This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
News and Announcements / Re: Zentyal 4.1 available!
« on: March 29, 2015, 10:47:09 pm »
I agree with werter, gerald_FS and gsiotas too
I use Zentyal since the "ebox time" (1.2).
I even tried to promote Zentyal to schools as an "all in one server" as it HAD a lot of network features
But with every new update the community release is trimmed. Over the time a lot of features disappeared (proxy, ids, wan failover, antivirus, web server, traffic shapping, events, Dynamic DNS etc)
Zentyal is still a great product, but not as a standalone server. Other servers are necessary even in a small network (10-20 computers and devices)
I will too, try to migrate to other more completed (of services) alternatives.
nethserver.org looks promising. It reminds me the reasons I choose Zentyal a few years ago.
I use Zentyal since the "ebox time" (1.2).
I even tried to promote Zentyal to schools as an "all in one server" as it HAD a lot of network features
But with every new update the community release is trimmed. Over the time a lot of features disappeared (proxy, ids, wan failover, antivirus, web server, traffic shapping, events, Dynamic DNS etc)
Zentyal is still a great product, but not as a standalone server. Other servers are necessary even in a small network (10-20 computers and devices)
I will too, try to migrate to other more completed (of services) alternatives.
nethserver.org looks promising. It reminds me the reasons I choose Zentyal a few years ago.
2
Installation and Upgrades / Re: Troble accessing egroupware from the internet
« on: June 30, 2010, 12:36:21 am »
Sometimes, routers keep the port 80 for themselves
Have you try forward another port to 80?
e.g have you try to forward port 8081 (external router port) to port 80 of ebox?
then you can have access in:
http://yourboxIP:8081/egroupware
Have you try forward another port to 80?
e.g have you try to forward port 8081 (external router port) to port 80 of ebox?
then you can have access in:
http://yourboxIP:8081/egroupware
3
Installation and Upgrades / Re: slapd problem
« on: June 28, 2010, 11:45:52 pm »
I know that this is an old topic, but it is good to have a reply
Stop slapd
/etc/init.d/slapd stop
Edit /etc/ldap/slapd.conf
and append under the existing 'index' line the following line
index sambaSID,gidNumber eq
The start the indexing
slapindex
change permissions
chown openldap:openldap /var/lib/ldap/*
Restart slapd
/etc/init.d/slapd start
For more 'resistent' solution do the same to the
/usr/share/ebox/stubs/usersandgroups/slapd.conf.mas
You can see more in
http://forum.ebox-platform.com/index.php?topic=664.0
Stop slapd
/etc/init.d/slapd stop
Edit /etc/ldap/slapd.conf
and append under the existing 'index' line the following line
index sambaSID,gidNumber eq
The start the indexing
slapindex
change permissions
chown openldap:openldap /var/lib/ldap/*
Restart slapd
/etc/init.d/slapd start
For more 'resistent' solution do the same to the
/usr/share/ebox/stubs/usersandgroups/slapd.conf.mas
You can see more in
http://forum.ebox-platform.com/index.php?topic=664.0
4
Installation and Upgrades / Re: HOWTO: WEBMIN installation
« on: June 24, 2010, 08:17:58 pm »
As for the question
"Is this HOW-TO useful"
I must say that ALL how-to are useful
We must thank all the people that try and make them (even if we don't need them personally)
"Is this HOW-TO useful"
I must say that ALL how-to are useful
We must thank all the people that try and make them (even if we don't need them personally)
5
Installation and Upgrades / Re: HOWTO: WEBMIN installation
« on: June 24, 2010, 08:14:22 pm »Enter these commands in the shell:
cd /usr/local
mkdir webmin
cd webmin
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.510.tar.gz
tar xzvf webmin-1.510.tar.gz
cd webmin-1.510
sh setup.sh
A much easier intallation is with apt-get
Use the procedure as it appears in http://webmin.com/deb.html
Edit the /etc/apt/sources.list file on your system and add the line :
Code: [Select]
deb http://download.webmin.com/download/repository sarge contrib
You should also fetch and install the GPG key with which the repository is signed, with the commands :
Code: [Select]
cd /root
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
You will now be able to install web with the commands :
