IPBrick Reference Manual...10 Before Starting causes a restart of IPBrick (IPBrick needs approximately 1 minute to restart, depending on the hardware where it is installed). After

IPBrickReference Instructions

Version 4.0

iPortalMais - Servicos de Internet e Redes, Lda.

July 2006

2

Copyright c©iPortalMaisAll rights reserved. September 2002.

The information in this manual is submitted to changes without previous com-munication. The presented explanations, technical data, configurations and rec-ommendations are precise and trustful. Nevertheless they have no expressed orimplied guarantees.

Reference Instructions - Version 4.0 iPortalMais - 2006

Contents

1 Aim of this document 7

2 Before Starting 9

3 IPBrick.I 113.1 Machine Management . . . . . . . . . . . . . . . . . . . . . . . . . 113.2 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.3 Users Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 183.4 Domain Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213.5 Work Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.5.1 Individual . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283.5.2 Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303.5.3 Kaspersky . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.6 E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353.6.1 Configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353.6.2 Queue Management . . . . . . . . . . . . . . . . . . . . . . . 383.6.3 Alternative Addresses . . . . . . . . . . . . . . . . . . . . . 393.6.4 Mail Forward . . . . . . . . . . . . . . . . . . . . . . . . . . 413.6.5 Auto Respond . . . . . . . . . . . . . . . . . . . . . . . . . . 413.6.6 Kaspersky Anti-Virus . . . . . . . . . . . . . . . . . . . . . . 45

3.7 Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453.8 Backup Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

4 IPBrick.C 494.1 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

4.1.1 Available Services . . . . . . . . . . . . . . . . . . . . . . . . 494.1.2 Block Services . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4.2 Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514.2.1 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 524.2.2 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544.2.3 Kaspersky Proxy . . . . . . . . . . . . . . . . . . . . . . . . 56

4.3 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564.3.1 PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564.3.2 IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584.3.3 SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

4.4 E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614.4.1 Get mail from ISP . . . . . . . . . . . . . . . . . . . . . . . 62

iPortalMais - 2006 Reference Instructions - Version 4.0

4 CONTENTS

4.4.2 Mail Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674.4.3 Kaspersky Anti-Vırus . . . . . . . . . . . . . . . . . . . . . . 684.4.4 Kaspersky Anti-Spam . . . . . . . . . . . . . . . . . . . . . 68

4.5 Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684.6 Webmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

4.6.1 Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764.7 VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

4.7.1 Registered Phones . . . . . . . . . . . . . . . . . . . . . . . 784.7.2 Alternative Addresses . . . . . . . . . . . . . . . . . . . . . 794.7.3 Active Telephones . . . . . . . . . . . . . . . . . . . . . . . . 794.7.4 Block Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . 834.7.5 Call Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 834.7.6 Routes Management . . . . . . . . . . . . . . . . . . . . . . 834.7.7 Attendance Sequence . . . . . . . . . . . . . . . . . . . . . . 85

5 Advanced Settings 875.1 IPBrick . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

5.1.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875.1.2 System Information . . . . . . . . . . . . . . . . . . . . . . . 885.1.3 Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . 885.1.4 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . 925.1.5 Multiprocessing . . . . . . . . . . . . . . . . . . . . . . . . . 95

5.2 Telephony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975.3 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

5.3.1 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985.3.2 Routes Management . . . . . . . . . . . . . . . . . . . . . . 1015.3.3 QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

5.4 Support Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045.4.1 Machines Management . . . . . . . . . . . . . . . . . . . . . 1045.4.2 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045.4.3 DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1115.4.4 Images Server . . . . . . . . . . . . . . . . . . . . . . . . . . 115

5.5 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175.5.1 Replace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175.5.2 Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175.5.3 Upload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

5.6 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1215.6.1 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1215.6.2 Task Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 1225.6.3 Date and Hour . . . . . . . . . . . . . . . . . . . . . . . . . 1225.6.4 System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . 1225.6.5 SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1225.6.6 Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1265.6.7 Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

6 Update Settings 129


CONTENTS 5

7 Appendix A - Join in the domain 1317.1 Join in the domain . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

7.1.1 Windows XP Professional Workstation . . . . . . . . . . . . 132

8 Appendix B - Configuring a VPN connection 1358.1 Configuring a VPN connection (PPTP) . . . . . . . . . . . . . . . . 135

9 Appendix C - Configuration of a VPN SSL connection (OpenVPN) 1379.1 Configuration of a VPN SSL Connection (Open VPN) . . . . . . . 137

9.1.1 Two or more SSL certificates . . . . . . . . . . . . . . . . . 137


6 CONTENTS


Chapter 1

Aim of this document

The reference instructions give you a detailed description of the following IP-Brick menus:

• IPBrick.I configuration;

• IPBrick.C configuration;

• Advanced configurations.

The other chapters deal with the Workstation configurations. You will find thefollowing configurations

• Process of joining a workstation (MS Windows) in a domain;

• Procedures for the establishment of a virtual private network (VPN) PPTPand SSL.


8 Aim of this document


Chapter 2

Before Starting

You can access IPBrick with a browser, for example the Internet Explorer orthe Mozilla Firefox. The IPBrick IP address is by default 192.168.69.199. Theaddress to write on the browser bar is https://192.168.69.199.

When you open a WEB session with IPBrick you will see a web page authen-tication. After a correct validation IPBrick allows you to change the domain andthe IP networks of the private and public server interfaces.

Attention: If the communication network where you are trying to install IP-Brick has already a DHCP and a domain server you should deactivate both inorder to avoid conflicts.

For more information about installing IPBrick and configuring a workstation,please consult the Installation Manual.

IPBrick web interface management is divided into 3 main menus:

• IPBrick.I ;

• IPBrick.C ;

• Advanced Settings.

In IPBrick.I you configure basic Intranet services and in IPBrick.C you config-ure basic communication services. The Advanced Settings menu has additionallyconfigurations to the basic services and it allows you to obtain information aboutthe operating conditions of IPBrick.

Any configuration done in IPBrick will only take effect after Updating Settings.Changing configurations in the menus:

• Advanced Settings � IPBrick � Settings ;

• Advanced Settings � IPBrick � Authentication;

• Advanced Definitions � IPBrick � Multiprocessing.


https://192.168.69.199

10 Before Starting

causes a restart of IPBrick (IPBrick needs approximately 1 minute to restart,depending on the hardware where it is installed).

After the administrator has executed Update Settings it is required to con-nect a Pen Drive to the server where IPBrick is installed in order to save theupdated system configurations. This way the Disaster Recovery is guaranteed,one of the surplus values of IPBrick. For example, when the hard drive crashesdown you can quickly restore the configurations with the IPBrick Installation Cdand the Pen Drive.

