Zentyal firewall basic configuration

Zentyal firewall basic configuration

When you access the web interface for the first time, a configuration wizard will start. To start with, you can choose the functionality for your system. To simplify this selection, in the upper part of the interface you will find the pre-designed server profiles.

Zentyal profiles

Zentyal profiles available for installation:

Zentyal Gateway:

     Zentyal will act as a gateway of the local network, offering secure and controlled access to Internet.

Zentyal Infrastructure:

     Zentyal manages the infrastructure of the local network with basic services such as DHCP, DNS, NTP, and so on.

Zentyal Office:

       Zentyal can act as server for shared resources of the local network: files, printers, calendars, contacts, user profiles and groups.

Zentyal Unified Communications:

     Zentyal can act as a communications center for the company, handling e-mail, instant messaging and VoIP.

You can select any number of profiles to assign multiple roles to your Zentyal Server.

We can also install a manual set of services just clicking on their icons, without having to comply with any specific profile. Another possibility is to install a profile and then manually add the required extra packages.

We are going to develop the Infrastructure profile in this example. The wizards you will see during the installation depend on the packages you have selected to install in this step.

Once you have finished the selection, only the necessary additional packages will be installed. This selection is not definitive and later you can install and uninstall any of the Zentyal modules via the software management tools.

Extra dependencies

The system will begin the installation process of required modules and you will be shown a progress bar, as well as some slides offering a brief introduction to core Zentyal functions and the commercial packages.

Installation and additional information

Once the installation process has been completed, the configuration wizard will configure the new modules and then you are asked some questions.

First of all, you are asked for information regarding your network configuration. Then you need to define each network interface as internal or external, in other words; whether it will be used to connect to an external network such as Internet, or to a local network. Strict firewall policies will be applied to all the traffic coming in through external network interfaces.

Initial configuration of network interfaces

Next, you have to choose the local domain associated with our server, if you have configured the external interface(s) using DHCP it may be filled automatically. As said before, our hostname will be automatically added as a host of this domain. The authentication domain for the users will also take this name. You can configure additional domains but this is the only one that will come pre-configured to provide all the information that our LAN clients need for the network authentication protocol (Kerberos).

Local domain for the server

The last wizard will allow you to register your server. In case you already have registered, you just need to enter your credentials. If you still don’t have registered the server, you can do it now using this form.

Both ways, the form will request a name for your server. This is the name that will identify your Zentyal server in the Zentyal Remote interface.

Register your server

Once you have answered these questions, you will continue to configure all the installed modules.

Saving changes

The installer will inform you when the installation is finished.

Initial configuration is finished

Just click the button and access the Dashboard: your Zentyal server is now ready!

Read More

Zentyal installation

Installation

Generally speaking, Zentyal is meant to be installed exclusively on one (real or virtual) machine.However, this does not prevent you from installing other applications, that are not managed through the Zentyal interface. These applications must be manually installed and configured.

Zentyal runs on top of Ubuntu [1] server edition, always on LTS (Long Term Support) [2] versions. LTS has longer support periods: five years instead of three,

You can install Zentyal in two different ways:

1, using the Zentyal installer (recommended option),
2,using an existing Ubuntu Server Edition installation.

In the second case the official Zentyal repositories must be added and installation continued by installing the modules you are interested in [3]

However, in the first case the installation and deployment process is easier as all dependencies reside on a single CD or USB. Another benefit of using the CD or USB is to have a graphical environment that allows the use of a web interface from the server itself.

Ubuntu’s official documentation includes a brief introduction to installing and configuring Zentyal [4]

1, Ubuntu is a Linux distribution developed by Canonical and the community, focused on laptops, PCs and servers: http://www.ubuntu.com/.

2, For a detailed description about the publication of Ubuntu versions it is recommended you consult the Ubuntu guide: https://wiki.ubuntu.com/Releases.

3,  https://help.ubuntu.com/12.04/serverguide/zentyal.html

4, For more information about installing from the repository please go to

Zentyal installer

The Zentyal installer is based on the Ubuntu Server installer. Those already familiar with this installer will also find the installation process very similar.

