yum

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 48 total)
  • Author
    Posts
  • in reply to: Bittorrent #49094

    yum
    Member

    There’s another way to restrict p2p traffic: create QoS classes with high priority and enough bandwidth for known services, such as DNS, HTTP, ICMP, SMTP e.t.c. In classifier assign them to corresponding protocols and ports. All remaining traffic, inlcuding bittorrent will have low priority and bandwidth.

    in reply to: How to Uninstall SNORT? #49075

    yum
    Member

    If you did a backup before installing Snort, you can reinstall Zeroshell and restore profile from that backup.

    in reply to: How to block all internet traffic from an internal Fixed IP #49069

    yum
    Member

    Maybe there are other rules that permit this traffic? It’s better to place this rule :

    I created another rule with Source 192.168.1.25 no target and interface and drop or reject

    to the very beginning of the FORWARD chain, make it number 1.
    I think one rule will be sufficient. Also mark any days you need inside this rule.

    in reply to: DWA-552 PCI card not detected by 1.0.beta12 #48783

    yum
    Member

    According to this article: http://www.thinkwiki.org/wiki/How_to_install_the_development_version_of_atk9k DWA-522 requires ath9k driver. I think it is not included by default into Zeroshell kernel.

    in reply to: login to ZS box via using radius server #48959

    yum
    Member

    If I’m not mistaken, ZS can proxy requests to external RADIUS server only for authentificating WPA clients, not system accounts. ZS users authentificate against local kerberos server.
    From documentation:

    Thanks to the use of Kerberos 5, Zeroshell can establish trust relationships with other realms (these are what the authentication domains in Kerberos 5 are called) and allow users in a domain to access the resources and services of another domain.

    But I’m afraid Microtik doesn’t provide kerberos functionality.

    in reply to: whitelist #48945

    yum
    Member

    Does [Proxy Log] button show anything?

    I think more information cat be viewed via ssh if you invoke command

    /etc/init.d/proxy start
    in reply to: No succes with port forwarding #48943

    yum
    Member

    If you NAT on internal interface, connections from WAN will all have the same IP address. It is not very convenient when analysing log files or using access rules on web server. So I use DNS method.

    in reply to: No succes with port forwarding #48939

    yum
    Member

    Try to add port forward rule for internal (ETH00) interface.

    – virtual server = eht00/EXTERNAL.IP.ADDR tcp 80 192.168.1.4:80

    Or if your LAN uses local DNS server, add A record for web server domain name pointing to 192.168.1.4, this can be easily done via ZS web interface.

    in reply to: Shell Language Change #48932

    yum
    Member

    By default “POSIX” locale is used.

     >locale
    LANG=
    LC_CTYPE="POSIX"
    LC_NUMERIC="POSIX"
    LC_TIME="POSIX"
    LC_COLLATE="POSIX"
    LC_MONETARY="POSIX"
    LC_MESSAGES="POSIX"
    LC_PAPER="POSIX"
    LC_NAME="POSIX"
    LC_ADDRESS="POSIX"
    LC_TELEPHONE="POSIX"
    LC_MEASUREMENT="POSIX"
    LC_IDENTIFICATION="POSIX"
    LC_ALL=

    If your output of locale command dirffers, set values of corresponding variables using export command.

    in reply to: Is it possible to auto provision clients in ZeroShell? #48927

    yum
    Member

    There are hundreds of bash scripts in that folder. They automate many operations, such as adding new firewall rules, QoS rules, managing network interfaces e.t.c.
    For example run

    /root/kerbynet.cgi/scripts/dhcp_addstatic 00 192.168.10.10 AA:BB:CC:DD:EE:FF

    to add new static DHCP entry.

    Remote execution of those commands can be done via ssh:

    ssh root@ZEROSHELL.IP.ADDRESS "/root/kerbynet.cgi/scripts/command_to_run ARG1 ARG2 ARG3"

    To enable remote login via ssh without typing root password you can do next steps (manual copied from page that cannot be found on the web anymore):

    SSH to you ZeroShell firewall and login as “admin” then drop to a shell “S”.

    In the “/Database” directory, create a directory called “startup”.

    Copy “/etc/ssh/sshd_config” to “/Database/startup/sshd_config”.

    Edit “/Database/startup/sshd_config” and comment out “AllowUsers admin”, then uncomment “#AuthorizedKeysFile .ssh/authorized_keys” and save the file eg.
    # AllowUsers admin
    AuthorizedKeysFile .ssh/authorized_keys

    On your other machine:
    Run “ssh-keygen -t rsa” to generate a public / private key pair, in “/root/.ssh/id_rsa”
    DO NOT ENTER A PASSPHRASE

    Copy the contents of “/root/.ssh/id_rsa.pub” using your fav editor to the ZeroShell “/Database/startup/.ssh/authorized_keys” file.

    Create a startup script, “/Database/startup/rc.local” and paste in the following (modify YOUR_ROOT_PASSWORD below)

    #!/bin/sh
    /bin/cp /Database/startup/sshd_config /etc/ssh/sshd_config
    /bin/cp -Rp /Database/startup/.ssh /root/.ssh
    echo “root:YOUR_ROOT_PASSWORD” | /usr/sbin/chpasswd /sbin/service sshd restart

    Login to your ZeroShell web admin and navigate to “Setup”, then “Startup”
    Enable the startup configuration and add “/Database/startup/rc.local” to the Pre-boot startup script and save it.

    Reboot your ZeroShell firewall.
    You should now be able to SSH in as “root” with the password set above and drop to a shell prompt.
    Check that an SSH connection from your LAN box to your ZeroShell firewall returns a “root@ZS root>” without prompting for a password eg.
    ssh -i /root/.ssh/id_dsa root@ZEROSHELL_IP

    This is not very secure but works for me.

    in reply to: Is it possible to auto provision clients in ZeroShell? #48925

    yum
    Member

    Maybe it’s better to use existing billing system and only write some custom rules to communicate with zeroshell router? Backend scripts are located at folder /root/kerbynet.cgi/scripts/.

    in reply to: Forwarding a port into my LAN #48878

    yum
    Member

    You can restrict access to ZS web interface via menu [Setup]->[HTTPS].

    in reply to: [OPENVPN] Host-to-LAN VPN client can not access intranet #48820

    yum
    Member

    Have you enabled NAT on LAN interface of ZeroShell (ETH00)?
    What is your firewall configuration, routing table?

    in reply to: Zeroshell Auto Login – Script #47467

    yum
    Member

    You can force Windows to wait for network initialization as described, for example, here: http://www.boyce.us/gp/gpcontent.asp?ID=39

    in reply to: blacklist not for all users #48788

    yum
    Member

    You can use pfsense distribution. It features squid proxy + squidGuard module. But pfsense lacks some other features that ZS has.

Viewing 15 posts - 1 through 15 (of 48 total)