On the management interface there are several links that allow you to surf inIPBrick. You will find links like:

• Back - allows you to turn back to the previous page without saving changes;

• Insert - allows you to insert new items;

• Change - allows you to change item settings;

• Delete - allows you to delete an item;


Chapter 3

IPBrick.I

This chapter describes the IPBrick.I menus used to manage the main Intranetservices.

It is divided into the following main sections:

• Machines management;

• Groups;

• Users management;

• Domain server;

• Work Areas;

• E-mail;

• Print Server;

• Backup Server.

3.1 Machine Management

This section deals with adding or changing machine registrations (e.g. PC,laptop, printer).

A machine is represented by a name, an IP address, a MAC address and themachine type, as you can see in Figure 3.1.

There are three types of machines:

• WorkStation

• IP Phone

• WorkStation + SoftPhone


12 IPBrick.I

In order to insert a machine you only have to define the type, introduce thename and IP Address (Figure 3.2). In this way the machine is registered in theLDAP and the DNS server. If you fill in the MAC Address field with the MACadddress of the machine to be registered then a port is also created for this machinein the DHCP server.⇒Note: The machine MAC address can be obtained from the network connec-

tion icon in Windows XP or by executing the order ipconfig /all in the commandline.

! Attention:

• The computer name has to be an alphanumerial name. Exceptions are thecharacters _ and -.

• It is not allowed to use spaces, characters with accents or any punctuation.The maximum name size is 15 characters.

• Is is not allowed to register neither machine with the same name nor machinewhose names are identical with a registered user log in.

• For a registration of a Windows station, the name as to be always in smallletters and if necessary change the Computer name to small letters, too.

You can access the Modify and Delete options of a machine by clicking on themachine name, as seen in Figure 3.1. If you select Modify you will see a form aspresented in Figure 3.3 in which you can redefine the machine parameters.If you select Delete you have to confirm this action, as seen in Figure 3.4.

3.2 Groups

A group is an set of users generally created when you wish that all people inthat group share the same permissions to a group of files. In this section youmanage IPBrick user groups.

To create a new group, you must click on Insert and then choose the groupname (Figure 3.6). To add or remove users from a group, first you must click onthe group name (Figure 3.5) and then (Figure 3.7) you must choose users thatmust be added or removed.⇒ Note: There are two pre-defined groups that cannot be deleted or changed.

These groups are:

• Administrators;

• General.

Users that belong to the Administrators group have administrator permissionsin the domain served by IPBrick. You may add or remove users of this group withthe exception of the pre-defined Administrator. The General group is a commongroup for all users created in IPBrick.

! Attention:


3.2 Groups 13

Figure 3.1: Machine Management


14 IPBrick.I

Figure 3.2: Machine Management - Insert


3.2 Groups 15

Figure 3.3: Machine Management - Modify


16 IPBrick.I

Figure 3.4: Machine Management - Delete


3.2 Groups 17

Figure 3.5: Groups - List


18 IPBrick.I

• When inserting new groups their name can be in capital and/or small letters.

• The group name can contain spaces, but can’t have more than 32 only al-phanumerial characters without accents.

• It is not possible to create groups with the same name.

Figure 3.6: Groups - Insert

3.3 Users Management

In this section you learn how to register new users, change the information ofalready existing users and delete users. When creating a new user IPBrick createsautomatically an e-mail account, and individual work area (user drive space in theserver) and a net logon in order to identify the user in the domain.

⇒ Note: After being installed, IPBrick creates by default one user and twogroups. The created user is the Administrator and the two groups are theAdministrators and the General. The Administrator user has a work area


3.3 Users Management 19

Figure 3.7: Groups - User definition


20 IPBrick.I

created in the Work Area 1. This user has special characteristics because he be-longs to the Administrators group and is responsible for the management of somesystem functions. Therefore he can never be removed.

The user registration is composed of the following fields:

• Name: user’s identification.

• Login: user’s identification to be used for any IPBrick authentication pro-cess.

• Server: selection of the server where the e-mail account shall be created.The e-mail account stands for the hard drive space in the server where var-ious user contents are stored, including e-mail inbox, windows profile anddocuments. If there are slaves servers they are also listed.

• Work Area: partition of the server drive selected to create the account. Theusers should be distributed the fairest way in order to use the available spacemost efficiently.

• E-Mail: user’s e-mail address. By default, it is equivalent to the login. Incase you give another address it will serve as an alias for the original e-mail.

• Password: password definition.

• Retype Password: confirmation of the password

• Quota: value that limits the user hard drive space in the system. The unitos measurement is kilobytes. If you don’t indicate a value limite the userwill have unlimited space to occupy.

• Biometric Validation: it allows the user to verify if he may validate him-self through biometric data.

! Attention:

• When inserting users only use characters without accents for their name,login and e-mail address.

• Spaces, brackets, full stops, small and capital letters are possible in the Namefield.

• You are not allowed to use spaces in the Login field. Avoid using capitalletters.

• Every login has to be unique. There cannot be a login with the same nameof a machine registered in IPBrick.


3.4 Domain Server 21

In order to modify some user information you have to click over the name (Fig-ure 3.8).

In the form where you change the user (Figure 3.11) you can see all fieldsthat were defined when the user account was created. The only exception is theuidNumber which is an IPBrick user identification number. The password is notshown. All defined fields are editable with the exception of the following ones:login, server, work area and uidNumber.

You have to click on the user name and see his properties in order to delete hisIPBrick registration. It is possible to delete the user registration on this page.

⇒ Note: The user contentes (personal files, profile, e-mails) are not elimi-nated when deleting his registration. They are moved to an administrative sharecalled BackupX (X representing the number of the work area where the user wasregistered, 1 or 2). Only members of the Administrators group have access tothis share from any Windows station. Therefore they have to do the following.

• Press the keys [Win]+[R] at the same time

• Write \\ipbrick\backupX and press the button ”OK”

All folders and files deleted in these administrative shares are finally eliminatedin IPBrick.

3.4 Domain Server

IPBrick may work as a domain server (or domain controller), in other words,as a Primary Domain Controller (PDC). The function of a domain controller is tomanage the accesses to a set of resources in the network as applications or printers,for a group of users. A domain is identified by a name, and so that the users haveaccess to their resources, they only have to login on it.

In this section you define the name of the domain served by IPBrick as well asthe IPBrick function:

• Authentication in the domain=YES: IPBrick will be a Primary DomainController in the chosen domain;

• Authentication in the domain=NO: IPBrick will not operate as a domainserver.

