Forum Replies Created
FWIW, I just upgraded to 3.8.0 from 3.6 using the package manager. No issues at all, if anything memory usage is slightly down and performance seems somewhat better (though it might just be a slow night). I did not install the 64 bit kernel.
Seems you are using wrong DNS servers.
Google DNS servers are: 18.104.22.168 and 22.214.171.124
Also try some other DNS servers, for example your ISP ones.
126.96.36.199, yes, my mistake.
With my ISP’s servers it was worse.
When I get the chance I’m going to try Dansguardian for content filtering so I can turn the HAVP proxy off.
A year later, still the same problem but worse, nobody has any ideas?
I wouldn’t use the proxy at all but I need to block high bandwidth sites, but it’s getting maddening.
The problem is that there seems to be no way to change the description, hostname, or K5 realm of an existing profile, and if I copy a profile, it inherits these things with no way no change them.
You shouldn’t have to do anything special; it should just log in like any other device… at leat mine does.
I’m not onsite at the moment and won’t be until Friday so I can’t confirm the details, but apparently the problem is fixed. 😀 The other guy helping me changed the gateway (I believe he meant the gateway set in the DHCP server) to 192.168.0.75 which is ZS’s WAN IP; previously it was set to 192.168.2.1 which is the LAN IP per one of the howto files in the documentation section.
I think the problem may have been because there wasn’t a default gateway configured (or properly configured) when the first database was set up (how can one edit a database?). There is no “DEFAULT GATEWAY” entry in the static routes list, as there is in the other box I was playing with at home.July 1, 2013 at 7:30 pm in reply to: captive portal, popup, and authenticator validity time #52753June 4, 2013 at 9:51 pm in reply to: captive portal, popup, and authenticator validity time #52752
You misunderstand… I don’t want to limit the connection for any particular user; I would just like to make the popup unnecessary.
I’m unclear on thie too.
ETH00 (192.168.0.75) is my WAN interface, ETH01 (192168.1.1) and ETH02 (192168.2.1) are the LAN side. I currently have the ETH00 of the ZS box connected to an upstream wifi router on the 192.168.0.xxx subnet, and another wifi AP connected to ETH01. This is for testing; ultimately ETH00 will be connected directly to a satellite modem at another location.
I created 3 firewall rules:
1 ETH01 * ACCEPT all opt -- in ETH01 out * 0.0.0.0/0 -> 0.0.0.0/0 no
2 ETH02 * ACCEPT all opt -- in ETH02 out * 0.0.0.0/0 -> 0.0.0.0/0 no
3 * * ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
Then, I set the INPUT chain to “DROP” (OUTPUT and FORWARD are still “ACCEPT”). As I understand it, this should block any unsolicited connection from the ETH00 interface. I should be able to connect to the ZS admin via ETH01 and I can, but if I connect to the upstream router, it should block access… but it doesn’t.
What am I doing wrong?
OK, so with the default http 80 and http 443 and the default “Any IP address from any network interface” I can simply type the external IP + port from any computer anywhere, i.e. 123.456.78.9:443 and it’ll take me to the admin page?
EDIT: Nevermind, I tried the above and it worked… didn’t realize it was set to allow that out of the box. Only hitch was when I was opening the port on the upstream router, it listed zeroshell as 192.168.0.155 in a pulldown though the admin address needed is 192.168.0.75, which it let me manually enter. Now all I have to do is set up dynamic dns since I don’t have a static IP address. Thanks.
Thanks, I don’t know how I missed that… 😳