Search found 1428 matches

by Gordon
06 Dec 2011, 02:37
Forum: B2 & B3 Support
Topic: Locked out by denyhosts?
Replies: 11
Views: 3572

Re: Locked out by denyhosts?

why don't you just add an ALLOW rule on top of hosts.deny to whitelist your IP? It's in the manual... Why not just use the firewall? I've actually been thinking of doing something like this myself - not for LAN connections but when I'm someplace else. The challenge in this is that I cannot know bef...
by Gordon
05 Dec 2011, 02:39
Forum: B2 & B3 Support
Topic: Locked out by denyhosts?
Replies: 11
Views: 3572

Re: Locked out by denyhosts?

ListenAddress does not define *from* which IP you can connect but *to* which IP you can connect. What you did is assign an address that is non-local and to which sshd can therefore not bind itself. A possible fix would be to change the IP address of the B3 so that it matches one of the ListenAdress ...
by Gordon
02 Dec 2011, 02:17
Forum: B2 & B3 Support
Topic: [SOLVED] Zafara possible on B3 ?
Replies: 5
Views: 2575

Re: Zafara possible on B3 ?

well, they call themselves "The Best Open Source Email & Collaboration Software". The community versions is on some sort of altered GPL3 license. Anyway: the source is here: http://download.zarafa.com/community/final/ I was not aware of that. We used to do business with that company back when they ...
by Gordon
01 Dec 2011, 11:02
Forum: B2 & B3 Support
Topic: OpenVPN / PPTP
Replies: 8
Views: 6081

Re: OpenVPN / PPTP

Ah, I see. This is about you wanting to route through either a VPN tunnel or straight onto the net on a per service level. In theory this should be possible. Trick is to first be able to identify the TCP/UDP packets and then mark them using iptables' mangle table. Iproute2 can then use the marked pa...
by Gordon
01 Dec 2011, 10:39
Forum: B2 & B3 Support
Topic: [SOLVED] Zafara possible on B3 ?
Replies: 5
Views: 2575

Re: Zafara possible on B3 ?

Do you mean Zarafa - the MAPI mail server?

I'm afraid not. It's a closed source application that is only available for Intel x86 and x64 class processors.
by Gordon
30 Nov 2011, 04:39
Forum: B2 & B3 Support
Topic: OpenVPN / PPTP
Replies: 8
Views: 6081

Re: OpenVPN / PPTP

I'm not fully getting the 'hide behind another IP' bit? As far as limiting what services can pass through the tunnel that would be managed by netfilter (iptables/xtables) rules. A complicating factor in this might be that some of the services are strictly bound to the internal network interface (eth...
by Gordon
25 Nov 2011, 04:58
Forum: Howtos
Topic: IPsec HowTo
Replies: 1
Views: 4401

Installing OpenSwan with KLIPS

Let's start with some cut-and-paste from the 'Make Strongswan start on a B3' Wiki page. Note: I'm switching display definition for easy copying of the commands. If you see a Number Sign ('#') mentioned in a code box then what follows is a comment and will also be treated as such if you copy it on th...
by Gordon
25 Nov 2011, 04:57
Forum: Howtos
Topic: IPsec HowTo
Replies: 1
Views: 4401

IPsec HowTo

Yes, I know there is a Wiki on this, but this is something else and I should probably therefore call it (Yet) Another IPsec HowTo. I won't, and I will also not write my own Wiki on this because frankly I cannot be certain if what I'm writing here will be fully complete. If someone can verify that th...
by Gordon
24 Nov 2011, 13:03
Forum: B2 & B3 Support
Topic: Bugs in IPSec HowTO (on wiki) and some questions
Replies: 10
Views: 6026

Re: Bugs in IPSec HowTO (on wiki) and some questions

I'll start a draft of what I (think I) did on the Howtos forum.

Should probably be a different wiki item anyway, since I'm now using OpenSwan instead of StrongSwan (FeatureComparison)
by Gordon
24 Nov 2011, 10:05
Forum: B2 & B3 Support
Topic: Bugs in IPSec HowTO (on wiki) and some questions
Replies: 10
Views: 6026

Re: Bugs in IPSec HowTO (on wiki) and some questions

Hi Johannes, I was actually misreading Morgan's post in thinking that he was already at it. Problem is that I already changed so much on my B3, that in most cases I could no longer be sure that anything I'd put on the wiki would be complete (and no, I'm not about to reset it to factory and retrace w...
by Gordon
23 Nov 2011, 13:24
Forum: B2 & B3 Support
Topic: Bugs in IPSec HowTO (on wiki) and some questions
Replies: 10
Views: 6026

Re: Bugs in IPSec HowTO (on wiki) and some questions

Warnings are quite normal when compiling the kernel. Most often you'll see things like something something defined but never used. I agree with that it is a shame that you need to compile the kernel, but there should actually not be a need for recompiling all the modules that are already there. You ...
by Gordon
21 Nov 2011, 13:49
Forum: B2 & B3 Support
Topic: /admin path hijacked for all hostnames
Replies: 7
Views: 3263

Re: /admin path hijacked for all hostnames

Should probably make this a feature request, to have all the bubba stuff consolidated to the bubba vhost definition. If I can add to this, it would also be nice to have the https section in a separate vhost definition file.
by Gordon
19 Nov 2011, 17:18
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 12561

Re: Decent iptables script

ah yeah, i meant that... *dumb* Kinda weird: the last time i did a ifdown br0; ifup br0 it started looking for a dhcp server, even though there is no mention of dhcp in interfaces for br0 or eth1. I recognize that. Can be quite confusing and I am currently struggling with a rather important server ...
by Gordon
19 Nov 2011, 16:22
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 12561

Re: Decent iptables script

Ubi wrote:You mean the INPUT -i eth0 -j accept?
I added the eth1 hoping *something* would improve
Nope. eth0 is the WAN interface. You need to add br0 for LAN (and wireless) access. Adding eth1 does nothing.
by Gordon
19 Nov 2011, 15:46
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 12561

Re: Decent iptables script

@gordon: sorry did not work. Strange, it should have. But your firewall script is wrong. I'm guessing this one belongs to B2 or B3 withouth WiFi since it has a rule for eth1, but this interface doesn't have an IP of its own since it's paired with wlan0 to form bridge br0. It's the bridge interface ...