⇒ Note: The information on this page is only valid for the MS Windowsenvironment. The IPBrick Domain Name field is related to the Workgroup orDomain Name in the MS Windows environment.


22 IPBrick.I

Figure 3.8: Users Management - List



Figure 3.9: Users Management - Insert


24 IPBrick.I

Figure 3.10: Users Management - Detail



Figure 3.11: Users Management - Modify


26 IPBrick.I

Figure 3.12: Domain Server


3.5 Work Areas 27

3.5 Work Areas

Work Areas are partitions of the IPBrick hard drive(s). These partitions arefor the user data which are distributed the following way:

1. Personal Accounts: located in the MS Windows environment, containinge-mails files and the user profile.

2. Group Sharing: responsible for storing user group files

3. Administrative Sharing: responsible for sharing user accounts and elimi-nated group sharings. These areas are only available for Administrators.

IPBrick has two Work Areas by default: Work Area 1 and Work Area 2.When you click on Work Areas you are given a list of all users and sharing groupsclassified by Work Area as well as information about the occupied space in thesystem of each individual Work Areas (Figure 3.13).

Figure 3.13: Work Areas - Summary


28 IPBrick.I

3.5.1 Individual

When you select Work Areas � Individual, IPBrick shows you a list withthe existing Work Areas and a schedule of the ocupation rate for each Work Area.These Work Areas correspond to the hard drive space where the data of users isstored that are registered in the Users Management.

Figure 3.14: Work Areas - Summary of Individual Areas

! Attention: If the occupied space in the Work Areas reaches 100% users canlonger save their data in IPBrick. More over, e-mails are no more delivered to theusers. They stay in the queue till some space is released in the Work Areas. It isrecommended to keep the occupation rate of each Work Areas under 95%.

When you click on a Work Area, e.g. Work Area 1, you are given a list withall users introduced in this area as well as the occupied space of each user. Easeuser area is created the moment you make the IPBrick registration in IPBrick.I� Users Management.


3.5 Work Areas 29

Figure 3.15: Work Areas - Individual


30 IPBrick.I

3.5.2 Group

The group work areas are network shares. You can create network shares inany Work Area. After creating a network share you have to define the permissionsof the users registered in IPBrick.

When inserting a Group Work Area you have to fill in the following fields:

• Name - Name of the share folder. Try to avoid spaces, characters with accentsand punctuation.

• Description - Information about the user type wanted for this share.

• Responsable - This field is not obligatory.

Figure 3.16: Work Areas - Group - Insert

Group - Insert After creating a Group Work Area you have to give permissionsto the users in order to have access to the network share. There are 3 differenttypes of permissions:

• None - No access to the share. Users have no access to open a share folderof a workstation.


3.5 Work Areas 31

• Read Only - Users have access to share folders and its files. Neverthelesse,they are not allowed to change these files.

• Read/Write - Users have access to share folders and its files and are allowedto change files and save changes.

Permissions are given to individual users or user groups. Users groups aredefined in IPBrick.I � Group Management.

For example, in order to create a share folder for users belonging to a commer-cial department you have to do the following steps:

• Create group ”Dept Comercial”, in Group Management and add the users ofthis department to the group.

• Create an area for the group ”Dept Comercial” in Work Areas � Group.

• Give read and write permissions to the group ”Dept Comercial”. The othergroups have either reading permissions or no access to this area.

⇒ Note: When defining user group permissions any change in the General

group leads to changes for all the other groups. This happens because all usersintroduced in IPBrick are part of General group.

⇒ Note: A deleted share is no more available for users. All files in this shareare moved to an administrative share called BackupX (X representing the numberof the work area where the share was created, 1 or 2) that you find in the sameWork Area. Only useres belonging to the IPBrick Administrators group haveaccess to this administrative folder. You can access this share from a Windowsstation. Therefore you have to do the following steps:

• Press the keys [Win]+[R] at the same time

• Write \\ipbrick\backupX and press ”OK”

All files and folders deleted in these administrative share are definitively deletedin IPBrick.

3.5.3 Kaspersky

The Kaspersky anti-virus for the Samba Server (file server) is already installedin IPBrick. After introducing a valid licence the Kaspersky anti-virus for theSamba Server (file server) gets activated and an anti-virus management interfaceis available. (Figure 3.19).


32 IPBrick.I

Figure 3.17: Work Areas - Group - Management


3.5 Work Areas 33

Figure 3.18: Work Areas - Group - Access Groups


34 IPBrick.I

Figure 3.19: Kaspersky for work areas


3.6 E-mail 35

3.6 E-mail

This section deals with the server configuration for using e-mails in the Intranet,that is, in the local network. The section is divided into the following parts:

• Configure

• Queue Management

• Alternative addresses

• E-mail forward

• Auto respond

• Kaspersky Anti-Virus

• Kaspersky Anti-SPAM

3.6.1 Configure

Is is important to mention four very simple and decisive concepts in the E-mailconfiguration:

1. Domains served by IPBrick: E-mail addresses with destination to the IP-Brick server itself, that is, the associatead e-mail accounts are in the localnetwork. E-mails that are in the queue and whose recipient is one of thesedomains are not sent to another server in order to be delivered. The domainsserved by the machine have to be correctly configured in each DNS domainserver. That is, the ”E-mail servers” of these domains have to be configuredto this machine.

2. Domains wich IPBrick allows to be forwarded to the destination server:IPBrick forwars all e-mails whose domains are in the list and all e-mails whichthe server allows to be in his queue. E-mails whose recipient is not a domainfrom this list are not accepted by the server (please see 1.

3. IP networks for total relay: IPBrick relays to any domain as long asthe e-mail is sent from his corresponding internal network. If there aredifferent internal IP networks it is necessary to add these networks to thelist. This way all machines in the networks are able to send e-mails to otherdomains using IPBrick as a relay server.

4. SMTP routes: SMTP routes are configured when you want e-mails to followa certain way (server) in order to find their recipient. Normally, a SMTProute is defined by default (showing the SMTP route and leaving the Domainempty).When the server is not correctly registered with the IP name in theInternet DNS, you have to define a SMTP route. In this route it should be

1Only e-mails from the Internet respecting these rules are processed. IPBrick is not configuredas open-relay.


36 IPBrick.I

Figure 3.20: E-mail - Configure


3.6 E-mail 37

either the server responsible for the forward of firm e-mails or the SMTPserver of the ISP used by firms to access the Internet. This configuration isnecessary because certain e-mail servers make additional verifications of thesending server authenticity. If they can’t resolve the server name into thecorresponding IP address, the mail may be deleted or sent back as SPAM. Incase no SMTP route is used the server tries to send the mails in the queueby his own. With the help of the DNS registrations he tries to find the re-cipients directly in the Internet.

