Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Simon Matthews

Pages: [1]
Contributions / Tips&Tricks / Features Requests / What Is Going On?
« on: February 28, 2024, 01:37:15 pm »
I used to deploy Zentyal a long time ago for customers. If I was still working in that role, I would definitely not be deploying it any more. The product is stuck in the past. Although the web interface is fantastic in many ways, the rest of the product is deeply flawed.

It's amazing that there is absolutely no support for IPv6. To me that makes a product like this unusable.

I received the email saying that version 8 has now been released. I thought I would have a look at how the product is going and deployed it to an Linux Container. There are so many problems with this software. After installation I noticed it had done bizarre things to the permissions of critical system files. I discovered this in an attempt to force netplan to apply network and it was complaining about insecure permissions on its yaml files.

If your server is hacked in any way, it is done for.

The funniest thing that happened was I forgot I even had a user account here because it was been around 12 years since I last posted. I did a forget password and in the email to reset it, it said my IP was What the heck is going on here? Do you actually receive money from people for this product?

Where is the MFA support? OIDC? SAML? This is hilarious.

Installation and Upgrades / Block HTTPS by URL
« on: September 11, 2010, 12:19:58 pm »
I thought it was possible for squid to block HTTPS sites just by the URL. This is currently not working. I am not using transparent proxy.
I have Zentyal 2.0 installed.
What am I doing wrong?

Installation and Upgrades / Dansguardian Wildcards
« on: February 18, 2009, 01:50:36 am »
Is there any way to use wildcards on filtered domains?

Installation and Upgrades / Reset Firewall settings to default?
« on: December 09, 2008, 06:53:05 am »
I was wondering if there is a way to reset all the firewall settings to default.
I was going to try:
Code: [Select]
apt-get purge ebox-firewallBut that wanted to completely remove ebox. I have purged the proxy before and reinstalled it without having to do this.

The reason I need to reset the firewall settings to default is because for some reason it is gradually blocking requests sent to the proxy port 3128. If I restart the server everyone is able to get to sites for about 15 minutes before they start getting blocked again. I can see this in the logs showing that port 3128 is being denied.

Any help appreciated.

Ok... now I had previously had access via SSH.

IP Addresses were originally:

This was purely for testing.

Now I have made it a production server and changed the IPs:

The proxy is now working correctly which I previously had problems with (most likely due to the IP configuration).
Now I am unable to SSH to the box. It looks like iptables is now completely blocking port 22.
OpenVPN still connects but then is instantly dropped off but reconnects again straight away and this loops.
This is the error I get when it drops out:
Thu Dec 04 12:44:16 2008 TCP/UDP: Closing socket
Thu Dec 04 12:44:16 2008 SIGUSR1[soft,connection-reset] received, process restarting
Thu Dec 04 12:44:16 2008 Restart pause, 5 second(s)

Installation and Upgrades / [SOLVED] Squid and Dansguardian problem
« on: December 02, 2008, 01:59:55 am »
The problem so far:
Unable to use proxy at all unless I create a rule in the firewall section; "Filtering rules from external networks to eBox" that allows all source ports to be allowed through the squid port (3128).
Unable to use Proxy with filtering on. It doesn't get to dansguardian, it always comes up with the page "ERROR: The requested URL could not be retrieved"
If I put the dansguardian port into my proxy settings i can't get anywhere.

Here is some of my iptables config:
iptables -L
Chain iexternal (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpt:3129 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:3129 state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:3128 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:3128 state NEW

Chain imodules (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:3129
DROP       tcp  --  anywhere             anywhere            state NEW tcp dpt:3128

iptable -L -t nat

target     prot opt source               destination
premodules  all  --  anywhere             anywhere

target     prot opt source               destination
postmodules  all  --  anywhere             anywhere
SNAT       all  -- !        anywhere            to:

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain postmodules (1 references)
target     prot opt source               destination
MASQUERADE  all  --          anywhere

Chain premodules (1 references)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere          tcp dpt:3128 redir ports 3129

This is setup as non-transparent proxy on default port and filter on default port. The default proxy setting is to filter.

Cheers for the help

Installation and Upgrades / Firewall blocking Road Warriors
« on: November 19, 2008, 04:59:03 am »
I was just wondering if the Firewall blocks access to most internal ports from remote VPN users.
I was attempting to Remote Desktop to a PC on the internal network remotely but was unable to do so. I also found that I was unable to map network drives.
I changed the firewalls "Filtering rules from external networks to internal networks" by adding an allow all rule. This fixed the problem... why is the VPN considered as being an external network?

Pages: [1]