Messages

1

News and Announcements / Re: Usage of eBox Platform

« on: August 28, 2009, 01:31:57 pm »

All of the above comments resonated with my own experience, so I won't give a repeat of it. I've used a range of appliance routers (e.g., IPCop, Untangle) and I've had to tear down eBox a couple of times when I couldn't configure it to do what I needed. I'm getting ready to see if the current release will be a better fit.

- I'm no longer filtering email, as I'm routing through Postini (the rates are cheap enough).
- I would recommend some standard configurations for SOHO/SMB:
    - Easy LAN segmentation (DMZ, internal, external, wifi)
    - Default setups, which provide nearly everything to get started and clear areas for configuration.
    - VPN is becoming more common for mobile professionals, and it's always been frustrating to configure.

2

Installation and Upgrades / [SOLVED] Re: Multiple NICS and rerouting inbound HTTP

« on: September 08, 2008, 04:09:24 pm »

Javi,

I didn't get a chance to read your note in time. I went ahead and de-configured the eBox and started from scratch. This time when I got to setting up the firewall rules for outbound access, it made sense that eBox was looking for a subnet range. Of course it had to be 192.168.1.0/24 !

I wasn't thinking in that way on my initial set-up, because I just assumed some sort of route was going to be configured for everything on eth1. Why ? Because that was my experience on IPCop and I've carried forward those perceptions.

So, the multiple NICS are humming, nicely. The port forwarding worked immediately for HTTP and SMTP on eth2. The DHCP is working great.

I'm looking forward to making the mail filters work and adding OpenVPN. Then, I'll be singing to everyone about eBox.

Thanks again, Javi.

3

Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP

« on: September 07, 2008, 12:49:00 am »

Javi,

The /32 setting was the only setting that eBox would accept. It didn't make sense to me when I did the input, but eBox wouldn't accept /24. Weird.

I'm going to review the initial settings over this weekend, but I'm drawing a blank. I've doubled checked the NIC settings (ifconfig), and everything is set just as I recorded it for you.

4

Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP

« on: September 02, 2008, 01:32:09 pm »

Thanks, Javi !

I'll rework it tonight and let you know the results. The reason I thought there was a need for two gateways, was based on the comments in the wiki.

I appreciate your feedback !

5

Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP

« on: September 02, 2008, 01:28:23 am »

I spent some more time on the ebox, today and I'm still fuzzy about the GUI. For instance, I have DHCP successfully bonded to one of the NICS and the ebox is connected to my DSL router. If I'm on the ebox, I can access the Internet. However, if I connect via DHCP (I use dhclient in prompt, so I can see the activity), that client is unable to access the Internet.

So, here are all the basic configuration details:

Active Module status:
   network
   firewall
   ntp
   dhcp server
   logs
   Domain Name Server

NETWORK
Network interfaces:
   Name: eth0
   Method: static
   External: YES
   IP: 66.92.167.36   
   Netmask: 255.255.255.0
   (No virtual interfaces)

ETH0 connects to the DSL router. It's working fine.

   Name: eth1
   Method: static
   External: no
   IP: 192.168.1.1   
   Netmask: 255.255.255.0
   (No virtual interfaces)

ETH1 is for the DHCP server and clients. It's the internal LAN

   Name: eth2
   Method: static
   External: no
   IP: 192.168.2.1
   Netmask: 255.255.255.0
   (No virtual interfaces)

ETH2 is for a web and mail server on a separate system.

DNS:   192.168.1.1
   216.231.41.2

Routes: I tried it with none (it seemed optional). But, when I couldn't access the Internet from the ETH1 segment, I added the following route from the Network to the Gateway:

   192.168.1.1/32 -> 66.92.167.36

Gateways: I have two Gateways, one for the Internet and one for the internal ETH1.

   Internet Gateway (ETH0), 66.92.167.36, ETH0 (set as default)
   ETH1 Gateway, 192.168.1.1, ETH1

OBJECTS
   The ebox has no objects defined.

SERVICES
   I haven't added any extra services.

FIREWALL
   Packet filtering has been set up in these categories:

   From Internal networks to ebox:
      The following protocols/services accept any source: ipp, samba, http, ntp, mail system, dns, dhcp, tftp, ssh

   For Internal networks, each of the NICS have been configured to access outside destinations:
   66.92.167.36/32- Any - Any - "Outbound ETH0"
   192.168.1.1/32 - Any - Any - "Outbound ETH1"      
   192.168.2.1/32 - Any - Any - "Outbound ETH2"

   For traffic coming out of ebox

   Any - Any - "Open up outbound for now"

   For traffic coming in to ebox

   No IPs are configured to accept connections

Redirects:

   One redirect is in place, but I haven't tested it.