Each e-mail configuration option has a link to Insert new entries (Figure 3.20).

The domains for local delivery (domains with IPBrick serves) and relay (do-mains which IPBrick forwards) can be edited and/or deleted. The exception isthe domain whose name is the same as that of the machine in the local networksor that of the local domain in the relay.

⇒ Note: To make IPBrick relay e-mails to another server that has the ac-counts, the firm base domain has to be retreated from the domains served byIPBrick, since it is a domain served by IPBrick by default.

IPBrick forwards by default only e-mails that come from his private network.In case there are different internal IP networks you should add them too in orderto permit e-mail sending from these networks.

There are two different types of SMTP routes:

1. FQDN2 of the route server. For example: smtp.exchange.telepac.pt.

2. IP address of the route server. Please give attention to the brackets [195.22.133.45].

In the following you are given two examples of configurations, one with anIP for a specific domain and another configuration for the same domain with theFQDN:

First Example:

Domain : abzas.miz

SMTP route: [195.22.133.45]

Second Exemple:

Domain : abzas.miz

SMTP route: smtp.exchange.telepac.pt

An important configuration is that of a machine relaying e-mails. Wheneveryou add in this situation a SMTP route by default (without indicating the do-main) you have to add another SMTP route to forward e-mails do the internale-mail server. In the following you can see an example of such a configuration. Inthis configuration IPBrick is relaying e-mails to an internal e-mail server calledaccounts with the SMTP route smtp.isp.pt defined by default:

2Fully Qualified Domain Name


38 IPBrick.I

Domain: domain.com

SMTP route: contas.domain.com

Domain:

SMTP route: smtp.isp.pt

! Attention: The default route has to be the last one of the list by default.

Definitions There is a link called Definitions (see Figure 3.20) to define char-acteristics of the e-mail server:

• Maximum e-mail size

Value by default: unlimited.

• Maximum time fot the server to remain with an e-mail

Value by default: 604800 seconds.

• Maximum number for simultaneous SMTP connections

Value by default: 20

• Timeout of e-mail entry

Value by default: 1200 seconds

• Timeout of sending e-mail

Value by default: 1200 seconds

In this interface it is even possible to define permissions of sending and receivinge-mails:

• Valid internal recipients A list with valid e-mail addresses. Valid ad-dresses are e-mails with recipients of this list and e-mails accepted by theserver.

⇒ Note: Only e-mails with addresses that are introduced as valid internalrecipients in the list will be delivered.

• Invalid senders A list with e-mail addresses that are not allowed to sende-mails.

3.6.2 Queue Management

The Queue Management (Figure 3.21) allows you to manage and visualize e-mails that are in the e-mail server queue waiting to be delivered to their local orremote recipient.

You can see the number of e-mails that are in the queue waiting to be deliveredto their local or remote recipient as wellas the total number of e-mails in the queue.The list presents the following fields:

• ID: the only e-mail identification added by IPBrick ;

• Date: e-mail sending date;


3.6 E-mail 39

• From: e-mail sender;

• To: e-mail recepient;

• Size: e-mail size in Kbytes.

Figure 3.21: E-mail - Queue Management

You can delete several e-mails at the same time by selecting the correspondingcheckboxes and clicking in the Delete Mails option. You have to confirm thisaction in order to eliminate the chosen mails.

! Attention: E-mails deleted in the queue are eliminated definitely.

When selecting a mail you can see its complete source. This operation is donein real time. Therefor is not necessary to Update Settings.

3.6.3 Alternative Addresses

Alternative addresses (Figure 3.22) allow you on the one hand to have practicallogins which are easily to manage and on the other hand the confort to use more


40 IPBrick.I

Figure 3.22: E-mail - Alternative Addresses


3.6 E-mail 41

personalized e-mail addresses. This way the user can have an e-mail address withwhich he identifies himself more.

All mails that are sent to any defined alternative e-mail user address are deliv-ered to the inbox respectively.

Ex. name : Armindo Quintas

login : aquintas

email : [email protected]

Alternative Addresses:

[email protected]

[email protected]

[email protected]

[email protected]

In order to Insert a new e-mail address you have to select the user accountwhere you want to define the new alternative address and introduce them.

Whenever you want to you can access the e-mail address list (IPBrick usere-mail address arranged in groups) and change the names or the user of an e-mailaddress3.

3.6.4 Mail Forward

Mail forward allows delivered mails to be sent again to other internal or externale-mail addresses (Figure 3.23).

In order to Insert a new mail forward (Figure 3.24) you have to select the e-mail account where you want to activate the mail forward and define the recipientaddress to where copies of the mails shall be sent.

Local IPBrick addresses are organised and presented in the forwarding list ingroups. In this list you can select one of the presented recipients and Change orDelete his entry.

3.6.5 Auto Respond

An Auto Respond is an e-mail automatically send by IPBrick to answer othere-mails. When a e-mail arrives at a user account with Auto Response configured,IPBrick send a mail to this send with the personalized user contents.

In order to Insert a new Auto Respond you have to select an e-mail accountand write in the textarea the text that will be sent in this Auto Respond mail.In Figure 3.25 you can see a typical example of an Auto Respond mail. Localaddresses of IPBrick are organised and presented in the forwarding list in groups.In this list you can select one of the presented recipients and Change or Delete

his entry.

3Is it obvious that when you change the user of an alternative e-mail address new mails willbe delivered to the new user while the other alternative addresses stay with the old user.


42 IPBrick.I

Figure 3.23: Mail forward


3.6 E-mail 43

Figure 3.24: Mail forward - Insert account


44 IPBrick.I

Figure 3.25: E-mail - Auto Respond


3.7 Print Server 45

3.6.6 Kaspersky Anti-Virus

In the E-Mail section the e-mail anti-virus is already pre-installed. You onlyhave to acquire a license to activate its management interface. The same happenswith the Kaspersky Anti-Spam which is pre-installed, too. In a further section wewill deal with the Kaspersky again.

3.7 Print Server

This section deals with the interface management of the printers intended tobe available in the network. When you define a printer you are asked to define theprinter:

1. Name: (E.g. HP2200)

2. Description: This field is not obligatory (e.g. Network Printer HP 2200)

3. Location in the firm: This field is not obligatory (e.g. Room 1)

4. Interface: Used by the printer to communicate. There are 4 options:

• parallel port;

• series port;

• USB port;

• network printer.

