Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
Installation and Upgrades / Re: wan load balancing failover and dns
« on: November 07, 2013, 07:23:51 pm »
Christian, Bretton, if you could join me in a skype session would be great since this is a more in depth discussion and maybe we can make some sort of documentation or recipie or how-to so that other users can benefit from it.
if you can PM me your skype id's i will be glad to continue this talk.
Best regards
Bogdan
if you can PM me your skype id's i will be glad to continue this talk.
Best regards
Bogdan
17
Installation and Upgrades / Re: wan load balancing failover and dns
« on: November 07, 2013, 06:05:59 pm »
ufff... 
Ok let me explain a little.
The "outside":
the domain is declared at TLD with the two IP's as nameservers for my domain.
I have two ISP's that have given me two public IP's.
Zentyal is used for the following roles:
DNS; Mail; Webserver; Gateway;
at the network section of zentyal i've declared:
Eth 1 - IP from isp1
Eth 2 - IP from isp2
Eth 0 - Lan ip;
Enabled the wan failover monitor;
Declared the primary gateway from isp1;
Enable load balance on external interfaces with 50/50;
On the DNS section of zentyal:
Create the domain.com;
Add both ip's from ISP to the domain.com;
Add the forwarders from my ISP;
in the host section of the domain (SRV01) i've added the two IP's
In alias section i've added the proper aliases.
Then configured the firewall and that was it ... more or less:)
But now i have wan fail over for my lan subnet.
and the server is reachable from each ISP because it is responding with two IP when domain is asked.
For the rDNS i've asked the IPS's help so that the ip's alocated to me will resove properly on their end. so for example a traceroute will resolve to the proper ip/name from my ISP. (i'm not well versed in rDNS and FCrDNS so that's why i've asked for their help)
I know what BGP stands for and is not so easily to implement. A few years i've did (with outside help of course since i'm not all-knowing ) a BGP configuration with AS and everything, but that was when i needed proper load balancing between 4 ISP and it was for a small neighborhood and I was the local ISP. But this is not the case and Zentyal is perfect for rr loadbalance.
I have both HA for reaching the servers on different isp and wan failover for LAN side.
The round robin is done internaly by zentyal you however can specify if you want, how much of the total queries can be on put on one interface and how much on the other.
My DNS setup is done correct (i hope:) ) on my end but the rdns i've asked for help on my ISP (not registrar since it is registered ar TLD)
Best regards
Bogdan
Ok let me explain a little.
The "outside":
the domain is declared at TLD with the two IP's as nameservers for my domain.
I have two ISP's that have given me two public IP's.
Zentyal is used for the following roles:
DNS; Mail; Webserver; Gateway;
at the network section of zentyal i've declared:
Eth 1 - IP from isp1
Eth 2 - IP from isp2
Eth 0 - Lan ip;
Enabled the wan failover monitor;
Declared the primary gateway from isp1;
Enable load balance on external interfaces with 50/50;
On the DNS section of zentyal:
Create the domain.com;
Add both ip's from ISP to the domain.com;
Add the forwarders from my ISP;
in the host section of the domain (SRV01) i've added the two IP's
In alias section i've added the proper aliases.
Then configured the firewall and that was it ... more or less:)
But now i have wan fail over for my lan subnet.
and the server is reachable from each ISP because it is responding with two IP when domain is asked.
For the rDNS i've asked the IPS's help so that the ip's alocated to me will resove properly on their end. so for example a traceroute will resolve to the proper ip/name from my ISP. (i'm not well versed in rDNS and FCrDNS so that's why i've asked for their help)
I know what BGP stands for and is not so easily to implement. A few years i've did (with outside help of course since i'm not all-knowing ) a BGP configuration with AS and everything, but that was when i needed proper load balancing between 4 ISP and it was for a small neighborhood and I was the local ISP. But this is not the case and Zentyal is perfect for rr loadbalance.
I have both HA for reaching the servers on different isp and wan failover for LAN side.
The round robin is done internaly by zentyal you however can specify if you want, how much of the total queries can be on put on one interface and how much on the other.
