Re: [swinog] VPN OTP Solution
Andre Keller wrote: > For a costumer project I am looking for a VPN Solution with One Time > Password that integrates with Microsoft ADS (yeah I know ;-)) > http://www.zyxel.com/web/product_family_detail.php?PC1indexflag=20040908175941&display=7999&CategoryGroupNo=96C9CDE6-F2AA-4D84-9D62-311A7CCD996C or http://www.zyxel.ch/products/security+software/zyxel_set_a_10_user_token.html (german) It works with the Zyxel firewalls and VPN appliances but also includes a RADIUS-server to connect other devices and a plugin for Windows logon. The server software can connect to ADS according to the documentation: "The ASAS system uses LDAP to enable you to pull user identities from your user management system, such as Unix Yellow Page, Active Directory or Novell. The current usernames and user information thus replicated is synchronized with the ASAS Database and can be used for ASAS System two-factor authentication." Best regards, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Firewall recommendation for a rack of webservers?
Hello! On Wed, June 18, 2008 2:06 pm, Olivier Mueller wrote: > Is there anything you can recommend in this case? It if was only me, > I would take something there: > http://pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50 > and start with that. But the customer would also like to see some "non > open-source"-based solutions... :> I would go with pfSense, but a Zyxel Zywall could also be an option if it should be a "commercial solution". Reasonable price, many features, rackmount kit available and very good support. Regards, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
On Wed, March 5, 2008 11:26 pm, Stanislav Sinyagin wrote: > + 3-4 hours to read all the pieces of documentation, choosing the right > board that you want to use, all the software options that are available, > adding the wireless cards of proper vendor, chatting on this list etc. You're right, I didn't think of that point. As a linux guy, I know what things like "dd" and "/dev/sdb" mean, but a windows admin would have to spend some time to get the point. If I would have to configure a PIX, I had to read through the documentation for at least 4 hours. ;-) > just my two cents, I'm vendor-agnostic, and open source supporter :-) I'm pleased to hear that! ;-) If you need (or want) to install pfSense, I would be happy to help you. Regards, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
On Wed, March 5, 2008 9:45 pm, Stanislav Sinyagin wrote: > according to what this guy writes, > http://rockpenguin.wordpress.com/2008/02/23/installing-pfsense-on-the-ali > x2c1/ such thing as a firewall based on Alix platform requires at least > few days of work for a guy on a salary with nothing else to do :) If you > start counting the cost of worktime to have it up and running, probably > any off-the-shelf firewall would be much more affordable. Or even a Cisco > 8XX router, whatever current SoHo series they have :) I get your point. You have to do some work to get it running, but its far away from days. If you don't need serial access, you can skip the part with the baud-rate configuration. The interfaces can be assigned from the web interface. (And you don't have to unmount the CF card as stated in the article, because dd doesn't need it mounted.) I get an ALIX up and running in about an hour incl. (simple) configuration. And at least you get a nice enclosure. There's no cool company logo on it, but it doesn't look like homemade. By the way, if you want a "turn-key" solution, you can buy it assembled and installed: http://shop.a-enterprise.ch/product_info.php?manufacturers_id=12&products_id=29 However, there is a downside: You get no support for the entire product. If the hardware fails and the boards are sold out, you probably have to wait rather long. (But at this price, I always have a board in reserve.) Regards, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] VDSL/Zyxel P2802 HWL not 'strong' enough for a small company LAN?
Hello! On Wed, March 5, 2008 2:31 pm, Olivier Mueller wrote: > Is it possible that the Zyxel device is not the proper one anymore for > this case? I don't know the situation on current Zyxel hardware, but my Prestige 642R couldn't handle all connections for my needs. > What would you try next? If you think I should get some more hardware > (and use the Zyxel as a bridge), what would you then recommend ? I personally would buy an Alix board from pcengines.ch (costs about CHF 150 with 3 LAN interfaces), install pfSense on it, switch the Zyxel to bridge mode and be happy. ;-) With the Alix, you would also gain extra benefits like complex packet filter rules, traffic shaping, traffic graphs etc. (see pfsense.com for full feature list). Regards, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] affordable queueing solution for a small network?
