those clients who have ability to print through the firewall.
Next I would go to the firewall, to the "External networks to Internal Networks" section. I would then make a rule that says Allow any TCP traffic from group "Allowed to Print" to pass to printers on the internal network in the group "Network Printers"
Doing it in this manner has always worked before from ebox 1.4 through Zentyal 2.0 just fine, unless I am missing something and just can't remember it. I also have similar rules set up which allow my tablet on the wireless network (on the external side of Zentyal) to pass through the firewall to access remote desktop on a few of the servers we have on the internal network. These rules also also not working, and my traffic is stopped at the firewall and not passed to the desired machines on the internal network.
Just to be sure something was not working correctly, I created a rule at the top of the list which said to pass any traffic from the external network to any destination on the internal network, and still no traffic will pass.
Can anybody else help me out, or duplicate the issue if its a bug? Thanks!
-Andy
5
Installation and Upgrades / How to use transparent proxy + traffic shaping together?
« on: September 22, 2011, 10:03:21 pm »
Hello! So I have upgraded my gateway machine to a Pentium 4 2.5Ghz + 2GB RAM. Also, I'm using Zentyal 2.2 i386 that was just recently released. This machine is basically serving as the gateway for my office's public wireless network. As such, I am trying to restrict traffic of certain non-essential types, and also attempting to use a proxy to completely forbid certain sites (and to block ads, nice feature!).
Here is how it works so far:
Using Trafficshaping + L7 Filters, I am able to catch and restrict certain types of content so that they don't work. For example, I can restrict internet video streaming traffic such that youtube.com loads fine just fine, however attempting to play a video will simply result in indefinite loading and never play. This is pretty much the result I am looking for: The site itself works fine, but the content I wish to block simply doesn't make it to the client machines. The restult: Trafficshaping works brilliantly for my intended purpose.
Now then, I also wanted the proxy to block ads from sites, and also forbid specific sites. I have also decided (simply because the option was there) to try blocking certain extensions as well (such as avi, mpeg, flv, ETC) and MIME types (although I really don't know what these do...)
Here's where things get complicated. It seems that once I enable the proxy, it over-rides the trafficshaping. So now, sites that I have forbidden are blocked, and ads are also correctly blocked, however any content that was previously caught by Trafficshaping is now let thru.. and also it seems that restricting certain MIME types and file extensions does nothing. For example, if I block all of the video MIME types, as well as flash video and all video extensions, youtube, netflix, and many other sites still continue to display video completely unfiltered or throttled.
Is there a way to all trafficshaping to work and ALSO use transparent proxy to block ads and certain urls?
Here is how it works so far:
Using Trafficshaping + L7 Filters, I am able to catch and restrict certain types of content so that they don't work. For example, I can restrict internet video streaming traffic such that youtube.com loads fine just fine, however attempting to play a video will simply result in indefinite loading and never play. This is pretty much the result I am looking for: The site itself works fine, but the content I wish to block simply doesn't make it to the client machines. The restult: Trafficshaping works brilliantly for my intended purpose.
Now then, I also wanted the proxy to block ads from sites, and also forbid specific sites. I have also decided (simply because the option was there) to try blocking certain extensions as well (such as avi, mpeg, flv, ETC) and MIME types (although I really don't know what these do...)
Here's where things get complicated. It seems that once I enable the proxy, it over-rides the trafficshaping. So now, sites that I have forbidden are blocked, and ads are also correctly blocked, however any content that was previously caught by Trafficshaping is now let thru.. and also it seems that restricting certain MIME types and file extensions does nothing. For example, if I block all of the video MIME types, as well as flash video and all video extensions, youtube, netflix, and many other sites still continue to display video completely unfiltered or throttled.
Is there a way to all trafficshaping to work and ALSO use transparent proxy to block ads and certain urls?
6
Installation and Upgrades / hosts file and DNS resolution questions
« on: August 30, 2011, 08:29:55 pm »
First off, I am using Zentyal 2.0, installed from the most recent CD ISO and updated to the most recent versions of all installed packages.
I noticed that there is no way to manage the hosts file from within the Web GUI, so I went on to the actual console and created a new hosts file for ad-blocking purposes, and to block certain web sites that I do not want employees to have access too while at work.
I opened up terminal, moved to the /etc folder, and used the following command to edit the hosts file
I put in all the necessary lines to resolve all desired URLs to 127.0.0.1, saved the hosts file, and then reset Zentyal and all client machines...
Unfortunately, it seems that it did not work as expected, and all client machines using Zentyal to resolve DNS names still manage to access the sites which I had hoped to block.
Anybody know where I went wrong??
I noticed that there is no way to manage the hosts file from within the Web GUI, so I went on to the actual console and created a new hosts file for ad-blocking purposes, and to block certain web sites that I do not want employees to have access too while at work.
I opened up terminal, moved to the /etc folder, and used the following command to edit the hosts file
Code: [Select]
sudo leafpad hostsI put in all the necessary lines to resolve all desired URLs to 127.0.0.1, saved the hosts file, and then reset Zentyal and all client machines...
Unfortunately, it seems that it did not work as expected, and all client machines using Zentyal to resolve DNS names still manage to access the sites which I had hoped to block.
