Moving from Zentyal to NethServer: questions about how to do a few things


#1

Like many others here, after using Zentyal forever, I’m moving to NethServer (the dumping of squid being the last straw).

Questions:

  1. I figured out port forwarding. Works great! Where does the firewall come into play? Translation: it appears that it defaults to letting anything use the port that is being forwarded. Can you block some IP addresses from using the port and allow others?
  2. Port forwarding ranges. I saw where you can set a range of ports to be forwarded (under “Origin port”) but I didn’t see what you put in the “Destination port”. In other words, if I put “20:21” under “Origin port”, what do I put in “Destination port”? Leave it blank? Put in “20:21”?
  3. Can I enter a range of IP addresses for a entry? This relates to item #1. At times its nice to keep adding IP addresses that you don’t want hitting you and the list gets bigger and bigger.
  4. Is there a way to use GeoIP list to allow for blocking IPs?
  5. In Zentyal, there is a way to bypass proxy caching (“Cache Exemptions”, "Auth and Cache Exemptions ", "Transparent Proxy Exemptions "). Is there such a thing here?
  6. Is there a way to bypass the password complexity requirements? I saw where there is a package under beta.
  7. Just an FYI: NethServer seems to work great under Esxi. I’m using the VMXNET3 network adapters and the Vmware paravirtual SCSI adapters.

Welcome to NethServer Community
(Giacomo Sanchietti) #2

You can allow the port forward from a list of IPs, just compile the field Allow only from

You should leave blank the Destination port field.

Shorewall already supports it, but the GUI doesn’t. We are working on it, but we didn’t find a good design yet.

Again Shorewall has a built-in support: http://shorewall.net/ISO-3661.html
This is the first feature request for this functionality, I’haven’t tried it. You can use some template-custom if you want to play with it!

You can set a list of non-cached site but it’s not well documented: http://docs.nethserver.org/projects/nethserver-devel/en/latest/web_proxy.html

For example:

config setprop squid NoCache www.nethserver.org,www.google.com
signal-event nethserver-squid-save

Yes, but you shouldn’t :smile:
http://docs.nethserver.org/en/latest/accounts.html#password-management


(Giacomo Sanchietti) #3

Just updated the documentation: http://docs.nethserver.org/en/latest/web_proxy.html#sites-without-cache