Code: [Select]
apt-get update
apt-get install webmin
DON'T FORGET that YOU MUST USE WEBMIN WITH VERY GREAT CARE, as it overlaps with eBox
6
Installation and Upgrades / Re: Cant configure DHCP
« on: June 24, 2010, 08:08:48 pm »
- In Nework section you set the DNS of the box. This is the DNS that you ISP provides you (or you can add as many DNS servers as you want). They also act as resolvers
- One Of your interfaces (eth0) must be marked as external and must be connected to a route that leads to your ISP
- In DNS section, you set your internal DNS, for your domain (if you set any and you want every internal client have a unique -- resolved by you, name)
- In firewall you must allow every internal client to have access to internet
- In DHCP section, for the second interface (eth1) (AND ONLY FOR THIS) you must set:
as gateway your ebox server,
as Primary Nameserver your local eBox DNS,
as secondary (your ISP's DNS)
AND you must add new range for you clients (e.g 192.168.1.10 - 192.168.1.100)
With the above you MUST have internet access from everywhere (ebox and clients)
If you can not access internet from clients, you should see the client's local firewall (if any)
- One Of your interfaces (eth0) must be marked as external and must be connected to a route that leads to your ISP
- In DNS section, you set your internal DNS, for your domain (if you set any and you want every internal client have a unique -- resolved by you, name)
- In firewall you must allow every internal client to have access to internet
- In DHCP section, for the second interface (eth1) (AND ONLY FOR THIS) you must set:
as gateway your ebox server,
as Primary Nameserver your local eBox DNS,
as secondary (your ISP's DNS)
AND you must add new range for you clients (e.g 192.168.1.10 - 192.168.1.100)
With the above you MUST have internet access from everywhere (ebox and clients)
If you can not access internet from clients, you should see the client's local firewall (if any)
7
Installation and Upgrades / Re: Clear Instructions for upgrade 1.2 to 1.4
« on: June 24, 2010, 07:10:44 pm »
I did some testing.
The upgrade procedure from 1.2 to 1.4 is full of questions on replacing *.conf files.
As I know, those files are maintained by ebox, so I think that either answer (yes or No) would do the same.... nothing. Am I correct??
Anyway, I saw that you made a new forum for the beta testers. I think that it would be nice to have a forum for the 'updaters - upgraders'.
In my experience, what makes a product 'ready for production' is the 'update- upgrade process' and the full documentation of it.
I am reading the forum, since the 1.0 version (and as the time passes) I find it difficult to keep up with the new versions, because the documentation and the how-to are placed all over the forum.
In my belief you should take extra care of users, that already have a production install, so as to convince them to keep up with ebox
Thanks
The upgrade procedure from 1.2 to 1.4 is full of questions on replacing *.conf files.
As I know, those files are maintained by ebox, so I think that either answer (yes or No) would do the same.... nothing. Am I correct??
Anyway, I saw that you made a new forum for the beta testers. I think that it would be nice to have a forum for the 'updaters - upgraders'.
In my experience, what makes a product 'ready for production' is the 'update- upgrade process' and the full documentation of it.
I am reading the forum, since the 1.0 version (and as the time passes) I find it difficult to keep up with the new versions, because the documentation and the how-to are placed all over the forum.
In my belief you should take extra care of users, that already have a production install, so as to convince them to keep up with ebox
Thanks
8
Installation and Upgrades / Re: First time setting up eBox, DHCP is working but traffic isn't being routed
« on: June 18, 2010, 03:27:25 pm »
Sorry... I didn't see carefully what your networks were (which actually was one network)
UdoB is correct. But don't forget to set the gateway.
To allow networks interconnection, you must place rules in the "Rules for internal networks" section of firewall.
You don't have to disable the interfaces, just follow UdoB instructions and change the ip/network mask on each one of them.