5. Hardware: Used by the printer. This is directly related to the interface.(This option is only available for interfaces with parallel port, series portand USB port) (e.g. Interface–>Parallel Port, Hardware ->Parallel Port 1)

6. In case of a network printer, the following information is necessary:

• Address: Network printer address. (this option is only available fornetwork printers) (e.g. 192.168.1.1)

• Port: Used by the network printer. This field is not obligatory. (Thisoption is only available for network printers) (e.g. for a HP printer:9100)

After inserting a printer IPBrick has to put the drivers available for the clientstations in order to finish the configuration. Therefore the printer drivers have tobe transferred to the server:

1. Log on in a Windows station with a user of the Administratives group (theworkstation has to be already registered in the IPBrick domain);

2. Press the keys [Win]+[R] at the same time and type \\ipbrick;

3. Select Printers and Faxes

Verify if the added printer to the IPBrick Web interface is shown.


46 IPBrick.I

Figure 3.26: Insert a network printer


3.8 Backup Server 47

4. Right click inside the window Printers and Faxes and select Server Properties;

5. Select the option Controllers.

6. Choose ”Add”, define the producer and printer type and click Next;

7. Select the Windows version which the drivers have to correspond with.

8. Click FinishNow the printer’s drivers are transferred to IPBrick.

9. At share named Printers and Faxes on IPBrick, right click at the printerand choose Printer Properties. You’ll be prompted with a message likethe one in Figure3.27. Choose ”No”.

10. Enter in ”Avanced”, select the new driver just added and click ”Apply”.

Figure 3.27: Inserting a network printer

To configure the printer on the cliend side, you must: Para configurar a im-pressora no cliente, devera:

• Press the keys [Win]+[R] at the same time;

• Type \\ipbrick at the new window;

• Right click on the printer and choose ”Connect”.

Now the printer is listed at ”Printers and faxs” on the client side.

3.8 Backup Server

The Backup Server option allows accessing the Arkeia configuration interface,software for backup management installed in IPBrick by default.

When selecting this option, and after clicking the Open button, a session win-dow by VNC is open. It is necessary to have the JRE4 installed to execute the

4Java Runtime Environment, which can be found at http://sun.java.com/.


48 IPBrick.I

connection. The authentication in this session is made with the IPBrick Admin-istrator’s actual password. The Arkeia management interface is available aftervalidation.

In order to start the Arkeia configuration software it is necessary to submityour validation by default:

login: root

password: (without password)

Arkeia documents may be taken from http://www.arkeia.com/manuals.html.

Figure 3.28: Backup


http://www.arkeia.com/manuals.html

Chapter 4

IPBrick.C

This chapter describes the IPBrick menus that are used to manage the maincommunication services between the firm and the Internet. The menu IPBrick.Clike the menu IPBrick.I is a menu of functional configuration. The IPBrickAdministrator says what he pretends and the software makes the configurationsaccording to the given indications and maintains the consistence of them. Thischapter is divided into the following sections:

• Firewall;

• Proxy;

• VPN;

• E-Mail;

• Web Server;

• Webmail;

• VoIP;

4.1 Firewall

Note: Any rule change of the firewall implies the activation of the firewall. Evenif the firewall has been expressively stopped the change of one of its rules impliesthe restart of the firewall.

4.1.1 Available Services

Presentation IPBrick has a number of installed services. Part of them is en-abled and part of them is disabled. Part of them is for the Intranet and (some)others are wanted to be available for the Internet, too. In this interface you giveindication to the firewall concerning the services related with the Internet thathave to be available from the external world.

These services are:


50 IPBrick.C

• Web Server;

• E-mail server;

• SSH;

• FTP.

Body The indicated server states in the list have to do with the firewall con-figuration. Either the firewall is configured to Enable the service or is configured tolock the ports of the service and Disable it (Figure 4.1 - Firewall - Available Services).Note that activating here a service does not start the service itself. It does noteven stop it. The only change which is applied after Update Settings is donein the firewall service. First the firewall service is stopped then reconfigured andrestarted. In short, it only unlocks or locks the Internet port of the referred service(if the service is active or not is another configuration which does not belong intothis section).

Figure 4.1: Firewall - Available Services


4.2 Proxy 51

4.1.2 Block Services

Presentation Like the situation before the option to block services only Enables

(unlocked) or Disable (locked) the normal operation of the shown applications(Figure 4.2).

Figure 4.2: Firewall - Block Services

4.2 Proxy

When the Proxy service is activated in IPBrick it is waiting for requests in theport 3128. The section is subdivided into three parts, namely:

• Configuration;

• Statistics;

• Kaspersky Proxy.


52 IPBrick.C

4.2.1 Configuration

Presentation The presented main proxy configuration (Figure 4.3) determinesthe normal operation of the Internet browsers. Therefore it is recommendable todefine each Proxy type first:

Figure 4.3: Proxy - Configuration

1. Standard Proxy: It is not obligatory to use the proxy to access the Internet.The proxy is only used by those who configure the browser to use the proxyfrom the IPBrick port 3128. Users without any additional browser configu-rations continue to access the Internet without any problems. The firewallcan be deactivated!

2. Transparent Proxy: Every Internet access is done through the proxy. Thefirewall has to be activated. Users may configure their browsers to use theindicated proxy. They may also continue to access the Internet without anyproxy configurations in their browsers. Here the firewall makes the trafficrouting to the proxy. The web accesses are registered by IPs for statisticalaims.


4.2 Proxy 53

3. Proxy with authentication: The Internet access is only possible by usingthis proxy. In order to have a web access users have to configure their browserwith this proxy. Once the browsers are configured a valid authentication isasked whenever the users open the browser to access the Internet. The userauthentication is done with logins and passwords. The firewall has to beactivated. All web accesses are registered for each user for statistical aim.

Top Menu Link to the proxy defined interface Rules. In this interface thereare options like:

• Network list with Proxy access, In this list you find the IP network(s)that have access to the proxy services (without them they have no Internetaccess). For example: network 192.168.1.0/24 or pc 192.168.1.25/32;

• Machine list without Proxy access, This list on the contrary to the pre-vious one defines who has no access to the proxy services;

• List of prohibited sites, Here you have a link to Insert URLs of sitesyou want to block for proxy users. For example www.playboy.com or games.yahoo.com;

• List of prohibited words in the URL, here should be inserted skeletonsof typical words in unwanted URLs. Ex.: xxx; sex; radiocomercial. Excep-tions to these words may also be inserted, as well as important URLs thathave been unwillingly comprised by the aforementioned rules. Ex.: sup-port.hp.c3.xxx.exe

A Black list is a group of entities that, for a certain reason, has no access toa certain privilege or service. In the Black List option, it is possible to activate ordeactivate the use of those lists. After clicking the option, the following optionsshall be available:

• Black List Active = Yes: Activates the use of a black list. The followingfields are fulfilled by default, and they may be changed:

– Url for update: address from which is executed the download of thefile with the list of sites to block.

