Friday, October 19, 2007

Astaro DNS Zone Transfer problem

There is a bug in the astaro version 7 preventing dns zone transfers.

You can do (and test) a dns zone transfer this way:

dig @<dns-server> -t AXFR <domain>

If you don’t get a large list, you (source ip) aren’t permitted or astaro is used as firewall.

You have to do this:

  1. Define a new service (Definitions->Services), you cannot edit it. Take the current existing dns-service as reference but change the field “Type of Definition” from “UDP” to “TCP/UDP”. Name it “DNS tmp” or so.
  2. Change all your packet filter rules which uses the service “DNS” to “DNS tmp”.
  3. Now you can remove the original (and buggy) service definition and rename yours from “DNS tmp” to “DNS”.

You will now be able to successfully do a dns zone transfer!

Source:
http://www.astaro.org/showthread.php?t=1805

Posted by schmidi2 at 15:57:26 | Permalink | No Comments »

Tuesday, August 21, 2007

Howto reset Astaro Security Gateway

Today we had to reset our astaro security gateway because somebody (better don’t say how, because he is paying my salary;) ) accidentally deactivated the main ethernet interface (the only interface enabled for the webfrontend). So because manually setting-up eth0 over the local console and deactivating all iptable-rules didn’t work, we decided to reset the hole machine. Happily I created minutes bevor a backup and copied it to my workstation.

 

Howto reset Astaro Security Gateway

1. Be sure you have somewhere your license-file and a backup

2. Login over the local console with the username root or loginuser (and do su)

3. Call the script: /etc/init.d/factoryreset
WARNING: This deletes all your configuration, the license and all backups which aren’t stored somewhere else.

After the reset, you can access the machine on eth0, ip 192.168.0.1, port 4444 (old astaro-versions use the default https port), protocol https.

Posted by schmidi2 at 13:50:28 | Permalink | No Comments »