Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Other modules / Local DNS server not local resolver
« on: May 23, 2017, 04:36:09 pm »
Zentyal 5.0.8
Hi,
the tab Network > DNS says "The Zentyal DNS module is installed and enabled, so only the local DNS server will be used to resolve the queries. [...]". That used to work until Zentyal 5.
Unfortunately with Zentyal 5 the local DNS server is NOT the local resolver - as I can see in resolv.conf - but the DNS servers received via DHCP (DHCP is enabled for the external interface).
In short: Zentyal doesn't overwrite the DNS servers received via DHCP with 127.0.0.1 when the DNS module is enabled.
Hi,
the tab Network > DNS says "The Zentyal DNS module is installed and enabled, so only the local DNS server will be used to resolve the queries. [...]". That used to work until Zentyal 5.
Unfortunately with Zentyal 5 the local DNS server is NOT the local resolver - as I can see in resolv.conf - but the DNS servers received via DHCP (DHCP is enabled for the external interface).
In short: Zentyal doesn't overwrite the DNS servers received via DHCP with 127.0.0.1 when the DNS module is enabled.
2
Contributions / Tips&Tricks / Features Requests / Firewall rules deployment
« on: February 02, 2017, 03:35:49 pm »
Hi,
is it possible to deploy (push) firewall rules and network objects so I don't have to enter them manually through the Webadmin GUI?
is it possible to deploy (push) firewall rules and network objects so I don't have to enter them manually through the Webadmin GUI?
3
Installation and Upgrades / Error adding static host route
« on: August 19, 2015, 04:39:13 pm »
Trying to add a static host route I receive the following error:
Gateway 1.2.3.4 is already defined in the gateway table. Use a multi gateway rule instead
The command is equivalent to...
What is a "multi gateway rule" and how can I enter a "multi gateway rule"? Is there another way to enter the non-standard routing entry through Zentyal's admin interface?
This is Zentyal 4.1 development edition.
Thorsten
Gateway 1.2.3.4 is already defined in the gateway table. Use a multi gateway rule instead
The command is equivalent to...
Code: [Select]
route add -host 1.2.3.5 gw 1.2.3.4 dev eth01.2.3.4 is the default gateway and 1.2.3.5 is in the same subnet as eth0 (so you normally wouldn't need a route at all as the (MAC) address is resolved via broadcast).What is a "multi gateway rule" and how can I enter a "multi gateway rule"? Is there another way to enter the non-standard routing entry through Zentyal's admin interface?
This is Zentyal 4.1 development edition.
Thorsten
4
Installation and Upgrades / Re: iptables rules without matching Packet Filter rules
« on: January 05, 2015, 12:15:20 pm »
I understand. I did a grep on the whole file system and the following files showed up:
I changed the address but the changes were reverted after restarting the firewall (probably from the redis database). I reconfigured the DHCP service but to no avail. I guess we're stuck with these ghost rules...
/etc/dhcp/dhcpd.conf:option domain-name-servers 127.0.0.1, 192.168.201.1;
/run/resolvconf/interface/zentyal.dnsr1:nameserver 192.168.201.1
I changed the address but the changes were reverted after restarting the firewall (probably from the redis database). I reconfigured the DHCP service but to no avail. I guess we're stuck with these ghost rules...
5
Installation and Upgrades / Re: iptables rules without matching Packet Filter rules
« on: January 05, 2015, 11:39:03 am »
We definitely don't have any object with that IP address. This used to be the internal address of the Zentyal machine itself which acts as a DNS server. The iptables rules allow access to the DNS server from the internal network.
My question regarding "XML" was the following: the Zentyal configuration including the firewall rules have to be stored somewhere (possibly in XML files). Since the firewall rules are not visible in the webadmin interface, is it possible to delete these outdated rules by editing the files where they are stored?
My question regarding "XML" was the following: the Zentyal configuration including the firewall rules have to be stored somewhere (possibly in XML files). Since the firewall rules are not visible in the webadmin interface, is it possible to delete these outdated rules by editing the files where they are stored?
6
Installation and Upgrades / Re: no default gateway in `route` output
« on: January 05, 2015, 11:05:02 am »
So, the answer to my question would be this:
"you cannot use `route` or `ip route show` on Zentyal to show the default gateway because `(ip) route` shows only the default `main` table.
Zentyal sets the default gateway in the non-default `default` routing table so you have to use `ip route show table default`."
"you cannot use `route` or `ip route show` on Zentyal to show the default gateway because `(ip) route` shows only the default `main` table.
Zentyal sets the default gateway in the non-default `default` routing table so you have to use `ip route show table default`."
7
Installation and Upgrades / Re: no default gateway in `route` output
« on: January 02, 2015, 08:22:33 pm »root@gateway ~# ip route ls table all
default via 192.168.200.2 dev eth1 table 101 src 192.168.200.150
default via 192.168.200.2 dev eth1 table default
192.168.200.0/24 dev eth1 proto kernel scope link src 192.168.200.150
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.1.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.200.0 dev eth1 table local proto kernel scope link src 192.168.200.150
local 192.168.200.150 dev eth1 table local proto kernel scope host src 192.168.200.150
broadcast 192.168.200.255 dev eth1 table local proto kernel scope link src 192.168.200.150
unreachable default dev lo table unspec proto kernel metric 4294967295 error -101
unreachable default dev lo table unspec proto kernel metric 4294967295 error -101
root@gateway ~# ip route ls table default
default via 192.168.200.2 dev eth1
8
Installation and Upgrades / Re: iptables rules without matching Packet Filter rules
« on: January 02, 2015, 08:13:53 pm »
I uninstalled the OpenVPN module just to be sure. The tap0 interface has a `192.168.191.1` address. The `192.168.201.1` looks to me like an address the firewall previously had.