UdoB is correct. But don't forget to set the gateway.
To allow networks interconnection, you must place rules in the "Rules for internal networks" section of firewall.
You don't have to disable the interfaces, just follow UdoB instructions and change the ip/network mask on each one of them.
9
Installation and Upgrades / Re: First time setting up eBox, DHCP is working but traffic isn't being routed
« on: June 18, 2010, 01:37:36 pm »
There are two kind of logic you can apply
1) Allow everything from everywhere. When all is good, start denying service, until you have only the necessary
2) Block everything from everywhere (EXCEPT ebox administrator and probably ssh). Then start opening port and services.
It would be better to use the default rules and start opening ports.
Create the appropriate services (ICMP for ping etc) and allow everything from everywhere.
Keep in mind that everything refers to the services you have ALREADY implement
1) Allow everything from everywhere. When all is good, start denying service, until you have only the necessary
2) Block everything from everywhere (EXCEPT ebox administrator and probably ssh). Then start opening port and services.
It would be better to use the default rules and start opening ports.
Create the appropriate services (ICMP for ping etc) and allow everything from everywhere.
Keep in mind that everything refers to the services you have ALREADY implement
10
Installation and Upgrades / Re: First time setting up eBox, DHCP is working but traffic isn't being routed
« on: June 18, 2010, 11:39:06 am »
Check you firewall's rules
11
Installation and Upgrades / Clear Instructions for upgrade 1.2 to 1.4
« on: June 17, 2010, 08:44:40 pm »
I am using ebox 1.2 since the beginning and I have not any problems (now....)
I am looking in the forum, and I haven't find clear (and complete) instructions for the upgrade from 1.2 to 1.4.
I have read the http://trac.ebox-platform.com/wiki/Document/Documentation/Updates , and as I understand I have to manual add (or replace) the reposiroty:
deb http://ppa.launchpad.net/ebox/1.4/ubuntu hardy main
in /etc/apt/sources.lst
do an apt-get update
and an apt-get dist-upgrade
Is this enough?
Will my /usr/share/ebox/stubs/ directory be replaced?
Will my /usr/share/squid/mime.conf will be replaced?
Will my /etc/ldap.secret be replaced?
Do I have to backup my changes?
Is there anything else, I have to keep in mind?
The above questions (and many more) are related with one of my ebox installations, a box acting as router, proxy, vpn, gateway, dhcp etc
I would like to know if this is a completely safe operation (the upgrade) after all.
I am looking in the forum, and I haven't find clear (and complete) instructions for the upgrade from 1.2 to 1.4.
I have read the http://trac.ebox-platform.com/wiki/Document/Documentation/Updates , and as I understand I have to manual add (or replace) the reposiroty:
deb http://ppa.launchpad.net/ebox/1.4/ubuntu hardy main
in /etc/apt/sources.lst
do an apt-get update
and an apt-get dist-upgrade
Is this enough?
Will my /usr/share/ebox/stubs/ directory be replaced?
Will my /usr/share/squid/mime.conf will be replaced?
Will my /etc/ldap.secret be replaced?
Do I have to backup my changes?
Is there anything else, I have to keep in mind?
The above questions (and many more) are related with one of my ebox installations, a box acting as router, proxy, vpn, gateway, dhcp etc
I would like to know if this is a completely safe operation (the upgrade) after all.
12
Installation and Upgrades / Re: HOWTO: WEBMIN installation
« on: June 17, 2010, 02:50:03 pm »
Webmin is a great tool.
The problem is, that it overlaps ebox in many cases (samba, printers, network, firewall etc).
The good thing, is that if someone knows, what he is doing, it (webmin) can be a good tool, that "fills the gaps" (bootup scripts, cron jobs, grub manager and many more frontends for system internal)
So you may use it with very great care.
The problem is, that it overlaps ebox in many cases (samba, printers, network, firewall etc).
