Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: Maarten on January 25, 2008, 10:07:33 am
-
Hi,
Since I installed Ebox (I love it by the way) I could not make external connections. I mean no connections outside my internal network are possbile. For example upgrading is not possbile, ping etc
This is my network interfaces file# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.1.1
dns-search zion
Do you have any suggestions to help me?
Thanks!
Maarten
-
The firewall module is very restrictive by default for security reasons.
If you want to allow connections from your eBox to outside you will need to add a firewall rule.
Go to firewall -> traffic coming out from eBox
Make sure that your network configuration is ok and you have at least a reachable gateway and a dns server installed.
-
Thanks I looked in the firewall section
With Filtering rules for internet access I get :
The following controls are disabled because they would not affect your system if you hadn't any network interface marked as external
I tried once to tick the box external with network configuration but then I could not reach the server anymore.
What should I do?
Thank you!
-
If you only have a single network interface, eBox cannot be used as gateway. Take a look to these scenarios for more info [1],
I hope this helps
[1] http://trac.ebox-platform.com/wiki/Document/HowTo/SetUpNetworkScenario
-
Hi,
I have a similar problem where I believe I clicked the external check box while configuring ebox and now the host is unreachable.
I tried looking at that link but its asking me for a user name and password for access.
What would be the simplest way to reset the eth0 connection to DHGP from the command line?
Thanks
-
Javi send me a solution a time ago on the mailinglist for the external checkbox probleem
If you have ssh access and you want to temporarily grant access to your web interfaces execute this:
iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
This way you will have access to the web interface and you will be able to configure the network again.
By the way you can also give the command offcourse when you have a keyboard and a monitor to the server.
I also have problems getting into the wiki so I can't solve my problem.
-
Sorry. It is http not https. Now you should be able to access... :)
-
Thanks I looked at the document but I don't think it can help me.
My server cannot even upgrade. It cannot connect to the internet. I thought that in a default install that should be possible?
My server is standalone, I do not use it as a gateway or something.
What the document refers to as Scenario 2
-
Not to make things more simplistic than they might be, but have you tried just adding a simple allow all rule for the internal networks?
-
Your version is newer than mine (because I cannot upgrade).
I have three options in the firewall section packet filter section
-Rules for internet access (I think I need this one) I get the error:The following controls are disabled because they would not affect your system if you hadn't any network interface marked as external
-Ebox services: Is configuring access tot SSH en LDAP, they are all on.
-Filtering Rules between internal networks: I tried this one (although I know it's internal and allowed evrything but still the same problems.
Your screenshot is off the first one isn't it?
-
Maybe you can manually grant access to the www, upgrade and then proceed to add the rule for internet access in the upgraded firewall module.
In your shell type:
iptables -I OUTPUT 1 -p tcp --dport 80 -j ACCEPT
Then do the upgrade and proceed as Javi pointed out
-
Thank you
This is what I did:
maarten@trinity:~$ ssh root@192.168.1.100
Password:
Last login: Mon Jan 28 09:01:17 2008 from 192.168.1.102
oracle:~# iptables -I OUTPUT 1 -p tcp --dport 80 -j ACCEPT
oracle:~# sudo apt-get upgrade
Reading Package Lists... Done
Building Dependency Tree... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
W: Couldn't stat source package list http://ebox-platform.com ebox/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_ebox_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com extra/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_extra_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com main/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_main_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com security/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_security_Packages) - stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems
oracle:~# sudo apt-get upgrade
Reading Package Lists... Done
Building Dependency Tree... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
W: Couldn't stat source package list http://ebox-platform.com ebox/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_ebox_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com extra/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_extra_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com main/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_main_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com security/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_security_Packages) - stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems
And then I tried apt-get update
oracle:~# apt-get update
Err http://ebox-platform.com ebox/ Packages
Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com ebox/ Release
Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com extra/ Packages
Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com extra/ Release
Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com main/ Packages
Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com main/ Release
Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com security/ Packages
Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Err http://ebox-platform.com security/ Release
Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/stable/ebox/Packages.gz Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/stable/ebox/Release Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/stable/extra/Packages.gz Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/stable/extra/Release Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/sarge/stable/main/Packages.gz Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/sarge/stable/main/Release Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/sarge/stable/security/Packages.gz Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Failed to fetch http://ebox-platform.com/debian/sarge/stable/security/Release Could not connect to ebox-platform.com:80 (216.32.91.65). - connect (113 No route to host)
Reading Package Lists... Done
W: Couldn't stat source package list http://ebox-platform.com ebox/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_ebox_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com extra/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_stable_extra_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com main/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_main_Packages) - stat (2 No such file or directory)
W: Couldn't stat source package list http://ebox-platform.com security/ Packages (/var/lib/apt/lists/ebox-platform.com_debian_sarge_stable_security_Packages) - stat (2 No such file or directory)
W: You may want to run apt-get update to correct these problems
E: Some index files failed to download, they have been ignored, or old ones used instead.