My DNS setup is done correct (i hope:) ) on my end but the rdns i've asked for help on my ISP (not registrar since it is registered ar TLD)
Best regards
Bogdan
18
Installation and Upgrades / Re: wan load balancing failover and dns
« on: November 07, 2013, 12:29:37 pm »
Hi Christian,
Right My zentyal has 3 IP's
1 LAN and 2 for WAN.
I do not rely on my ISP.
I do not use SAMBA and the lan IP does not show up on dig or nslookup.
The BGP implementation does not have anything to do with DNS but it has with load balance and wan fail-over.
To achieve real load balance you will have to make use of EiBGP or *BGP (take a brief look here http://blog.ipspace.net/2013/06/eibgp-load-balancing.html) so that the traffic will be correctly pointed to the interfaces. (this will fall into advanced routing and is not easily done with zentyal)
The only point where my ISP will be involved is with rDNS so that the reverse lookup will be corect.
The Wan fail-over aspect has two sides! Keep in mind that if you use Zential as a server and NOT as a gateway only the WAN (as an aggregate) has to be reachable on both ISP lines! Also that means that the domain will have to be set to "respond" for both IP's also the host (zentyal itself) will have to do the same.
The following setup in Zentyal DNS section is valid:
Domain.com ip: xxx.xxx.xxx.xxx; yyy.yyy.yyy.yyy;
HOSTS: srv01 ip: xxx.xxx.xxx.xxx; yyy.yyy.yyy.yyy;
if you query:
nslookup srv01.domain.com
Non-authoritative answer:
Name: srv01.domain.com
Address: xxx.xxx.xxx.xxx
Name: srv01.domain.com
Address: yyy.yyy.yyy.yyy
so failover is achieved
Hope this helps.
Best regards
Bogdan
Right My zentyal has 3 IP's
1 LAN and 2 for WAN.
I do not rely on my ISP.
I do not use SAMBA and the lan IP does not show up on dig or nslookup.
The BGP implementation does not have anything to do with DNS but it has with load balance and wan fail-over.
To achieve real load balance you will have to make use of EiBGP or *BGP (take a brief look here http://blog.ipspace.net/2013/06/eibgp-load-balancing.html) so that the traffic will be correctly pointed to the interfaces. (this will fall into advanced routing and is not easily done with zentyal)
The only point where my ISP will be involved is with rDNS so that the reverse lookup will be corect.
The Wan fail-over aspect has two sides! Keep in mind that if you use Zential as a server and NOT as a gateway only the WAN (as an aggregate) has to be reachable on both ISP lines! Also that means that the domain will have to be set to "respond" for both IP's also the host (zentyal itself) will have to do the same.
The following setup in Zentyal DNS section is valid:
Domain.com ip: xxx.xxx.xxx.xxx; yyy.yyy.yyy.yyy;
HOSTS: srv01 ip: xxx.xxx.xxx.xxx; yyy.yyy.yyy.yyy;
if you query:
nslookup srv01.domain.com
Non-authoritative answer:
Name: srv01.domain.com
Address: xxx.xxx.xxx.xxx
Name: srv01.domain.com
Address: yyy.yyy.yyy.yyy
so failover is achieved
Hope this helps.
Best regards
Bogdan
19
Installation and Upgrades / Re: wan load balancing failover and dns
« on: November 07, 2013, 11:03:18 am »
Hi Christian, Bretton
The zentyal server hostname is SRV01.
I've put both public ip's from the ISP to that host.
Also the same IP's i've used on the domain. all this is done in the DNS section.
This aproach is necessary so that the server will be reachable from intenet on both ISP. If i only let the local interface as set for the host this will create a whole bunch of issues. In fact the local ip does not appear in any setup and i do not want it to be propagated into the internet on a DNS query for my domain.
One of my interfaces (the Fiber one) is set with static IP, the other one is via PPPoE. I've had before a situation where the interfaces were connected to some home routers Dlink and Huawey but it still worked.
The rules for DNS sound ok in theory but i've seen that it does not play well in real life. Maybe some sort of BGP mode should be more suitable but this will be even more complex to implement.