To start with, you choose the installation language, in this example English is chosen.

Selection of the language

You can install Zentyal by using the default mode which deletes all disk contents and creates the partitions required by Zentyal by using LVM [5] or you can choose the expert mode which allows customised partitioning. Most users should choose the default option unless they are installing on a server with RAID software or they want to create special partitioning according to specific requirements

Installer start

In the next step choose the language for your system interface. To set the language, you are asked for your country, in this example the United States is chosen.

Geographical location

You can use automatic detection for setting the keyboard: a few questions are asked to ensure the model you are using is correct. Otherwise, you can select the model manually by choosing No.

Keyboard configuration 1

Keyboard configuration 2

Keyboard configuration 3

If you have multiple network adapters, the installer will ask you for your primary one , the one that will be used to access the Internet during the installation. The installer will try to auto configure it using DHCP. If you only have one interface, you will not see this question

Select primary network interface

Now choose a name for your server: this name is important for host identification within the network. The DNS service will automatically register this name. Samba will also use this domain name, as you will see later.

Hostname

Next, the installer will ask you for the administrator account. This user will have administration privileges and in addition, the same user will be used to access the Zentyal interface.

System username

In the next step you are asked for the user password. It is important to note that the user defined earlier, can access, using the same password, both system (via SSH or local login) and the Zentyal web interface. Therefore you must be really careful to choose a secure password (more than 12 characters including letters, numbers and symbols).

Password

Here, insert the password again to verify it.

Confirm password

In the next step you are asked for your time zone. It is automatically configured depending on the location chosen earlier, but you can modify it in case this is incorrect.

Time zone

The installation progress bar will now appear. You must wait for the basic system to install. This process can take approximately 20 minutes, depending on the server.

Installation of the base system

Once installation of the base system is completed, you can eject the installation CD and restart the server.

Restart

Now your Zentyal system is installed! A graphical interface in a web browser is started and you are able to access the administrative interface. The first boot will take an extra time while it configures core Zentyal modules. After the first restart, the graphical environment was automatically started, from now on you must authenticate before it begins.

Graphical environment with administrative interface

To start configuring Zentyal profiles or modules, you must insert the username and password indicated during the installation process. Any user you add later to the sudo group can access the Zentyal interface and has sudo privileges in the system.

LVM is the logical volume manager in Linux, you can find an introduction to LVM management in http://www.howtoforge.com/linux_lvm.

Read More

OpenDNS

Using OpenDNS is achieved by making a configuration change in the DNS settings of a network router, on individual computers, WiFi devices, or on internal DNS servers. Once OpenDNS is configured, administrators set and manage OpenDNS's advanced features, such as Web content filtering and security, by logging in to their OpenDNS account.

It is important to understand that OpenDNS advanced settings are applied to a network and those settings are subsequently inherited by all of the computers and devices that connect to that network.

Configuring OpenDNS means that OpenDNS is being specified as the DNS server for a network, usually in place of the DNS servers provided by an ISP. As the DNS server for a network, OpenDNS receives and answers the Internet DNS requests that originate from the computers and devices connected to that network.

For Enterprise networks, configuring OpenDNS typically means using OpenDNS as the forwarders of the organization's internal DNS servers. Since internal DNS server configurations can vary between a single server to multiple servers spread across departments and office locations, specific configurations will vary.

Ultimately, configuring OpenDNS is accomplished by changing a setting within a router, computer, device, or server; regardless of whether in a home, small business or Enterprise environment.

How to create a OpenDNS Account

Using bellow mentioned URL can make a free OpenDNS account for you

https://store.opendns.com/get/home-free?

then register with your E-mail id in the registration box and enter details of the same, after enter the details  "click" continue ,then u will get a new window, see bellow image

Here u can see three sub divisions 1, computer. 2, Router. 3, DNS server. Then u can choose which type of configurations u want, and click the link

if you select computer, next you must enter which operating systems are using for installing openDNS, 

if you select DNS server, you must enter which operating systems are using for installing openDNS, 

if u select Router, u enter which type router you are using,

now we are selecting Router, that time u will get anew window like this.

