giancagianca

Forum Replies Created

Viewing 15 posts - 16 through 30 (of 36 total)
  • Author
    Posts
  • in reply to: Unable to Copy or Backup Active Database #48165
    giancagianca
    Participant

    I read on the Italian forum that the backup does not work with the proxy enabled.

    you can disable before backup and enable after.

    bye.

    in reply to: Dansguardian for Zeroshell 1.0.beta12 #48247
    giancagianca
    Participant

    You must download new version. No patch to transfrom beta 11 –> beta 12.

    If you use cd version change cd and reboot. For other version reinstall. Database is the same. Attention if you need to reinstall, save the database.

    Bye

    in reply to: Dansguardian for Zeroshell 1.0.beta12 #48245
    giancagianca
    Participant

    You can upgrade ZS to beta 12 and then install patch BA12.

    For enable dans on beta 11 yuo must install BA00. This patch don’t modify configuration of other patch.

    Bye

    in reply to: Dansguardian for Zeroshell 1.0.beta12 #48243
    giancagianca
    Participant

    For beta 11 you must use patch BA00

    Bye.

    in reply to: nat reflection #45414
    giancagianca
    Participant

    If you access your internal server not with ip but with a simbolic name you can set simbolic name associated with internal ip in dns.

    example internal server 192.168.0.100 you can create a A record with myserver 192.168.0.100

    Now if use simbolic name in broser you are connected to 192.168.0.100.

    Also commercial router have this problem. For example zyxel.

    Bye.

    in reply to: Set up a Domain on ZeroShell for Windows logon #48509
    giancagianca
    Participant

    For emulate windows nt domain controller with linux you need samba. Samba is not installed on ZS. You can configure samba on other linux machine and then use ZS for autheticate samba with ldap/kerberos. With this configuration yu can create a domain controller.

    Bye.

    in reply to: How to use DNS without running DNS server? #48395
    giancagianca
    Participant

    Zs always use internal dns. You can set forwarders.

    For client you set preferred dns.

    Bye.

    in reply to: can’t ping the gateway #48303
    giancagianca
    Participant

    Enable nat for eth01 (in router)

    gateway for pc is 192.168.9.75

    default gateway for ZS is 192.168.1.254

    bye

    in reply to: Config an use Captive Portal time account #48287
    giancagianca
    Participant

    1 Now accouting is not implemented

    2 if mac address of machine is visibile you can autorize mac address in web interface. If you see mac address of AP you can use this metod http://www.zeroshell.net/eng/forum/viewtopic.php?t=1109

    Bye

    in reply to: How to enable Captive portal more than one interfaces? #48268
    giancagianca
    Participant

    you must change only cp_start.

    example.

    iptables -A CapPort -i ETH02 -j CapPortACL
    iptables -t nat -A CapPort -i ETH02 -p tcp –dport 80 -j CapPortHTTP
    iptables -t nat -A CapPort -i ETH02 -p tcp –dport 443 -j CapPortHTTPS
    iptables -t nat -A CapPort -i ETH02 -p tcp –dport $REMOTEPT -j CapPortGW
    iptables -t nat -A CapPort -i ETH02 -p tcp –dport $REMOTESSL -j CapPortGW

    insert this line ar bottom of cp_start

    iptables -I SYS_INPUT 3 -i ETH02 -p tcp –dport 12080:12083 -j ACCEPT

    for enable ETH02
    for another interface change 3 with 4.
    first interface (ETH01) is enable from web interface.

    In web interface you must select for Client Identity only ip address.

    I cannot test with vlan but with i think that work.

    work only in routed mode.

    After change restart captive portal.

    In my test ETH00 public IP ETH01-ETH02 captured

    bye

    in reply to: Installing zeroshell on vmware #48220
    giancagianca
    Participant

    on vmware esxi I enable promiscuous mode for virtual hub.

    I use cdrom version and boot from iso image stored on datastore.

    Bye.

    in reply to: How to enable Captive portal more than one interfaces? #48265
    giancagianca
    Participant

    Today I looked at the script. Captive portal is enabled in /root/kerbynet.cgi/scripts/cp_start

    if [ “$MODE” == Bridged ] ; then
    iptables -A CapPort -m physdev –physdev-in $INTERFACE -j CapPortACL
    iptables -t nat -A CapPort -m physdev –physdev-in $INTERFACE -p tcp –dport 80 -j CapPortHTTP
    iptables -t nat -A CapPort -m physdev –physdev-in $INTERFACE -p tcp –dport 443 -j CapPortHTTPS
    ## iptables -t nat -A CapPort -m physdev –physdev-in $INTERFACE -p tcp –dport $GWPORT -j CapPortGW
    ## iptables -t nat -A CapPort -m physdev –physdev-in $INTERFACE -p tcp –dport $GWPORTSSL -j CapPortGW
    iptables -t nat -A CapPort -m physdev –physdev-in $INTERFACE -p tcp –dport $REMOTEPT -j CapPortGW
    iptables -t nat -A CapPort -m physdev –physdev-in $INTERFACE -p tcp –dport $REMOTESSL -j CapPortGW
    else
    iptables -A CapPort -i $INTERFACE -j CapPortACL
    iptables -t nat -A CapPort -i $INTERFACE -p tcp –dport 80 -j CapPortHTTP
    iptables -t nat -A CapPort -i $INTERFACE -p tcp –dport 443 -j CapPortHTTPS
    ## iptables -t nat -A CapPort -i $INTERFACE -p tcp –dport $GWPORT -j CapPortGW
    ## iptables -t nat -A CapPort -i $INTERFACE -p tcp –dport $GWPORTSSL -j CapPortGW
    iptables -t nat -A CapPort -i $INTERFACE -p tcp –dport $REMOTEPT -j CapPortGW
    iptables -t nat -A CapPort -i $INTERFACE -p tcp –dport $REMOTESSL -j CapPortGW
    fi
    if [ “$WEBLOGIN” == Remote ] ; then
    iptables -A CapPortACL -d $REMOTEIP -p tcp –dport $REMOTEPT -j ACCEPT
    iptables -A CapPortACL -d $REMOTEIP -p tcp –dport $REMOTESSL -j ACCEPT
    fi

    INTERFACE is selection in web configuration.

    You can add new section witch enable captive portal on other interface.

    If you want to make permanent changes http://www.zeroshell.net/forum/viewtopic.php?t=382

    bye

    in reply to: How to enable Captive portal more than one interfaces? #48262
    giancagianca
    Participant

    Standard ZS captive portal can handle only one interface.

    You can try (not tested) to add rule to firewall Chain CapPort from console.
    Normally is

    Chain CapPort (1 references)
    pkts bytes target prot opt in out source destination
    44M 23G CapPortACL all — ETH01 * 0.0.0.0/0 0.0.0.0/0

    ETH01 is interface in my configuration

    you can try to add other rules for your interface.

    If not work you can modify script that autorize user.

    /root/kerbynet.cgi/scripts/cp_authorize_client

    this script change firewall chain when one user login or logout.

    If I remember correctly interface appear only in chain CapPort

    bye.

    in reply to: HTTPS over proxy #48206
    giancagianca
    Participant

    HAPV proxy cannot handle https traffic. If i remember correctly transparent proxy cannot handle https traffic

    Bye

    in reply to: Question about URL allowed? #48203
    giancagianca
    Participant

    Captive portal
    Free authorized and select services
    Insert new rule

    ip address
    port (80 http,443 https ……. )

    Bye

Viewing 15 posts - 16 through 30 (of 36 total)