Is it possible to view or edit the rules - possibly in XML files - directly?
Is it possible to view or edit the rules - possibly in XML files - directly?
9
Installation and Upgrades / iptables rules without matching Packet Filter rules
« on: January 02, 2015, 12:28:52 pm »
Hi,
I noticed that the iptables output from our firewall shows rules which don't correspond to any Packet Filter rule set in our webadmin interface. The rules in question are
The IP address `192.168.201.1` does not match any interface configured on the host. How can I delete those rules?
I noticed that the iptables output from our firewall shows rules which don't correspond to any Packet Filter rule set in our webadmin interface. The rules in question are
root@gateway ~# iptables --table filter --list
faccept udp -- anywhere 192.168.201.1 state NEW udp dpt:domain
faccept tcp -- anywhere 192.168.201.1 state NEW tcp dpt:domain
oaccept udp -- anywhere 192.168.201.1 state NEW udp dpt:domain
oaccept tcp -- anywhere 192.168.201.1 state NEW tcp dpt:domain
The IP address `192.168.201.1` does not match any interface configured on the host. How can I delete those rules?
10
Installation and Upgrades / Duplicate system web admin service after upgrade
« on: January 02, 2015, 11:38:15 am »
Hi,
since upgrading our Zentyal machine (don't know if it was from 3.2 to 3.5 or from 3.5 to 4.0) we have two "Zentyal Webadmin" services. Both are "system services" - which means that they cannot be edited, renamed or deleted.
One points to our default Webadmin port 444 (we changed it from the default port 443) and the other points to the new default port with nginx (8443). What can we do to delete the "rogue" webadmin service?
For people administering the firewall, this is obviously confusing, because in the firewall rule set, you have to choose a service - and there is no way to distinguish between the correct and the incorrect webadmin service.
since upgrading our Zentyal machine (don't know if it was from 3.2 to 3.5 or from 3.5 to 4.0) we have two "Zentyal Webadmin" services. Both are "system services" - which means that they cannot be edited, renamed or deleted.
One points to our default Webadmin port 444 (we changed it from the default port 443) and the other points to the new default port with nginx (8443). What can we do to delete the "rogue" webadmin service?
For people administering the firewall, this is obviously confusing, because in the firewall rule set, you have to choose a service - and there is no way to distinguish between the correct and the incorrect webadmin service.
11
Installation and Upgrades / no default gateway in `route` output
« on: January 02, 2015, 11:04:16 am »
Hello,
I have configured a default gateway on my Zentyal machine through the web admin interface. This works fine and I can connect to the internet. Nevertheless `route -n` doesn't show any configured default route:
It's been this way since Zentyal 2.3 on all our boxes so this looks to me as if it "works as designed". Other people noticed it, too: https://forum.zentyal.org/index.php/topic,22344.msg85995.html#msg85995
Does anyone why I can connect to the internet without a - visible - default gateway and the design behind that?
I have configured a default gateway on my Zentyal machine through the web admin interface. This works fine and I can connect to the internet. Nevertheless `route -n` doesn't show any configured default route:
root@gateway ~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.191.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
It's been this way since Zentyal 2.3 on all our boxes so this looks to me as if it "works as designed". Other people noticed it, too: https://forum.zentyal.org/index.php/topic,22344.msg85995.html#msg85995
Does anyone why I can connect to the internet without a - visible - default gateway and the design behind that?
12
Installation and Upgrades / Re: How to update Zentyal and keep the configuration?
« on: July 03, 2013, 05:15:04 pm »
The real WTF is not that the configuration gets lost when upgrading from 2.3 to 3.0. The same happens when you update the stock 2.3.4 version on Ubuntu LTS from the 2.3 Zentyal repository. Even worse is that instaling any module from PPA 2.3 will actually corrupt your installation. A subsequent "aptitude safe-upgrade" will fix that - but on the price of all configuration lost.
13
Installation and Upgrades / Re: How to update Zentyal and keep the configuration?
« on: June 30, 2013, 06:23:54 pm »
That page says how I updated - my question was about keeping the configuration
14
Installation and Upgrades / Re: Internet Explorer blocked (please unblock!)
« on: June 30, 2013, 09:45:16 am »
Zentyal 2.3.24 (the one from Zentyal PPA) does not block Internet Explorer. Unfortunately an update doesn't keep the configuration so we will probably have to live with the Internet Explorer block until the configuration update issue is fixed.
15
Installation and Upgrades / Re: How to update Zentyal and keep the configuration?
« on: June 30, 2013, 09:38:09 am »
2.3.4 is the one that comes with Ubuntu 12.04 LTS. It's not what I want but what Ubuntu offers me.
Pages: [1] 2