– Page to redirect: If it is intended to accede to one of the blockedaddresses, this field indicates into which page the user should be redi-rected.

– Black Lists to use: Black lists are divided into categories, as forexample: pornographic sites, drugs, on-line games, etc. In this field wecan choose which category we intend to activate.

• Black List Active = No: Deactivates the use of a black list.

The Proxy Remote option allows to indicate a list of proxy servers where tolook for informations in cache before acceding to the server where the informationsare stored. This allows a quicker access to information.


www.playboy.com

games.yahoo.com

games.yahoo.com

54 IPBrick.C

• List of Remote Proxy Servers: allows to define a list of remote proxys;

• Do not use the remote proxy in the following sites: if you don’t in-tend to use the remote proxy in certain sites, these should be indicated here.

In Other configurations, when a user wants to open an URL which is goingto be blocked the proxy opens a standard page reporting the occurred error. Hereyou have the opportunity to indicate an URL to which the user will be forwarded,like the firm homepage or a page with more personalized information than the oneof the proxy.

If the Proxy is used with identification, it is possible to block the access to proxyto certain users. For that effect, you should select Proxy with authentication andafterwards indicate the users to block.

4.2.2 Statistics

Figure 4.4: Proxy - Cache Statistics

Presentation Proxy statistics show several reports like:


4.2 Proxy 55

Figure 4.5: Proxy - User statistics


56 IPBrick.C

• traffic by hour of the day;

• traffic by day of the month or month;

• volume of traffic;

• most visited sites;

• number of visits.

Body The list is divided into 3 parts:

• General statistics where you can find a link for cache statistics (Figure 4.4)and another link for Proxy statistics.

• Machine statistics where you can see the Internet accesses of each machine(Figure 4.5)

• User statistics that show you the access statistics per user. The statisticsare only updated when you select the Proxy with authentication option(Figure 4.5).

4.2.3 Kaspersky Proxy

In this section, it is possible to activate the Kaspersky license for proxy, inorder to protect the data transferred through it.

4.3 VPN

Presentation With a VPN you can access the firm Intranet and its servicesfrom a remote connection. This privileged access is restricted to some necessaryusers. Here you see the interface to select the valid users.

4.3.1 PPTP

Users Management

Top Menu Here you have a link to Configurations. This link gives you accessto a form where you define the range of IP addresses chosen for VPN connections.Remote clients will get an IP in this group when they make an IPBrick connection.It is as if they were connected to the network server with an IP from this range.

Body The user list shown on the left side in Figure 4.6 presents the selectedVPN users. On the right side you find the users registered in IPBrick.


4.3 VPN 57

Figure 4.6: VPN - Users


58 IPBrick.C

4.3.2 IPSec

Presentation IPSec1 is a protocol that guarantees the confidentiality, integrityand authenticity of the informations transferred through the IP networks. On thecontrary of a VPN through PPTP or SSL, the VPN through IPSec allows thattwo networks (not two computers) may communicate in a secure way.

Body After clicking the IPSec, the configured IPSec tunnels are displayed inthat section body.

Top Menu There is a connection named Insert that allows to insert a new IPSectunnel.

Body In this page we have configured the IPSec connection (As you may see inFigure 4.7). The following data are necessary:

• Local Network Definitions

– Local IP: IPBrick external interface address;

– Local Network: the local network address and the respective networkmask;

– Local Gateway: the internal interface address of local network router;

– Local Identifier: external interface address of router.

• Remote Network Definitions

– Remote IP: remote IPBrick external interface address;

– Remote Network: the remote network address and the respective net-work mask;

– Remote Gateway: the internal interface address of remote network router;

– Remote identifier: external interface address of router.

• Keys Management

– Password: A Pre-Shared Key is a shared key that the VPN serviceexpects as a first credential (before username and password). In orderthat the VPN server allows the authentication process to continue, it isnecessary to pass the correct PSK;

– Type: The IPSec supplies two operation methods specified in this field,which are Tunnel (where the original IP pack is encrypted) and Trans-port (the data (payload) are encrypted, but the original IP heading isnot changed);

1IP Security Protocol


4.3 VPN 59

– Authentication: Two new headings can be added to the IP packs,the AH and ESP. The first one, when added to an IP pack, guaran-tees the integrity and authenticity of data but it does not guaranteeconfidentiality. The second one supplies confidentiality, integrity andauthenticity of information.

– PFS2: Allows to indicate if one intends or not to use PFS;

– Startup: Automatic.

Figure 4.7: VPN - IPSec

4.3.3 SSL

Presentation This VPN uses SSL certificates to establish and encrypt the tun-nel. After clicking on SSL the list of VPN SSL servers is shown. To configure thetunnel you must click on it. (Figure 4.8)

2Perfect Forward Secrecy


60 IPBrick.C

Figure 4.8: VPN - SSL


4.4 E-mail 61

Definitions In this section you can configure the definitions of the VPN-SSLnetwork.

• Name/IP: name or public IP address of the vpn server;

• Port: the port of the vpn server;

• Protocol: the protocol used in the communication;

• VPN Network: the IP network which will be given to the clients. When auser connects to this vpn server, he will get an ip address in this ip network.This network should be different from any other ip network in the company;

• Domain: the domain offered to the clients;

• DNS Servers: the dns server that the clients must use;

• NetBios Servers: the netbios server that the clients must use;

• Routes for clients: this is the route given to the client, for accessing theinternal network.

Certificates In this section you may create certificates to offer to your vpn users.The first certificate is always for the server. All the others are client certificates. Ifyou wish to revoke a certificare, you must choose the certificate and click Revoke.If you wish to delete all certificates click at Delete All.

State Menu In this interface it is possible to list the active vpn ssl users. ⇒

Note: After the vpn ssl configuration, for this service to became active, youmust activate it trought Advanced Settings � System � Services.At 9.1 you can see you to configure the vpn client.

4.4 E-mail

The E-Mail section appears in IPBrick.I and IPBrick.C. In IPBrick.I we havesimpler and more general services like:

• Configuring: the domains served and forwarded by the machine;

• Queue Management: it allows the consultation of the list of messages in theserver’s line waiting to be delivered;

• Alternative Addresses: for user custom;

• E-Mail Forward: to forward copies of user mails to other inboxes;

• Kaspersky: Anti-Virus and Anti-Spam.