Hope this will clarify more from this confusion with ambigous terms used Dns, Fowarders, local domain External domain etc
Regards
Bogdan
The zentyal server hostname is SRV01.
I've put both public ip's from the ISP to that host.
Also the same IP's i've used on the domain. all this is done in the DNS section.
This aproach is necessary so that the server will be reachable from intenet on both ISP. If i only let the local interface as set for the host this will create a whole bunch of issues. In fact the local ip does not appear in any setup and i do not want it to be propagated into the internet on a DNS query for my domain.
One of my interfaces (the Fiber one) is set with static IP, the other one is via PPPoE. I've had before a situation where the interfaces were connected to some home routers Dlink and Huawey but it still worked.
The rules for DNS sound ok in theory but i've seen that it does not play well in real life. Maybe some sort of BGP mode should be more suitable but this will be even more complex to implement.
Hope this will clarify more from this confusion with ambigous terms used Dns, Fowarders, local domain External domain etc
Regards
Bogdan
20
Installation and Upgrades / Re: Second domain on Zentyal
« on: November 07, 2013, 10:45:39 am »
You will have to add a new host in the webserver section.
Click the add button, add the new name like www.your-second-domain.com and then click save changes
the folder www will be added in the /srv/ folder
Best regards
Bogdan
Click the add button, add the new name like www.your-second-domain.com and then click save changes
the folder www will be added in the /srv/ folder
Best regards
Bogdan
21
Installation and Upgrades / Re: wan load balancing failover and dns
« on: November 06, 2013, 11:31:04 am »
Hi Bretton,
I have a similar config.
2 lines with two routers before zentyal.
In network/dns i've added the two ISP's nameservers and open dns.
I've added the ip's from both ISP's to the domain and also to the host srv01.
Domain.com: ip 1 and ip 2.
srv01.domain.com: ip1 and ip2.
After this i've set up wan failover and load balancing with same weight on both gw.
and enabled "WAN failover" in Events
let me know if your config is different.
Regards
Bogdan
I have a similar config.
2 lines with two routers before zentyal.
In network/dns i've added the two ISP's nameservers and open dns.
I've added the ip's from both ISP's to the domain and also to the host srv01.
Domain.com: ip 1 and ip 2.
srv01.domain.com: ip1 and ip2.
After this i've set up wan failover and load balancing with same weight on both gw.
and enabled "WAN failover" in Events
let me know if your config is different.
Regards
Bogdan
22
Installation and Upgrades / Re: Second domain on Zentyal
« on: November 06, 2013, 11:17:52 am »
Did you add a second domain in DNS ? If not you wil have to add another domain seconddomain.com.
After that go to webserver and add a new host. www.seconddomain.com
After this, the root folder will be in /srv/www/www.seconddomain.com
Regards.
Bogdan
After that go to webserver and add a new host. www.seconddomain.com
After this, the root folder will be in /srv/www/www.seconddomain.com
Regards.
Bogdan
23
Installation and Upgrades / Re: New internet connection is slow
« on: August 02, 2013, 02:02:38 pm »
There are some basic steps that you can do so you rule out the possible failure point.
0 reset cisco appliance
1 check the cable from Cisco to Zentyal
2 change the port in the cisco
3 change the network card from zentyal
4 Disable any load balance rules that you may have
5 check the link from Zential to ISP with only that link in the server (unplug the rest of the cables).
6 see if the proper driver is loaded for your network card (if not then load it .... more advanced tweaking required)
Best regards
B.
0 reset cisco appliance
1 check the cable from Cisco to Zentyal
2 change the port in the cisco
3 change the network card from zentyal
4 Disable any load balance rules that you may have
5 check the link from Zential to ISP with only that link in the server (unplug the rest of the cables).
6 see if the proper driver is loaded for your network card (if not then load it .... more advanced tweaking required)
Best regards
B.
24
Installation and Upgrades / Private / public certificates for PGP
« on: July 25, 2013, 11:54:31 am »
Does anyone know how Private / Public certificates be generated for users ?
I need private key to work with outlook, to sign / encrypt emails and the Public certificate to be sent to other partners for PGP.