Hi Lothar! On Fri, February 29, 2008 8:36 pm, Lothar Gramelspacher wrote: > I am aware of m0n0wall and have played with it in my home environment, > but have no experience how it you scale What about pfSense [0]? It is based on m0n0wall and has some more features. As stated in the Wiki [1], a 200 MHz system with 128 megs of RAM should suffice for up to 8 Mbps. I run it on a WRAP (266 MHz AMD Geode CPU). On full utilization of my 20Mbps VDSL line with bittorrent (over 1000 parallel connections) and about 50 filter rules, CPU load never goes over 15%. [0] http://www.pfsense.com [1] http://doc.pfsense.org/index.php/Hardware_requirements#Hardware_Sizing Cheers, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Which Hosting Pannel can you recommend?
On Fri, November 30, 2007 10:06 am, Benoit Panizzon wrote: > So what commercial or non commercial Hosting Pannel Software do you use > or do know which would best fit those requirementes? There is money around > to buy something if it's realy 'the solution'. I asked a similar question about a year ago on this list and got some useful answers: http://osdir.com/ml/operators.swinog/2006-02/msg00033.html I'm not really happy with the control panels i've seen so far. They tend to interfere to much with my "perfect" configuration of the system. If you configure your services to use mysql for authentication and configuration, creating a new customer consists only of some INSERTs. I'm considering to write an own control panel for my needs. A web interface for the admin himself would be relatively easy to implement, but certainly not a full featured solution with a nice looking interface in which the customer can manage things on his own. regards Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] bbcs disconnects
Richard Klingler wrote: Has anyone also few customers whos ADSL connection is always cut after 30 - 60 seconds since last Thuersday/Friday? I've got a mail from green.ch last saturday: "Momentan können bei der ADSL-Verbindung mit älteren ADSL-Geräten Schwierigkeiten auftreten. Betroffen sind vor allem Geräte der Serie Zyxel Prestige 642 und 650. Ein Reset und eine Neukonfiguration der Hardware können das Problem beheben." My 642 is running in bridged mode and seems to have no problems. Maybe you want to try the suggested reset and reconfigure? cheers, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Formmailer-Scripts and Spam
Matthias Hertzog wrote: b) Web-user has to enter a unique number (generated image) in the form to prove, he's a human being. Works fine, but you think of the visually impaired. There are captchas which provide the number also as sound. But I wouldn't use captchas on business websites, it's to annoying for the users to type in the number. c) Badword-Filtering in the formmail-script, some reqular expressions a.s.o. Often it helps if you give the fields "unsuspicious" names. "meinfeld4" instead of "recipient" and so on... I use mod_security [1] with the rules from gotroot.com. mod_security blocks the spam before the form gets processed. Additionally, it protects the server from SQL-injection and other attacks. Greets, Manuel [1] http://www.modsecurity.org/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Cisco parts for sale..