Next click on which branded router using you are. I selected the NETGEAR router, then u will get a new window and follow this.

Change your settings: Configuration for NETGEAR

1. Type the router's setup URL (http://192.168.0.1) into a web browser address bar

     http://192.168.0.1 is the default Netgear router IP address.

     (http://192.168.1.1 will work for some Netgear models.)

2. Enter the password.

3. Type in OpenDNS addresses in Primary DNS and Secondary DNS fields.

Please write down your current DNS settings before switching to OpenDNS, in case you want to return to your old settings for any reason.

The addresses for OpenDNS are:

208.67.222.222

208.67.220.220

Note: The Netgear WGR614 versions require a firmware upgrade in order to be compatible with OpenDNS. Click here to upgrade

4. Click Apply button.

5. Wait for the settings to be updated.

After the settings have updated, awe highly suggest that you flush your DNS resolver cache and web browser caches to ensure that your new DNS configuration settings take immediate effect.

6. Open Dashboard

Next you will get a new window like this

Type Your own WAN IP in red marked box and Click "add this network". then you will get a new settings window like this.

You can select the WAN IP in the red marked section from this window, after selecting the IP you will get a new window as follows,

In this section, you can select which type of filtering you want(High, Moderate, Low, None or Custom)

In the High filtering you want block bellow site categories

Adware

• Sites that distribute applications which display advertisements without user's knowledge or choice. Does NOT include sites which serve advertising.
• Alcohol
  Sites about alcohol use, commercial and otherwise.
• Chat
  Sites where you can chat in real-time with groups of people. Includes IRC and video chat sites.
• Classifieds
  Sites for buying and selling (or bartering) goods and services. Includes sites with real estate and housing listings.
• Dating
  Sites for meeting other people.
• Drugs
  Sites about illegal or recreational drug use.
• File storage
  Sites that offer space for hosting, sharing and backup of digital files.
• Gambling
  Sites that offer gambling or information about gambling.
• Games
  Sites that offer game play and information about games (news, tips, cheat codes).
• Hate/Discrimination
  Sites that promote intolerance based on gender, age, race, nationality, religion, sexual orientation or other group identities.
• Instant messaging
  Sites that offer access or software to communicate in real-time with other individuals.
• P2P/File sharing
  Sites that facilitate the sharing of digital files between individuals, especially via peer-to-peer software, including torrent sites.
• Social networking
  Sites that promote interaction and networking between people.
• Video sharing
  Sites for sharing video content.
• Visual search engines
  Sites for searching for images based on keywords.
• Weapons
  Sites about weapons, commercial and otherwise.
• Webmail
  Sites that offer the ability to send or receive email.
• Photo sharing
  Sites for sharing photographs, as individual images, galleries and albums.
• Adult Themes
  Sites that are adult in nature and are not defined in other rating categories. Note: This category should only be turned on if you want to be very restrictive on your network.
• Tasteless
  Sites that contain information on such subjects as mutilation, torture, horror, or the grotesque.
• Lingerie/Bikini
  Sites displaying or dedicated to lingerie/bikini that could be considered adult-only.
• Proxy/Anonymizer
  Sites providing proxy bypass information or services. Also, sites that allow the user to surf the net anonymously, including sites that allow the user to send anonymous emails.
• Sexuality
  Sites that provide information, images or implications of bondage, sadism, masochism, fetish, beating, body piercing or self-mutilation.
• Nudity
  Sites that provide images or representations of nudity.
• Pornography
  Anything relating to pornography, including mild depiction, soft pornography or hard-core pornography.
• Forums/Message boards
  Sites with discussions, including bulletin boards, message boards and forums.

