Koozali.org formerly Contribs.org

Recent Posts

Pages: [1] 2 3 ... 10
1
The SMEs, service servers (antivirus, deployment, more to come) are placed on different remote edu locations.
So a further LAN interface is not practicable. Also all the SMEs and the "service servers" can be found within the same subnet.

It is as more like this:

Code: [Select]
     Internet
        |
     Router & Firewall [LAN 10.1.x.x]
        |
        |-----[antivirus server 10.1.1.50]
        |-----[deployment server 10.1.1.51]
       / \
      /   \
     /     \
    |        SME2 [WAN IP 10.1.1.2]
    |                 [LAN 192.168.2.x]
    | SME1
    [WAN IP 10.1.1.1]
    [LAN 192.168.1.x]

Since each client behind SME1, SME2... does have a unique(!) IP, depending on the SME servers IP (SME3 would have 10.1.1.3 and its clients 192.168.3.x) I can tell the service servers behind wich SME what client can be found.

Now (sadly still) I'd like to enable the service servers to (initially) access the clients behind SME1, SME2, SME3...
Since I spent some time figuring out the iptables clockwork's doing my respect is growing...

Before I even can think about using SME's methods as listed in:
https://wiki.contribs.org/Firewall#Open_Ports_in_Private_Server.2FGateway_Mode

I have questions about to enable the communication from the service servers:

1. iptables -I INPUT 2 -i eth1 -s 10.1.1.50 -j ACCEPT
2. how to forward this to the clients?
3. does there have to be a NAT thing?
4. and how to properly return answers i.e. a ping from 10.1.1.50 to client 192.168.1.10 behind SME 10.1.1.1?

If I'd at least could do so, in the next step I could worry about how to realize this without the thought of missusing init.d or cronjobs to getting this behaviour in iptalbles.

p.s.: Tried adding a local network via the server-manager, but I (I shoudn't wonder, would I?) haven't been able to add the server's external IP range as internal network, since the "service servers" are right within this range. I got something like (translated) "The answer is 'Error the Router-Adress can not be accessed from internal network."

p.p.s. Woud a VPN make any of this more simple? I rather see a solution in the iptables configuration.
2
Italiano / Re: Impossibile abilitare fetchmail
« Last post by ReetP on Today at 10:47:11 AM »
Always start by looking at your logs.

Run this in a terminal when you try to enable fetchmail.

Quote
tail -f /var/log/messages

Are there any errors?
3
Italiano / Impossibile abilitare fetchmail
« Last post by simone686 on Yesterday at 03:45:21 PM »
Salve a tutti...
Ho installato relativamente spesso fetchmail senza problemi, ma nell'ultima installazione (9.2)  non riesco ad abilitarlo.

Anche pigiando su abilita non cambia nulla e mi dice sempre disabilitato.

Ho già creato due utenti e due caselle che attraverso outlook sono visibili e tranquillamente ci ho spostato attraverso imap delle mail che erano archiviate. Ma non potendolo abilitare, le mail nuove non arrivano.

Qualcuno mi può dire dove iniziare ad investigare ?

Avendo avuto zero problemi fino ad ora non ho nessuna pratica con la gestione delle problematiche.

Grazie
4
Français / Re: SME 9.2.0 64 bits - Wake-On-Lan et Veille..
« Last post by ReetP on Yesterday at 03:25:24 PM »
There is a big difference between servers and desktops.

For *most* people they want their server 24/7. Just the way it is. My server here runs my network. No server, no DHCP, DNS, mail, and a lot of other things besides. It is busy most of the day and night - it runs sync and backups & other stuff over night.

If you look in servers settings there are plenty or energy reducing options like throttling CPUs, more efficient CPUs, better thermal efficiency etc etc, and then you have bigger denser drives, and now Solid State drives etc etc. They can slow themselves down and reduce energy a lot without needing to be shutdown.

Computer hardware is not at its best being constantly turned on and off. Much better to be running at a nice stable temperature. The constant temperature changes will affect the hardware and reduce the lifetime, or increase the risk of failure.

It is much faster to wake it up from 'resting' rather than 'sleeping' or 'dead'.

Yes, perhaps you have a backup server that has one function once a day. But that is a specialised machine. It is a simple file store and has none of the normal server functionality (think of it as a complicated network attached drive).

A normal server is multi function. It is a complicated beast running many different tasks. Not the same thing at all.

Notwithstanding this, the point you have missed which I have said previously is that WAKING a machine is NOT the job of the OS. That is a function of the BIOS and/or network card. The OS only takes over once the machine has started, and not before. So that has nothing to do with the OS and it is something that has several easy solutions.

Shutting down is another matter entirely. You can easily script that to do so at a fixed time. The complication is if you want to shut it down when it is idle. What is really 'idle'?

Desktops work that out by keyboard and mouse activity. How do you do that on a server that has no keyboard and mouse connected (mine do not.....)?

How do you also tell it to wake again? It can't detect a keyboard and mouse that are not attached. WoL doesn't really work that way - please have a read about it. As I said above, it is a function of the motherboard and network card, not the OS. Yes, you can set WoL on a network card with Windows, but in reality you are setting a hardware option in the card and Windows will know nothing about a WoL packet waking up the card. If you had the right piece of software you can set it without Windows at all.

https://www.lifewire.com/wake-on-lan-4149800

Quote
It doesn't matter what operating system the computer eventually boots into (Windows, Mac, Ubuntu, or another Linux distribution), Wake-on-LAN can turn on any computer that receives the magic packet. The computer hardware must support Wake-on-LAN with a compatible BIOS and network interface card.