The good thing, is that if someone knows, what he is doing, it (webmin) can be a good tool, that "fills the gaps" (bootup scripts, cron jobs, grub manager and many more frontends for system internal)
So you may use it with very great care.
13
Installation and Upgrades / Re: Samba shares - permissions for subdirectories.
« on: December 23, 2009, 01:11:29 am »
Ensure that the parent folder is shared to ALL the users you want to access it
make the individual folders in the parent folder
the admin folder MUST have 660 permissions. the owner user is one of the admins group and the groups must be the admin group.
e.g
the folder PARENT is shared to ALL users through ebox interface
that means that when you do ls you must see owner:ebox, group:ALLUSERS (assuming that ALLUSERS is the default group for all your users)
in the PARENT folder (from the cli) make one folder ADMINFOLDER and change the ownership "chown adminuser:ADMINS" and "chmod 770 ADMINFOLDER" (assuming that the adminuser is a user int the ADMINS group)
restart samba
Now all users in the group ALLUSERS can browse the samba share PARENT.
But only the users in the ADMINS group can browse and write in the ADMINFOLDER.
So it is a two step procedure
1) make the share as usual
2) from the cli, assign the permissions to the specific folder
The only problem is that the files and folder that will be created in the ADMINS folder, will have permissions that will allow ALLUSERS to access them, AS SOON AS they are in the folder. But this is not going to happen, as the linux filesystem, will not allow them to 'enter' the directory ADMINS (remember that the ADMINS folder must have file permissions that allows ONLY the ADMINS group to read/write in the directory)
make the individual folders in the parent folder
the admin folder MUST have 660 permissions. the owner user is one of the admins group and the groups must be the admin group.
e.g
the folder PARENT is shared to ALL users through ebox interface
that means that when you do ls you must see owner:ebox, group:ALLUSERS (assuming that ALLUSERS is the default group for all your users)
in the PARENT folder (from the cli) make one folder ADMINFOLDER and change the ownership "chown adminuser:ADMINS" and "chmod 770 ADMINFOLDER" (assuming that the adminuser is a user int the ADMINS group)
restart samba
Now all users in the group ALLUSERS can browse the samba share PARENT.
But only the users in the ADMINS group can browse and write in the ADMINFOLDER.
So it is a two step procedure
1) make the share as usual
2) from the cli, assign the permissions to the specific folder
The only problem is that the files and folder that will be created in the ADMINS folder, will have permissions that will allow ALLUSERS to access them, AS SOON AS they are in the folder. But this is not going to happen, as the linux filesystem, will not allow them to 'enter' the directory ADMINS (remember that the ADMINS folder must have file permissions that allows ONLY the ADMINS group to read/write in the directory)
14
Installation and Upgrades / Re: Squid caching exemption
« on: December 13, 2009, 01:30:34 am »
the previous post is for the client which connects to the cammeras
to prevent caching from anyone who reaches the cameras (x.y.z.w/24 net):
acl nocacheme dst x.y.z.w/24
always_direct allow nocacheme
cache deny nocacheme
to prevent caching from anyone who reaches the cameras (x.y.z.w/24 net):
acl nocacheme dst x.y.z.w/24
always_direct allow nocacheme
cache deny nocacheme
15
Installation and Upgrades / Re: Two Network Problems
« on: October 30, 2009, 01:28:40 pm »
In the beginning I had my vpn listen on the (one) external interface and I forwarded traffic only from one (1) adsl router.
The same happened that time. The same things happen now that I forward traffic from 3 adsl routers.
I have advertised all my internal networks (5) and the one external.
Do you mean that If I (and I do) advertise (among the other internal networks ) and the external one, then my vpn connection will be treaded as external
Do you mean that I mustn't advertise the external network?
The same happened that time. The same things happen now that I forward traffic from 3 adsl routers.
I have advertised all my internal networks (5) and the one external.
Do you mean that If I (and I do) advertise (among the other internal networks ) and the external one, then my vpn connection will be treaded as external
Do you mean that I mustn't advertise the external network?