Can those certificates be generated from zentyal ? I've tried to use the current certificates but with those it doesn't work.
Thank you
I need private key to work with outlook, to sign / encrypt emails and the Public certificate to be sent to other partners for PGP.
Can those certificates be generated from zentyal ? I've tried to use the current certificates but with those it doesn't work.
Thank you
25
Installation and Upgrades / Re: SFTP and root access
« on: June 04, 2013, 11:31:06 pm »
after you have the files on the server (Ex: in the user's home directory) via filezilla or winscp or whatever method you want, use sudo to do the operations
ex: sudo mc
or
ex: sudo cp /path/to/file/file1 /destination/of/file/
But pay attention to the rights of the files! since they will be owned by root (sudo) and you must change them to www-data owner for them.
Best regards
Bogdan
ex: sudo mc
or
ex: sudo cp /path/to/file/file1 /destination/of/file/
But pay attention to the rights of the files! since they will be owned by root (sudo) and you must change them to www-data owner for them.
Best regards
Bogdan
26
Installation and Upgrades / Re: Today's update killed my server
« on: March 13, 2013, 11:25:30 am »
Default command is apt-get update followed by apt-get upgrade
with dist-upgrade you are also upgrading from the current version Ex 12.04 to 12.10 and things tend to break when you issue such commands.
Best regards
Bogdan
with dist-upgrade you are also upgrading from the current version Ex 12.04 to 12.10 and things tend to break when you issue such commands.
Best regards
Bogdan
27
Installation and Upgrades / Re: Wordpress Setup - Zentyal Core 3.0.10
« on: March 12, 2013, 01:25:57 pm »
You will have to check with apache if the php-mysql modules are enabled.
Also as Ichat sayed, see if the mysql library exists and it is enabled in php ini.
I think that you can find more info on how to set it up directly on the wordpres.
and also it is a good idea to check your firewall rules to accept mysql connection on localhost.
Best regards
Bogdan
Also as Ichat sayed, see if the mysql library exists and it is enabled in php ini.
I think that you can find more info on how to set it up directly on the wordpres.
and also it is a good idea to check your firewall rules to accept mysql connection on localhost.
Best regards
Bogdan
28
Installation and Upgrades / Re: Power configuration for drives
« on: March 07, 2013, 08:48:07 am »
Hi Half_life,
Thanx for your reply, I've already tried to set the spindown time with hdparm -S but i get an error.
The raid matrix is seen as /dev/hdb (in new kernels is no longer displayed as /cciss/c0d0 )
As for the rom utility i do not have an option. (at least from the onboard rom ) I'll try with ACU boot disk from HP.
Also i need to get a look at tuning the controller for sped since i only get maximum of 50MBps instead of 360Mbps.
I'll try the ACU and then come back with some results.
Best regards
Bogdan
Thanx for your reply, I've already tried to set the spindown time with hdparm -S but i get an error.
The raid matrix is seen as /dev/hdb (in new kernels is no longer displayed as /cciss/c0d0 )
As for the rom utility i do not have an option. (at least from the onboard rom ) I'll try with ACU boot disk from HP.
Also i need to get a look at tuning the controller for sped since i only get maximum of 50MBps instead of 360Mbps.
I'll try the ACU and then come back with some results.
Best regards
Bogdan
29
Installation and Upgrades / Re: Web interface user login
« on: March 06, 2013, 09:32:56 pm »
if you can connect via ssh and have sudo capability you can change the password for the "Admin" (and by Admin i mean the username you used in the installation)
30
Installation and Upgrades / Power configuration for drives
« on: March 06, 2013, 05:57:48 pm »
Does anyone know if it is possible to spin down the HDD's or to shut them down after a period of time ?
The data partition is on a different drive than the system drive, so in theory it does not need to access it over night.
I want to put /dev/sdb (hardware raid 5) down after a 45 minute period of time.
Thank you.
The data partition is on a different drive than the system drive, so in theory it does not need to access it over night.
I want to put /dev/sdb (hardware raid 5) down after a 45 minute period of time.
Thank you.