So the point is you are looking for a simple solution to what is actually a complex problem, and most of which has nothing to do with SME..... :-) And that is why you cannot find an answer to your question!

5
Français / Re: SME 9.2.0 64 bits - Wake-On-Lan et Veille..
« Last post by STRyk on Yesterday at 02:11:20 PM »
Bah oui c'était dans cette idée là...
Je suis étonné que lorsque l'on sort de l'utilisation première que tout soit si difficile.
J'imagine que je ne suis pas le seul à avoir eu ce besoin.
J'ai déjà lu que certains parlait d'economie d'energie etc... La mode actuellee (depuis plus de 20 ans lol), qui aurait du se généralisé. Mais dans les faits, non.  :D
6
Français / Re: SME 9.2.0 64 bits - Wake-On-Lan et Veille..
« Last post by mab974 on Yesterday at 08:17:46 AM »
Salut,

ReetP a raison de dire que généralement un serveur SME tourne 24/7.

J'avais commencé cependant à préparer un serveur de sauvegarde pour qu'il se mette en route et en attente toutes les nuits et s'arrête une fois les sauvegardes effectuées.

Cela me semblait jouable mais j'avais du reporter ce projet (comme d'autres !) pour cause de vieille carte mère instable.

L'idée d'un serveur de sauvegarde déporté.... ( dans la maison  :) ) me plaisait assez !!
7
SME Server 9.x / DKIM sign
« Last post by Fumetto on May 26, 2020, 08:32:52 AM »
I have a lot of doubts and I'm looking for someone who will enlighten me.

From the manual I read that to enable the DKIM for the emails sent just do a procedure illustrated in the manual

Code: [Select]
db configuration setprop qpsmtpd DKIMSigning enabled
signal-event email-update
qpsmtpd-print-dns

The last command returns the specifications to be entered in the domain's DNS records. Okay, but I have some doubts.

First: If I use a smarthost for sending, could this cause problems?

Second: the adkim and aspf parameters (on DMARC record) are currently set in "r"; is it necessary for adkim to be in "s" as per the specifications provided by the command on SME? I understand that with "s" a check is made on the sender but it is not clear to me how it works ...

The DKIM record that the provider preset me is "different" from the one that SME gives me; specifically this is what the provider preset me

Quote
"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmWTDqLKkuFsaSgrTv5VDzAGHMF3948wfrBc0O+mEt1WCQod1nP0nMSuiWFc72XeumGRM8nrMZ2NewxbWeRRt9qD4/rk2W3/tkiYRxvIqISYOqUrzJ4HT9FkUkgaKGzqt1I3mEv82W3jIHuoBYb6zB4nzpBRSTLUw55s72ozY8lQIDAQAB;"

and this is what SME gave me



I notice a significant difference; the provider has set me a much shorter public key than the one SME gives me. Among other things, it seems to me that the key is "divided" in two ("... p=first_piece_of_the_key""second_piece_of_the_key;t=y")

So hypothetically, just use the first part of the key? Or do I have to go all out?

Could someone give me some advice to avoid doing damage?

TIA  :)
8
Français / Re: Problème EPEL sur SME 9.2.0 : "epel, repository not found"
« Last post by STRyk on May 20, 2020, 06:39:58 PM »
And my apologies - I normally try and translate to French but just don't have the time.... !
No problem, it's already nice to take time for us.

To concern "Reetp Node repo", I don't understand what it brings. I can now access via epel. :)
Thanks.

Ho... GitHub : another Russian doll !!
Days have passed and I had to do something else.
Now with this accumulation of problems and this Russian doll system, I no longer know why I had to install node...
I will focus on the problem at the beginning. lol

For frenchies:
Pour les Français : utiliser bien ce lien pour SME 9:
https://wiki.contribs.org/Epel#For_SME_9.x
Sélectionnez bien "For SME 9.x"


:)
Résolu !

Solved. Thanks agan ReetP.
9
Français / Re: Problème EPEL sur SME 9.2.0 : "epel, repository not found"
« Last post by ReetP on May 20, 2020, 02:57:35 PM »
And my apologies - I normally try and translate to French but just don't have the time.... !
10
Français / Re: Problème EPEL sur SME 9.2.0 : "epel, repository not found"
« Last post by ReetP on May 20, 2020, 02:56:31 PM »
You do NOT need the epel release rpm. Remember this is SME, not a vanilla CentOS. Things do NOT always work exactly the same. Yum repos are templated. So you need to use the correctly.

Just follow the wiki and add a repo as instructed:

https://wiki.contribs.org/Epel

Reetp Node repo - sorry my fault - I missed some spaces.

Please try it now - I have updated it.

You could try Node 10 or Node 12 - just amend the command eg

Code: [Select]
db yum_repositories set nodejs10 \
repository Name 'Node JS 10' \
BaseURL https://rpm.nodesource.com/pub_10.x/el/6/x86_64 \
EnableGroups no \
GPGCheck no \
Visible yes \
status disabled

Code: [Select]
signal-event yum-modify
Note also you can install 'n' node manager and then swap node versions (I don't really get node at all, but know this much !!)

https://github.com/tj/n
Pages: [1] 2 3 ... 10