In the Moderate filtering you want block bellow site categories

• Adware
  Sites that distribute applications which display advertisements without user's knowledge or choice. Does NOT include sites which serve advertising.
• Alcohol
  Sites about alcohol use, commercial and otherwise.
• Dating
  Sites for meeting other people.
• Drugs
  Sites about illegal or recreational drug use.
• Gambling
  Sites that offer gambling or information about gambling.
• Hate/Discrimination
  Sites that promote intolerance based on gender, age, race, nationality, religion, sexual orientation or other group identities.
• Weapons
  Sites about weapons, commercial and otherwise.
• Tasteless
  Sites that contain information on such subjects as mutilation, torture, horror, or the grotesque.
• Lingerie/Bikini
  Sites displaying or dedicated to lingerie/bikini that could be considered adult-only.
• Proxy/Anonymizer
  Sites providing proxy bypass information or services. Also, sites that allow the user to surf the net anonymously, including sites that allow the user to send anonymous emails.
• Sexuality
  Sites that provide information, images or implications of bondage, sadism, masochism, fetish, beating, body piercing or self-mutilation.
• Nudity
  Sites that provide images or representations of nudity.
• Pornography
  Anything relating to pornography, including mild depiction, soft pornography or hard-core pornography.

 In the Low filtering you want block bellow site categories

• Tasteless
  Sites that contain information on such subjects as mutilation, torture, horror, or the grotesque.
• Proxy/Anonymizer
  Sites providing proxy bypass information or services. Also, sites that allow the user to surf the net anonymously, including sites that allow the user to send anonymous emails.
• Sexuality
  Sites that provide information, images or implications of bondage, sadism, masochism, fetish, beating, body piercing or self-mutilation.
• Pornography
  Anything relating to pornography, including mild depiction, soft pornography or hard-core pornography.

In the None filtering you cannot block any sites categories

In the Custom filtering you want block any site categories with your choice.

Next we selected "Custom" filtering mode, then u can get a sub menu like this

You can choose different site categories from here for blocking your network, then Click Apply, now u are successfully created OpenDNS in your Network,

After completing the OpenDNS configuration you must change all computer Preferred DNS and Alternate DNS

Preferred DNS 208.67.222.222

Alternate DNS 208.67.220.220

Read More

Adding users to Active Directory

Adding users to Active Directory

Click Start, highlight "Administrative Tools" and select "Active Directory Users and Computers"

Now, expand your domain name on the left side, and go to the bottom where it says "Users". Once you click on that, you will see all of the automatically created users, you will also see all of the users you made before you ran dcpromo - that's because they all stay through the promotion to DC. Anyway, to add a user, you can either right click the "Users" folder on the left side, or the blank area on the right side, and highlight "New" then click "User"

In the next dialog we can set the user's First name, Last name and various other pieces of information, including their log-on name, and domain to which we want to add them

After clicking "Next" you are presented with the password-settings screen. You can set the user's password and then have them change it on their first log-on by selecting "User must change password at next logon". But in this tutorial, I will set it as their password, and not allow them to ever change it without asking me (the administrator) to change it for them.

In the next dialog, we get a summary of the user to be created. Click "Finish" and the user has been created.

And we're finished!

Datas collected from - http://www.visualwin.com/New-User-AD

Read More

DNS errors and solving methods

DNS errors and solving methods

Reasons for getting DNS Server Not Responding Error

1. The server which host the website might be temporarily down due to technical reasons

2. The DNS service in your computer is corrupted or not working

3.  Security firewall might have accidentally blocked your PC from communicating with a website or certain websites

How to narrow down the source of DNS server not Responding Error?

1. If you have another computer or mobile device accessing internet from the same network, then check if they are able to access internet. The other mobile device can be a smart phone or tablet. If the other devices have internet connection, then this is an issue with your computer. If the other devices are not able to access internet, don’t waste any time and contact your ISP. Explain them the scenario and they will help. (Some ISP technicians are quick to blame your computer for this issue)

2. Try to access internet using safe mode with networking. It is explained below under the section “How to fix DNS Server Not Responding Error because of a corrupted security”. If your computer is able to access internet in safe mode with networking, a security software or conflicting third party software might be responsible for the problem