These services are repeated in IPBrick.C and other functions are added, like:


62 IPBrick.C

• Get Mail from ISP;

• Mail Copy.

Only the new functions will be presented here since the other ones have alreadybeen mentioned in previous chapters.

Presentation If firm mails are not delivered to an internal firm server, beingtherefore only available via POP3, you can configure IPBrick in order to unloadthese mails from the ISP4 periodically to a local server. Once they are in this localserver the mails are associated respectively to the previously configured accounts.In this way you can configure a server for internal E-mails, even if you only haveone, to automatize and centralize all firm e-mails (from the Internet and internal).

Top Menu Here you have a link to Insert external servers to which you wantto connect with to unload mails and deliver them to the local server. The servermay be identified by his FQDN5 or by his IP address. (Figure 4.9)

Body When you click on an inserted server you get access to the server registerform (Figure 4.10). Here you can Change the server and the protocol through whichwe can accede to the messages, Delete his registration or get to the Accounts

management interface or the e-mails to be transferred. (Figure 4.11).

4.4.1 Get mail from ISP

Accounts

Presentation Here are the external e-mail inboxes registered (in the ISP) withtheir logins and passwords. Each account gets an indication of the local user towhom the unloaded mails are sent.

Top Menu Here you have a link to get Back to the server list and Insert

accounts for the selected server. In the insert form you have to fill in the followingfields:

1. Login in order to have access to the remote e-mail inbox.

2. Password necessary to valid the login

3. Confirm password

4. Local Mmail account place where the unloaded mails of this account aresent to

5. Insert Button confirm the introduced data

3 Post Office Protocol - used to access inboxes and transfer mails.4Internet Service Provider5Fully Qualified Domain Name


4.4 E-mail 63

Figure 4.9: Get mail from ISP - Insert ISP


64 IPBrick.C

Figure 4.10: Get mail from ISP - Server Management


4.4 E-mail 65

Figure 4.11: Get Mail from ISP - Accounts Management


66 IPBrick.C

Figure 4.12: Get Mail from ISP - Accounts Insert


4.4 E-mail 67

Body You can edit in the list the introduced data of the inserted accounts tothe selected server. Therefore you just have to click over the line of the account tobe changed. You are forwarded to a more detailed form where you can now choosebetween: Change account data; Delete selected account; get Back to the previouspage with the account list.

4.4.2 Mail Copy

Mail-Copy allows you to save all e-mails that get in or out of the firm in twoaccounts with the get in login and get out login.

⇒ Note: It is necessary to pay attention to the management of these MailCopies, especially in places with a lot of e-mail traffic. It is very important tocontrol the development of the occupied server hard drive space. These e-mailinboxes may quickly reach the full size of the partition. By reaching this size theymay cause some trouble either with interferences with other server applications orto the ones responsible for these e-mail inboxes that at a certain stage will loose aseries of mails because no copy could have been made.

Figure 4.13: Mail Copy


68 IPBrick.C

Presentation When you activate this service (Yes) the mails are copied to thecorresponding account, that is:

1. Sent: YES, all mails that get through this SMTP server and whose senderis from the server domain(s) will be copied to the Sent Mails local account.

2. Received: YES, all mails that get through this SMTP server and whosesender is not from the server domain(s) will be copied to the Received Mails

local account.

When you activate the option (Yes) the system shows the Delete Automatically the Copies

field. This field allows defining whether the mail copies that are in the server areto be deleted or not. The Delete Copies With More Than field allows specifyingthe days after which mail copies are to be deleted in the server.

Top Menu Here you have a link to Modify the configuration

Body Service configuration.

4.4.3 Kaspersky Anti-Vırus

In IPBrick the Kaspersky anti-virus is previously installed and configured forthe Linux server. In order use it you only have to introduce a valid licence throughthe corresponding interface and update the IPBrick settings. Notifications of database updates and of virus detection is sent by default to administrator@domain.

com (Figure 4.14). This mail should be changed to a valid machine account.For more information about configurations please consult the instructions in www.

kaspersky.com.

4.4.4 Kaspersky Anti-Spam

The process to insert the Kapserksy Anti-Spam licence is the same as for theKapsersky Anti-Virus. In order to access the administration interface you have touse the login ”administration” and the password of the IPBrick administration (bydefault ”123456”). The administration interface is original from Kaspersky (Figure4.15). For more information about this interface please consult the instructions inwww.kaspersky.com.

4.5 Web Server

Presentation A web server, through the HTTP6 and/or HTTPS protocols, isresponsible for the answers to users requests, concerning the web pages lodged init, and each server may lodge several sites. The IPBrick web server is Apache7.The web domains registered in IPBrick are displayed after clicking on Web Serverand may be seen in Figure 4.16.

6HyperText Transfer Protocol7For more informations please visit http://www.apache.org


[email protected]

[email protected]

www.kaspersky.com

www.kaspersky.com

www.kaspersky.com

http://www.apache.org

4.5 Web Server 69

Figure 4.14: Kaspersky E-mail - General Configurations


70 IPBrick.C

Figure 4.15: Kaspersky E-mail


4.5 Web Server 71

Figure 4.16: Web Server - Hosted Sites


72 IPBrick.C

Figure 4.17: Web Server - Insert Site


4.5 Web Server 73

Presentation Here you see web domains registered in IPBrick (Figure 4.16)

Top Menu Here you have a link to Insert a new page. A new form is opened(Figure 4.17) where you have to fill in the following fields:

1. Name: site name which has to be completed with the selected Domain.

2. E-mail: IPBrick user e-mail that is responsible for the site management 8.

3. FTP User: Login of the user that shall have access to the site folder throughthe FTP.

4. Password: Password of the previous user.

5. Confirm Password: Confirmation of Password.

6. Site folder location: To be created in the server filesystem. This foldershall be created in /home1/_sites/. The responsible for this site shall accededirectly to this folder from his account in this server.

7. Available for the Internet: this field indicates if a Virtual host shall beopened for the external IP of IPBrick.C.

8. Insert Button: confirms the introduced site

Body List of several hosted sites in IPBrick. Each line is a link to the sitemanagement form (Figure 4.18)

Management

Presentation Summary of the information about the site and the links to itsmanagement. (Figure 4.18)

Top Menu Here you have links to:

1. Change: the initial registration of the site (the responsible, site name,...)

2. Alias9: from where you have access to the registration list of this site. On thenew page you can manage all Alias (Insert, Remove, Change and Delete).(Figure 4.19)

8The responsible of the site is an IPBrick user. When the site is created a folder is put in hisaccount with the name of the inserted site. The files management of this site is done throughthis folder.