Any suggestions? Thanks!
-
You must set up a nameserver to resolve from. To do so, go to Network -> DNS and set at least a nameserver. Then, save changes and from command prompt, run the iptables command and an upgrade.
-
Thanks, but no success there. Like all the other machines on my network 192.168.1.1 was the DNS server. I also tried the DNS servers of my internet host but the same problems as before.
-
well, seeing you output it seems that you have name resolution but you can't do the http connection.
You can try to do a 'ping -c 3 www.ebox-platform.com', if the ping fails you have routing problems, if it succeeds maybe you are behind a firewall.
-
I tried ping a few times and this time also the same output
oracle:~# ping -c 3 www.ebox-platform.com
ping: unknown host www.ebox-platform.com
oracle:~#
The strange thing is that every computer on the network works except this one and only to the internet.
-
Obviously I was wrong and you don't have name resolution.
Are you sure you have the name server set as sixstone said?
If this is your case I suggest you check the contents of the /etc/resolv.conf file.
-
Hi I attached a screenshot of my nameserver setting and the /etc/resolv.conf file. It looks okay to me
-
Hi.
I'm having the same problem as Maarten here.
I just installed ebox today, and can ping every machine on my network except my gateway (a belkin wireless router).
I am only running this as a local fileserver & email server. So I'm not really concerned about it as a firewall, gateway, etc.
So, I can access the email server locally, and ping every box on my network except the gateway, and naturally can't get to the internet to update, etc.
I'm attaching a screenshot of my firewall rule.
Any help here is appreciated.
-john
-
Hi Jabster, welcome to the club ;)
I can ping my local nameserver/gateway (192.168.1.1) you can't I see?
-
Ah.
So not quite the same problem.
Other info: eth0 is a PCI NIC, I do have a eth1 on board the MB (it's an old box, and I think the onboard didn't work with linux when I originally setup the box up ages ago). eth1 is not enabled.
I also seem to recall the box going online during the install process. I had the network cable plugged into eth0 when I started the install, but it couldn't get a DHCP address, so I switched to eth1 for the rest of the install.
Maybe reinstall, with the cable never plugged into eth1? Or pull the PCI card out?
Not being able to ping only one box on my network is rather annoying.
thanks,
john
-
That can indeed be the problem with you. I disabled my internal NIC and used an external network card (gigabit).
I don't know if you have much data on your server. Otherwise a reinstall should solve the problem for sure without much trouble.
-
Well, that wasn't the problem.
I disabled the onboard NIC, and reinstalled ebox.
Still, I can ping everything on my network EXCEPT the gateway (192.168.100.1). And naturally, can't get to the internet.
Everyother box can get to and thru the gateway. Why can't this one box?
-john
-
I'm gorram stupid.
I had MAC address filtering enabled on my router.
I was thinking that was only for wireless connections, but it's for ALL connections, including wired. I started going thru my router settings heading by heading, and when the MAC filtering screen came up, I realized the problem.
<smacks head>
It's working now.
-john
-
hahaha well at leatst your problem is solved ;)
-
Is there anybody else who has an idea to help me?
-
Last bump :-[
With ping I get
connect: Network is unreachable
But name resolution says:
; <<>> DiG 9.2.4 <<>> +time=3 debian.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13343
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;debian.net. IN A
;; ANSWER SECTION:
debian.net. 3596 IN A 192.25.206.10
;; Query time: 26 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Feb 20 23:34:07 2008
;; MSG SIZE rcvd: 44
So name resolution does not seem to be the problem.
-
The external connection problem is solved! Thanks to the guys on the debian forum. But I now have another problem see http://forum.eboxplatform.com/index.php?topic=148.0
-
Hi Maarten, could you tell us what was the solutions of your problem? or a link where find that?
I had thougth that your problem was with route tables and default gateway on your Ebox server.
This was one solution:
# route add default gw IP_DIR_OF_GATEWAY_OF_LAN
Or this was other one:
Ebox Web Administrator -> Network -> Gateways
-
Hi,
I'm sorry I thought I pasted the link to the debianforums in the topic
http://forums.debian.net/viewtopic.php?t=24224&highlight=
After
Try w/o those last two lines about nameservers.
Normally all you need for static ip is the address and netmask, especially when using a router, which handles all the other stuff.
Also, try replacing auto eth0 with allow-hotplug eth0
Also, your router has to be configured to allow static ip assignment. Some routers are cranky about this
and after that ifdown eth0
ifup eth0 evrything worked