3. If you are getting DNS server error only on couple of websites, then it might be a temporary issue with the server which is hosting that website. You can check it using websites like http://downorisitjustme.com. Just enter the name of the website that you would like to check. This website will ping to your destination website and let you know if it is up or down. In case if it shows that the website you want is up and running properly, but you are not able to see it, then the problem is with your computer. If the website is shown as down or not working, you need to wait until the webmaster of the website get the issue fixed

4. Check if the error is a browser problem by browsing websites using different browsers such as IE, Firefox, Chrome, Safari or Opera. This happens rarely, but yet possible. If the error is happening only on a particular browser, then you need to troubleshoot the browser. Following the steps mentioned in IE optimization which fix most issues, no matter which browser you use

How to fix DNS Server Not Responding Error Normally

1. Open command prompt window by clicking on Run –> cmd (run with administrator privilege user)

2. netsh int ip reset c:\resetlog.txt This will reset the ip

3. type netsh winsock reset reset. This command will create a prompt to restart the computer, don’t restart now. This will help reset winsock settings. Although resetting winsock is not related to this error, this might be helpful in fixing other issues which can lead to this error
4. type ipconfig /flushdns This will help in flushing the stored DNS cache

5. Restart the computer and check if the issue is fixed

Try this step if you still have the same problem.

1. Do a power cycle of modem and computer. Turn off your computer and then turn off the modem and router (if present). Keep it turned off for 5 minutes and then restart all the devices

2. Check if the issue is fixed

Still if the issue is not fixed, try the steps below.
1. Open ncpa.cpl from Start tab. This will open network connections

2. Right click local area connection, then click properties.

3. Select Internet protocol version(TCP/IPv4), then click properties.

4. Select internet protocol ,select “use the following DNS server address”

5. Change DNS server address to global DNS value given below

Preferred 208.67.222.222

Alternate 208.67.220.220(You can also use Google’s DNS address Preferred 8.8.8.8 and Alternate 8.8.4.4) 

6, Check if issue is fixed. Changing the Preferred and Alternate error usually fix most of the cases

Data's collected from----http://atechjourney.com/dns-server-not-responding-error-fix.html/

Read More

DNS (Domain Naming System)

DNS (Domain Naming System)

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates domain names meaningful for users to the numerical IP addresses needed for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet

An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer host-names into IP addresses. For example, the domain name www.sbn.com translates to the addresses 192.0.43.10 (IPv4) and 2620:0:2d0:200::10 (IPv6). Unlike a phone book, the DNS can be quickly updated, allowing a service's location on the network to change without affecting the end users, who continue to use the same host name. Users take advantage of this when they recite meaningful Uniform Resource Locators (URLs) and e-mail addresses without having to know how the computer actually locates the services.

The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated. Additionally, the responsibility for maintaining and updating the master record for the domains is spread among many domain name registrars, who compete for the end-user's, domain-owner's, business. Domains can be moved from registrar to registrar at any time.

The Domain Name System also specifies the technical functionality of this database service. It defines the DNS protocol, a detailed specification of the data structures and communication exchanges used in DNS, as part of the Internet Protocol Suite.

The Internet maintains two principal namespaces, the domain name hierarchy[1] and the Internet Protocol (IP) address spaces.[2] The Domain Name System maintains the domain name hierarchy and provides translation services between it and the address spaces. Internet name servers and a communication protocol implement the Domain Name System.[3] A DNS name server is a server that stores the DNS records for a domain name, such as address (A or AAAA) records, name server (NS) records, and mail exchanger (MX) records (see also list of DNS record types); a DNS name server responds with answers to queries against its database.

Read More

DHCP Server

DHCP Server

Dynamic Host Configuration Protocol (DHCP) is an IP standard designed to reduce the complexity of administering IP address configurations. - Microsoft's definition. A DHCP server would be set up with the appropriate settings for a given network. Such settings would include a set of fundamental parameters such as the gateway, DNS, subnet masks, and a range of IP addresses. Using DHCP on a network means administrators don't need to configure these settings individually for each client on the network. The DHCP would automatically distribute them to the clients itself.