Fullin, Marco wrote: > Die 10 Gebote Gottes enthalten 279 Wörter, die amerikanische > Unabhängigkeitserklärung 300 Wörter, die Verordnung der Europäischen > Gemeinschaft über den Import von Karamellbonbons aber exakt 25911 Wörter !!! > > Die durchschnittliche Urban Legend hat 26 Wörter. SCNR Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Hosting Management Tool
Marco Huggenberger wrote: > On Sun, 19 Feb 2006 20:14:30 +0100, Manuel Krummenacher wrote > >> [Hosting Control Panel] >> > > If you're really wanna take the "best tool" for your requirements, then maybee > you have to create something like the overview at forensoftware [3]. Please > drop me a line if you wanna collect all the information on our SwiNOG Wiki > [4]. > Thank you for the info and the links! I looked through the links listed on the Debian Wiki. A short summary: AlternC: documentation is mostly in french (a language which I try to avoid since school ;-) Account Services Manager: seems to be dead, last version released in 2002 Baifox: version 0.1.2 released on 30-10-2005, not final yet Domain Technology Control: actual version is 0.17.0 R3, not stable enough for me Freeside: is a billing and ticketing system, does not suit my needs Fusion Management Console: currently in alpha status, could become an interesting software (Web 2.0! AJAX! XML! ;-) GNU Hosting Helper: supports multiple servers, too complex for me Host4NET: a Webmin Module, too complex for me (and I don't want to install Webmin) Interworx: too complex (clustering etc.), not free software ISPConfig: seems to be comparable to VHCS ISPMan: at least a number too big for me: "ISPMan is a system to design massive ISPs using LDAP as the backend." OpenHSP: not yet finished QmailAdmin: only for Qmail (nomen est omen) RAQdevil: for FreeBSD (maybe you could get this to work on Linux, but with no support) Ravencore: actual version is 0.1.1, not stable enough for me SysCP: seems to be an alternative to VHCS and ISPConfig; disadvantage: configuration changes are made through a cron job, therefore no instant changes (I can hear the phone ring: "I just added a subdomain, but it doesn't work!") Tequila: only for Postfix Usermin: needs Webmin, not for hosting providers (the user can change mail forwardings and cron jobs, but not creating a subdomain or adding a ftp user) VHCS: professionals use it, can not be bad ;-) (but had security problems in the past, more on that later) vHost: seems to be too complex to manage one server Virtualmin: needs Webmin web-cp: "working toward version 1.0": I'll eventually have a look at it when it's finished Webmin: only for the admin, not for the users ZPanel: includes a billing solution, too complex for me You are free to put this information into the SwiNOG Wiki, but I don't think my evaluation criteria are the same as yours! ;-) I will stay with VHCS for the time being. But first I have to reinstall my server, some guys which are definitive not my friends exploited the recent security bug in VHCS and played around with their freshly uploaded PHP remote shells... note to self: Update your software, _including_ the one you are "only" testing (or test it in a closed environment and not on the live server)! And perhaps I could think about installing mod_security. A little question at the end: Is everybody welcome at the SwiNOG meetings? I do not work at an ISP, but am very interested in networking stuff. Cheers, Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Hosting Management Tool
Hi I'm not sure if this is the appropriate list for my question, but I think most of you have more than enough knowledge in web hosting. I have a dedicated server (Debian Sarge) which I mainly use for my own purpose. Until yet I've done every change like adding a user or creating a database over the shell. That was nice, I got routine in Linux administration. But since a few months some friends have got accounts for web and mail on the server. Managing everything by hand is getting really uncomfortable. I'd like to have an easy solution for my friends to manage their accounts on their own. They are non-paying "customers", therefore I don't need a billing system. Just creating mail and ftp accounts, creating MySQL databases, managing mail forwardings and DNS records would be enough. Quota and traffic limiting is not needed. There are many different management tools. I found VHCS, syscp and ISPconfig. They all support what I need, so I installed VHCS. It works fine as long as every setting is made over the browser. When I change a Bind zonefile by hand it gets overwritten by VHCS with the entries in the DB. Syscp and ISPConfig seem to behave accordingly. Is there a tool which _reads_ a config file and adds its entries, instead of writing the whole file from its DB? Or do I have to decide between manual and automated administering? Which managing system do you use? I saw that Init7 uses VHCS. (Which is the reason that I tried it first.) Have the other providers created their own account management system? Which system can you recommend? I prefer Open Source Software. If I understood correctly, VHCS, syscp and ISPconfig only manage one server. I'd like to have the same mail accounts and dns zones on a secondary server (backup MX, secondary DNS). Any idea how to manage that? I thought maybe I can install VHCS on both systems and copy the VHCS DB to the secondary server using MySQL replication. But you probably got a better solution. Thank you very much for your help! Cheers Manuel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog