Ubuntu Servers :: Lock Down An Office Network With A Gateway Server?
Aug 4, 2010
I am looking for some advice on how best to lock down our office network to keep our employee's from wasting time on sites like facebook and ...... This will be my first time setting up a server as a gateway in a production environment so I thought I should get some suggestions on what the best packages would be to do this.
I essentially need to lock down our network so that i can monitor what everyone is doing on the Internet and block it if needed. it doesn't have to be web based or have a bunch of gui's, im fine with command line, configs and log files, but it would be nice.
I'm interested in commercial products as well as long as they are linux based.
I have openSUSE 11.2 installed and i need to create a gateway server that allows virtual private network connections. I want to play with my friends some lan games, but we are in different networks, so i want to create this gateway server so we can connect with VPN clients to this server and play freely.
Small office... 20-30 computers all windows based. xp/vista/windows 7. 3 Servers running ubuntu 10.04... 1 domain controller, and two file servers with samba. We want to be able to login once in the morning, and then not have to worry about users/passwords at all throughout the day. So I was thinking that I could setup a PDC and then make the two filservers both BDC's and use ldap to authenticate everything. Would this even work out? and is there a better way to do it?
I am wanting to setup an office network consisting of three computers and one server. We already have the equipment ready with Vista Business pre-installed on the computers. I want to be able to create a network which allows users to use any machine as this will reduce downtime should a machine break. Also I would like user's files to be held centrally on the server which makes backups easier.
The most important element here is data backup. As like most businesses we are moving away from paper and using the computers to store important records such as customer information. If this data were to be lost, the business would come to a complete halt.
I have been looking at the idea of installing a Microsoft Small Business Server as it would be nice to have centralised control of the machines. However the cost would be over 800 which can not be justified for three machines and five users. Therefore I am turning to Linux for a alternative solution. I have previously used CentOS and Ubuntu for home use but never really gained much knowledge or experience of either.
It is my understanding that Samba can act as a Primary Domain Controller, which if I'm not mistaken is where it handles the network logins and profiles. Is this correct? I have come across many samba tutorials online but whats confusing is they are all different. Some of the tutorials involve using Kerberos and OpenLDAP. Do I need to learn about either of these? What do they do and what benefit will they bring?
Finally, I see Samba 4 is in development and is likely to bring a lot of new features which aren't available in Samba 3. Is this worth waiting for because I don't want to be upgrading everything again 6 months down the road?
So I've been asked to install a file/printer server and, possibly, inet proxy for a small office (5 PCs). My concern is: There are:4 PCs on XP x32 1 PC on Win7 x642 Printers, one of them with a scanner Some buisness software they use does not cope with win7.Had hard time installing additional x64 drivers for printer (which are obsolete by now, I guess). Network runs on a simple router which is connected to internet. For now they have been using simple sharing of C: folders, which had freaked my out a bit.
So..Despite XP being old and a presence of x64 machine on the network, do I:install x64 server edition install x32 one What additional software, besides Samba and printer/scanner drivers, I will need to handle both architectures? I have rather basic understanding of how servers work, i.e. I run samba, apt-cacher, torrents on my home network.
Does anyone know if you switch networks Where you have your servers hosted on a Non-DHCP Network, and you switch your IP addresses, then do you have to switch change/assign your new gateway address? I'm not sure if its manually assigned? How do you do it? Also what about nameserver resolving?
I had configured openvpn in my fedora 7. every thing seems ok. created all server,client certificates. and at client laptop i am using win xp. i installed vpn at client laptop n vpn is connected and client got the ip address of the range which i had defined in server.conf.
Now the problem is this that client vpn is connected and got the ip even than client not able to ping local network of my office.guys ur support n guidance needed.
in my office i had configured openvpn on fedora 7, no problem in server side. my network is like this.Office Lan - 192.168.1.0/24vpn machine - 192.168.1.141/24 - (done port forwarding at router)now i had some clients who wants to access office lan from outside so i installed client certificates on their laptop whose OS is XP so my XP clients r easily le to connect to vpn from outside n can access the office lan i.e 192.168.1.0,but problems comes with the VISTA clients who r having VISTA can connect to vpn machine n they get the ip from linux vpn machine but VISTA client cant ping my office network i.e 192.168.1.0/24
Last weekend i've set up my first headless ubuntu home file server and torrent downloader with ubuntu 9.10.Very cool but CPU is way too fast for a home server: P4 HT 2.8Ghz, unfortunatly it has only 256Mb of ram, so no X server and no VNC (old HP office pc) At the moment memory usage is only 40Mb without X server. Besides SSH works just fine Few questions i can't seem to find answers to on google:What is a good CL network monitoring program?mething similar to htopUbuntu 9.10 has a lot, about 20-30, console-kit deamon instanses running after boot each using some memory that i can't spare.