The DHCP server assigns a client an IP address taken from a predefined scope for a given amount of time. If an IP address is required for longer than the lease has been set for, the client must request an extension before the lease expires. If the client has not requested an extension on the lease time, the IP address will be considered free and can be assigned to another client. If the user wishes to change IP address then they can do so by typing "ipconfig /release", followed by "ipconfig /renew" in the command prompt. This will remove the current IP address and request a new one. Reservations can be defined on the DHCP server to allow certain clients to have their own IP address (this will be discussed a little later on). Addresses can be reserved for a MAC address or a host name so these clients will have a fixed IP address that is configured automatically. Most Internet Service Providers use DHCP to assign new IP addresses to client computers when a customer connects to the internet - this simplifies things at user level

Setting up DHCP Server
This will serve as a step-by-step guide on how to setup a DHCP server.

Installing the DHCP server is made quite easy in Windows 2003. By using the "Manage your server" wizard, you are able to enter the details you require and have the wizard set the basics for you. Open to "Manage your server" wizard, select the DHCP server option for the list of server roles and press Next

You will be asked to enter the name and description of your scope.

Scope: A scope is a collection of IP addresses for computers on a subnet that use DHCP.

The next window will ask you to define the range of addresses that the scope will distribute across the network and the subnet mask for the IP address. Enter the appropriate details and click next.

You are shown a window in which you must add any exclusions to the range of IP addresses you specified in the previous window. If for example, the IP address 10.0.0.150 is that of the company router then you won't want the DHCP server to be able to distribute that address as well. In this example I have excluded a range of IP addresses, 10.0.0.100 to 10.0.0.110, and a single address, 10.0.0.150. In this case, eleven IP's will be reserved and not distributed amongst the network clients.

It is now time to set the lease duration for how long a client can use an IP address assigned to it from this scope. It is recommended to add longer leases for a fixed network (in the office for example) and shorter leases for remote connections or laptop computers. In this example I have set a lease duration of twelve hours since the network clients would be a fixed desktop computer in a local office and the usual working time is eight hours.

You are given a choice of whether or not you wish to configure the DHCP options for the scope now or later. If you choose Yes then the upcoming screenshots will be of use to you. Choosing No will allow you to configure these options at a later stage.

The router, or gateway, IP address may be entered in next. The client computers will then know which router to use

                                

In the following window, the DNS and domain name settings can be entered. The DNS server IP address will be distributed by the DHCP server and given to the client.

                           

If you have WINS setup then here is where to enter the IP Address of the WINS server. You can just input the server name into the appropriate box and press "Resolve" to allow it to find the IP address itself.

The last step is to activate the scope - just press next when you see the window below. The DHCP server will not work unless you do this.

The DHCP server has now been installed with the basic settings in place. The next stage is to configure it to the needs of your network structure.

Configuring a DHCP Server

Here under is a simple explanation of how to configure a DHCP server.

The address pool displays a list of IP ranges assigned for distribution and IP address exclusions. You are able to add an exclusion by right clicking the address pool text on the left hand side of the mmc window and selecting "new exclusion range". This will bring up a window (as seen below) which will allow you to enter an address range to be added. Entering only the start IP will add a single IP address.

DHCP servers permit you to reserve an IP address for a client. This means that the specific network client will have the same IP for as long as you wanted it to. To do this you will have to know the physical address (MAC) of each network card. Enter the reservation name, desired IP address, MAC address and description - choose whether you want to support DHCP or BOOTP and press add. The new reservation will be added to the list. As an example, I have reserved an IP address (10.0.0.115) for a client computer called Andrew.

if you right click scope options and press "configure options" you will be taken to a window in which you can configure more servers and their parameters. These settings will be distributed by the DHCP server along with the IP address. Server options act as a default for all the scopes in the DHCP server. However, scope options take preference over server options.

Data's are collected from                                    http://www.windowsnetworking.com/articles-tutorials/windows-2003/DHCP_Server_Windows_2003.html

Read More