   Interface: ETH0, External Port: 80, Protocol: TCP, IP: 192.168.2.2, PORT: 80

USERS   Not configured

GROUPS   Not configured

WEB SERVICE   Not configured

OPENVPN   Not configured

Japper Service:   Not configured

PRINTERS:   Not configured

DHCP:
   Interface: ETH1
   Default Gateway: Configured Ones, ETH1 Gateway
   Search domain: None
   Primary Nameserver: local eBox DNS
   Secondary nameserver: <blank>
   DHCP Ranges:
      IP: 192.168.1.1
      Subnet: 192.168.1.0/24
      Available ranges: 192.168.1.1 -254

   I created a range ("Range 1") from 192.168.1.50 to 192.168.1.100.

   No fixed addresses

FILE SHARING: Not configured

TRAFFIC SHAPING: Not configured

SOFTWARE MANAGEMENT: Not configured

   System is up to date

   Automatice updates: Not configured

LOGS: I did set them for one week

HTTP PROXY: Not configured

MAIL: Not configured

DNS: Not configured

CERTIFICATE MANAGER: Not configured

EVENTS: Not configured



   






   

6

Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP

« on: September 01, 2008, 06:13:46 pm »

Alright, the best news is that everything sounds do-able. Your comments are very appreciated.

I've read through the eboxplatform forums, the wiki, and two years of the e-mail list.

My ebox is running (with the A, B, C NICS) and everything looks good (it's still not configured, but it's working).

The "smart host" option is what I was thinking would be a good choice.

The "A" NIC will be the gateway.

Now, I just have to configure the ebox to do these things. It's the creation of "objects" and "network services" that abstract out the details. I'm not sure what I'm doing. I'm not looking for a step-by-step, just "first configure an object, then create a network service."

Or, something.

When I'm done, I'll blog a more detailed overview on http://www.leadershipbynumbers.com so others can follow along.

Thanks !

7

Installation and Upgrades / Re: Multiple NICS and rerouting inbound HTTP

« on: September 01, 2008, 04:05:20 pm »

Javi, thanks for helping out !

- My EBOX does not have a wi/fi NIC, it only has three 10/100 NICs (which I will call A, B, C).

-  I'd like NIC A to be connected to a static IP on my DSL router.
-  I'd like NIC B to route to a subnet (192.168.2.x), which has my external e-mail server and http server.
-  I'd like NIC C to route to a subnet (192.168.1.x) to my internal LAN, which includes a wi/fi router.

With that set-up, here's what I'd hope the end functionality would include:

- SPAM and AV filter for inbound SMTP.
- Redirect the processed SMTP to the external e-mail server (192.168.2.2)
- Redirect the HTTP to the external web server (also on 192.168.2.2)
- Provide DHCP for the clients that connect on the 192.168.1.x segment
- OpenVPN, so that I can remotely connect to the 192.168.1.x segment

8

Installation and Upgrades / [SOLVED]Multiple NICS and rerouting inbound HTTP

« on: August 28, 2008, 02:32:26 am »

Ebox looks fantastic, but the level of abstraction is making it hard for me to use (oddly enough). I'm replacing a venerable IPCop with EBox, and after reading the documentation, successfully installing Ebox, reading multiple Ebox how-tos, and skimming through this forum - - it's still a little confusing.

My layout:

3 NICS
- one connects directly to the Internet on a static IP through my DSL router
- a second NIC connects to the internal LAN (with wifi)
- a third NIC connects to the HTTP and SMTP server.

So, do I need to do the following?

(1) Create a service
(2) Create a rule to route the Internet NIC traffic (defined by the service) to the third NIC ?

9

Installation and Upgrades / Is it possible to redirect inbound HTTP headers to different back-end IPs?

« on: April 07, 2008, 04:10:45 am »

I'd like to host more than one HTTP service/server through a single IP.

While I can support multiple virtual hosts on the same server (allowing multiple DNS to be serviced on one IP). I'd like to be able to do something like a port redirect, only with the HTTP Header (or the called DNS).

Can e-box do this?