When i connect windows server 2003 from ubuntu these error displayed .When i installing the tsclient, by executing these following command from a Terminal window:
sudo apt-get install tsclient
When i run these command the following error displayed.
E: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
I am trying to setup a file server for a small office but have hit a couple of hurdles, is there a step by step guide how to setup a network for windows and mac computers to use it? I had setup a share etc but once I restarted the server all the files disappeared which I had in the home folder? Also when I setup users how can I use passwords that I select as everytime I set one it encrypts it and uses that instead of my one?
I have a fast computer in my office and I want the person using the slow computer in the same office to boot up and see the login window (gdm) and log-in from there into the fast computer and be able to use their session on the fast computer the same time I am locally logged in to the fast computer as a different user and session.Is this best done through XDMCP? Where is a good tutorial on how to set this up?
I'm trying to replace an office file server. I would like to avoid just another samba share.
I'm looking for a document repository, a bit more functionality than a plain samba share and very cross-platform.
I've looked a couple minutes at dspace, but that seems like a lot of work just configuring it. Dropbox would be fine except that they only have up to 100g, and it's off-site.
This is NOT for unauthenticated public use.
Here are some features I have in mind:
1. Web front end. 2. Any file format from a one-line text document to a Microsoft Word document to an ISO of a blu-ray disk to a very large database backup, binary or text. 3. Cross-platform clients, mostly Mac. 4. Authenticated via centralized one-login server or maybe by a key such as an SSH public key. 5. Searchable by terms, name or content if the type is appropriate. 6. Pass in the URL for an object and have the server download it. 7. Stores files in native format so if the app breaks I can just get the files.
how can i make openvpn to access my entire office lan network through linux firewall. how can i allow remote client with (private ip)to access my entire ofice network through linux firewall
Our primary mail server is Exchange 2003 Standard on Windows Server 2003 Standard - don't shout at me; I inherited it already set up this way.I have a couple of hardware identical redundant servers (HP ML350 boxes), all with very fast 2 or 4 disk arrays, multiple core CPUs and plenty of memory, and I am looking at two potential new additions to the infrastructure.
A secondary mail server is high on my list of priories. I've been well and truly bitten by Exchange in the past and given that this particular box has been running four years straight and that it's mail store is dangerously large, having a secondary mail server in place suddenly makes a lot of sense.
A new Exchange 2010 box is currently being set up, but the secondary mail server will remain in place even when the new Exchange server is brought online, so this won't be a wasted exercise.... I also want a gateway box in place to filter and relay mail to the primary server, or to the secondary server if the primary is unavailable. Currently our outer perimeter is:
Untangle running in bridged mode (primarily used for SPAM filtering, URL blacklisting, and very little else) Exchange 2003 sits behind the Untangle box. This is how I want to end up:
CISCO >> Draytek >> Ubuntu gateway >> Exchange/secondary mail server
I know I could replace/remove the Draytek but I want it to remain for several reasons, including lots of VPN dial-in users already configured and that it offers us an additional layer of email antivirus scanning before things hit the Exchange box. No point switching all of our remote workers over to new tunnels unnecessarily...
I have done some research and have started testing a pilot secondary mail server using Ubuntu/postfix DNS is properly set up and MX records and reverse PTR records are all present and correct, and things are looking encouraging so far. Before I go out over deep waters and start to flounder, has anyone who has done something like this got any obvious howlers I should be looking to avoid ?
I installed openSUSE on one of my work system. The network port wasn't working when I was installing, but works fine now (checked in Windows). But for some reason, I am not able to configure the network. I used both Dynamic and Static IPs (both work fine in Windows) but still no go. I am using Yast Control Center for this purpose. I can't even ping the default gateway when I am using custom settings. When I use dynamic settings, it says Unreachable Network.