Anybody know where I went wrong??
7
Installation and Upgrades / Zentyal 2.0.1 Port Forward problems
« on: September 14, 2010, 01:22:36 am »
Forgive me if this is basic, but I did look in the forum and didn't find my answer. I just switched from Ebox 1.4-1 to Zentyal 2.0-1. So far, everything is great except my port forwards. I don't know if I overlooked something simple, I cannot get a simple port forward to work.
I have already configured my firewall rules for internal networks, and those rules seem to work just fine. Previously, I don't recall having to add any rules in the "External to Internal Networks" list, or in the "External Networks to Zentyal" list. I simply added my port forward in that section and it worked.
This time with Zentyal 2.0 installed, I added my port forward rules and I get a message "connection refused" when attempting to connect to a computer on the internal network from over the internet. Does anybody know how to fix?
For testing, I added a rule to pass all traffic from external to zentyal, pass all traffic coming out of zentyal, and pass all traffic from external to internal... still refusing my connection attempt. Any ideas?
I have already configured my firewall rules for internal networks, and those rules seem to work just fine. Previously, I don't recall having to add any rules in the "External to Internal Networks" list, or in the "External Networks to Zentyal" list. I simply added my port forward in that section and it worked.
This time with Zentyal 2.0 installed, I added my port forward rules and I get a message "connection refused" when attempting to connect to a computer on the internal network from over the internet. Does anybody know how to fix?
For testing, I added a rule to pass all traffic from external to zentyal, pass all traffic coming out of zentyal, and pass all traffic from external to internal... still refusing my connection attempt. Any ideas?
8
Installation and Upgrades / unable to get two ebox machines to pass traffic
« on: April 02, 2010, 01:01:24 am »
I have two ebox machines, both version 1.4-1. #1 is a gateway, with 2 lan subnets, one for PCs and one for communications with ebox machine #2. Both lan interfaces have static IPs, lan1 is internal, is 10.2.2.1/23. lan2 is also internal, IP is 10.2.4.1/23. DCHP server is enabled on both interfaces to pass out IPs to client PCs (or to the other ebox machine)
machine #2 has 3 lan subnets:
lan2.1 has a dynamic IP, set to internal since it is, it receives its IP from machine #1, currently 10.2.4.2/23. It sucessfully receives an IP from ebox machine #1.
lan3 is internal, static IP 10.2.6.1/23, DHCP server is enabled.
lan4 is internal, static IP 10.2.8.1/23, DHCP server enabled
All of the internal networks can communicate just fine if they are all connected to one ebox machine. However, ebox machine 1 and 2 wont talk to each other. Ebox#2 will successfully obtain a correct IP address from #1, and the correct information for ebox machine #1 shows up in the gateways section... however I cannot ping #1 from #2 or vice versa, nor can I ping any of the internal networks connected to the other machine. Internet traffic will not pass from machine #1 to the networks on machine #2.
Just to make sure the firewall wasn't getting in the way, I disabled it on both machines so that all traffic should be allowed in or out of either machine... still no luck. Any suggestions?
machine #2 has 3 lan subnets:
lan2.1 has a dynamic IP, set to internal since it is, it receives its IP from machine #1, currently 10.2.4.2/23. It sucessfully receives an IP from ebox machine #1.
lan3 is internal, static IP 10.2.6.1/23, DHCP server is enabled.
lan4 is internal, static IP 10.2.8.1/23, DHCP server enabled
All of the internal networks can communicate just fine if they are all connected to one ebox machine. However, ebox machine 1 and 2 wont talk to each other. Ebox#2 will successfully obtain a correct IP address from #1, and the correct information for ebox machine #1 shows up in the gateways section... however I cannot ping #1 from #2 or vice versa, nor can I ping any of the internal networks connected to the other machine. Internet traffic will not pass from machine #1 to the networks on machine #2.
Just to make sure the firewall wasn't getting in the way, I disabled it on both machines so that all traffic should be allowed in or out of either machine... still no luck. Any suggestions?
9
Installation and Upgrades / dhcp module fails to start
« on: March 31, 2010, 08:32:38 pm »
Using Ebox 1.4-1, new full install.
I am trying to setup a multi-WAN, multi-subnet network with 2 ebox machines. Each machine has 4 network cards. The machines are older 800mhz Pentium3s with 512MB RAM.
On both machine I select the modules I want. I select Network, DHCP, DNS, Firewall, Traffic Shaping, Graphical Console, DMZ and NAT, and Monitor.
On both machines, DHCP service sill not start. On default, it is disabled. I re-enable it and start it, however it will not start regardless of what I do. I can still configure the DHCP server, but just cant actually start it.
Any ideas why it won't start?
I am trying to setup a multi-WAN, multi-subnet network with 2 ebox machines. Each machine has 4 network cards. The machines are older 800mhz Pentium3s with 512MB RAM.
On both machine I select the modules I want. I select Network, DHCP, DNS, Firewall, Traffic Shaping, Graphical Console, DMZ and NAT, and Monitor.
On both machines, DHCP service sill not start. On default, it is disabled. I re-enable it and start it, however it will not start regardless of what I do. I can still configure the DHCP server, but just cant actually start it.
Any ideas why it won't start?
Pages: [1]