Why trying to avoid ranting about my Linksys router, I'll try and keep things short. I have a Linksys router in which the default firmware was terrible and would not correctly renew its DHCP lease. After getting feed up with that I flashed dd-wrt on the router and now it works better but randomly DNS queries would stop being resolved. To rule out the chances that it is my ISPs DNS servers I switched my DNS to openDNS, same problem happens (although I have to admit openDNS is a lot better than what my ISP has).
Anyways I'm about feed up with it and about an inch away from drop kicking the thing out my window. To avoid that I figured I will give it one more change and instead of using my Linksys as my network gateway I'll move all of that to my home server, and make the Linksys just an wireless AP. Besides setting up DHCP, DNS, and iptables on the server is there anything else I will need to know and setup on the server to make this work?
Side note anyone using openSUSE for DHCP know if setting up reserved IPs for certain MAC address is possible?
I am attempting to setup a network to network VPN tunnel between our main office and a temporary location. This location need full VPN access back to the main office's network.Anyhow we have spent about 3 solid days attempting to make this work without any great success. Here is our network scheme for these two devices.
Network A (Main Office) (OpenBSD using isakmpd) Network: 172.16.8.0/24 External IP: 1.1.1.1 (obviously not the real IP)[code].....
I have installed a linux server in my office to run 16 machines. Its main use will be a internal mail server but will be also running websites.
I have installed Ubuntu 9.10 server x64 and have got apache running.
I am looking for the simplest more robust solution for smtp, pop3 and imap. I have only ever used qmail before and found it a pain to configure and its getting old so I though I should probably try something new. I have not much experience with running pop3 or imap on linux so would love a suggestion on that.
I'm having some difficulty with a internet/vpn setup. I have 3 network adapters on the server. 1x is used to connect it to the rest of the network 1x is used to provide internet (squid,dansguardian) 1x is used to connect to the vpn router
My interfaces file looks like this:
Code: # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback
[Code]...
The problem that I have is this: When the gateway on eth2 is set to 10.0.2.2 the VPN works 100% but there is no internet. When the gateway on eth2 is set to 192.168.0.6 there is internet but no VPN.
So what I want to do is, route all traffic that is supposed to go to 10.0.2.0/24 and 10.0.3.0/24 to eth2 and all internet traffic to eth0.
I successfully configured my local DNS server. I have server1.mydomain.com, pc1.mydomain.com and so on ..
The problem is that my website is hosted on an external server (not on the local network), so www.mydomain.com is not found in the configured zone/subnet
How can I tweak my DNS to fetch ALL subdomains from the gateway (just as it went before the DNS existed)?
I have 2 nameservers setup, a master and a slave. when I first setup the slave, I restarted bind9 and all of the zone records propagated just fine. Today, I updated one of the records on the master (no problems), but when I restarted bind9 on the slave it gave me a FAILED message. I checked the log and it was trying to receive notify's from my gateway address (192.168.10.1), and got "Failed to update from non-master". I did some research and found several people having a similar problem, but their slaves were trying to update from their own IP, not from the gateway IP. I tried their solution (allow-notify { 192.168.10.1; }) but all that did was allow the slave to restart bind without errors, it still doesn't update the records. It says "zone is up to date" but it's not.
So what I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
I have just started using using Ubunu 9.04. I have to manually configure network to connect to the net. Gateway values when entered are not saved, they come back to 0.0.0.0, I am also required to enter workgroup, How do I do it?
i have setup an open vpn server and when i connect to it the client pulls an IP and but not default gateway. My goal is to route all web traffic through the VPN... My config file looks like this...
Code:
dev tun proto tcp port 1194 ca /etc/openvpn/easy-rsa/keys/ca.crt
I have one linux server act as gateway which is run on fedora platform. The problem occured recently when it keeps on shutting down itself during the weekend.. I have no idea what caused this autoshutdown. For your info, the server is NOT scheduled to auto-shutdown mode.
Recently my OS hard drive died on my wonderful ubuntu server, so I took that chance and upgraded it to 10.04 ... Everything works great except I cannot get any other computer in the house(windows and linux) to see the computer or the samba shares. It is not just the shares that are missing but the server itself does not show up. For my windows machine I verified the workgroup is correct and it still does not show up as a device on the network, ditto for my ubuntu desktop install.Here is my smb.conf