9Alias or Host Header is a simple form of having access to certain contents that are physicallydislocated from the main directory of the side. For more information please see the examplesection.


74 IPBrick.C

Figure 4.18: Web Server - Site Management


4.5 Web Server 75

Figure 4.19: Web Server - Alias Management


76 IPBrick.C

3. Delete: or remove the site from the web server. After clicking on Update Settings

the site is no longer available online. The files of the site are not eliminatedbut moved to the share sites_bk110 which is accessible to the Administrators.

Body Information list of the selected site

• Name;

• Server responsible;

• FTP User;

• Folder;

• Available for the Internet?.

4.6 Webmail

The Web Mail installed in IPBrick can be configured to deal with other e-mailservers that are not IPBrick. Therefore you only have to indicate in this sectionwhich IMAP11 and SMTP12 servers to use

4.6.1 Servers

Presentation Servers to be used by the Web Mail (Figure 4.20)

Top Menu Here you have a link to Change the configured servers

Body List of configured servers. The servers may be identified by their FQDN13

or their IP address.

4.7 VoIP

This section deals with the management interface of the VoIP14 service availablein IPBrick.

10This is the file location of the removed sites. When IPBrick removes these sites only theservices that are affected are reconfigured and the contents removed to an own share accessibleonly to administrators. It is like in the user accounts and group shares. Other shares of thiskind are Backup1 and Backup2 which save the contents in the Work Area 1 and Work Area 2respectively.

11Internet Message Access Protocol12Simple Mail Transfer Protocol13Fully Qualified Domain Name14Voice over IP


4.7 VoIP 77

Figure 4.20: WebMail - Servers


78 IPBrick.C

4.7.1 Registered Phones

In (Figure 4.21) it is possible to see the registered IPBrick VoIP clients (IPtelephones, workstations + softphone). In section 3.1 you find the description ofthe menu to insert the machines.

Figure 4.21: Registered Phones

In Options we can configure the following fields (Figure 4.22):

• Router with full DNAT?: If IPBrick is connected to a router responsiblefor the access to the exterior (in terms of VOIP) that allows the passage ofall traffic, YES shall be selected and the external address of that same routerindicated;

• Voicemail: Indicates if the voicemail is Enable ou Disable;

• Attendance Timeout: Time during which the call is sent to the destinationphone, before being terminated or redirected to another phone;

• Connection Timeout: Time during which one tries to establish the connec-tion (seconds), at its end the attempt is concluded;


4.7 VoIP 79

• Intranet VoIP Server Only?: VoIP server only in the Intranet YES or noNO.

Figure 4.22: VoIP - Options

4.7.2 Alternative Addresses

In this interface (Figure 4.23) it is possible to create alternative addresses foralready existing VoIP clients. For example, if the office from Joao Silva has thetelephone [email protected] than you can create the address [email protected]. This way the client can be reached over these two addresses. It is possible toinsert more than one alternative address per telephone/softphone.

4.7.3 Active Telephones

Online VoIP clients are presented in this interface (Figure 4.24).


[email protected]

[email protected]

[email protected]

80 IPBrick.C

Figure 4.23: Alternative Addresses


4.7 VoIP 81

Figure 4.24: Active Telephones


82 IPBrick.C

Figure 4.25: VoIP - Block Calls


4.7 VoIP 83

4.7.4 Block Calls

4.7.5 Call Statistics

In this section we can see which calls have been made and which calls are stillin progress. Relating both of them, it is shown the:

• total number of calls (made or in progress);

• Phone;

• Source address;

• Destination address;

• Start;

• End;

• Duration.

4.7.6 Routes Management

In this option we can see (Figure 4.26) Local routes and a SIP addresses list

configured in IPBrick. There is a button Insert associated to each of them, andthe configuration is next indicated.

Local Routes Local Routes allow the treatment of the interconnections of LANwith PBX or PSTN and may be of 4 types:

• PSTN -> LAN;

• PBX -> LAN;

• LAN -> PBX;

• LAN -> PSTN;

When clicking the destination of each local route, it is possible to Change,Erase or Insert the Prefixes intended for each route.

SIP Addresses List Here one may see the list of the already configured SIP15

addresses. When inserting a new address, the generated page requires the followingdata:

• Name: server’s name;

• SIP Server Address: IP Address or SIP Server name;

15Session Initiation Protocol


84 IPBrick.C

Figure 4.26: VoIP - Routes management


4.7 VoIP 85

• RTP16 Proxy: If it is Enable or Disable;

• Rota de entrada: it indicates if this is an entry route Yes or No.

Afterwards, one should press the button Insert so that the address is added.

4.7.7 Attendance Sequence

The attendance sequence allows to indicate, if the call is not answered on thefirst phone, the phone to which the call shall be transferred.

16Real Time Protocol


86 IPBrick.C


Chapter 5

Advanced Settings

You can configure several services in the menus of this chapter.The chapter is divided in the following main sections

• IPBrick;

• Telephony;

• Network;

• Support Services;

• Settings;

• System.

5.1 IPBrick

5.1.1 Definitions

In this section will be treated some very essential IPBrick server configurations.In Domain Definitions you configure the hostname and the server DNS do-

main. The Fully Qualified Domain Name is composed by the machine name andthe DNS domain. For example, if you have the hostname ”ipbrick” and the DNSdomain empresa.pt the FQDN will be ”ipbrick.empresa.pt”. In order to changethese definitions click on Change.

In Network Definitions, you configure IPBrick interface properties of theprivate and public network. The properties are the IP address, the mask, thenetwork address and the broadcast address.

⇒ Note: The private interface is the first network interface card (NIC) thatIPBrick detects on the server.

If IPBrick works as an Intranet server (IPBrick.I ) it is only necessary to con-figure the private interface. In this case the private interface (in case the serverwhere IPBrick was installed has two NICs) can stay with the configurations by


88 Advanced Settings

default and is not allowed to have a connected network cable. If IPBrick works asa Communication server (IPBrick.C ) or if it combines the work of an Intranet andCommunication server (IPBrick.I + IPBrick.C ) it is necessary to configure twonetwork interfaces (in both situations the server where IPBrick has been installedhas to have two NICs). In order to change the network interface definitions clickon ETHO or ETH1. The IPBrick gateway is defined in Route by Default.

If IPBrick works as an Intranet server (IPBrick.I ) the address to fill in thisfield is the address of the equipment that connects with the Internet. This equip-ment can be for example a Communication IPBrick or a router.

! Attention: In the just described situation the gateway IP address has to bean address of the same IP network configured in the private interface, the ETH0.For example, if the IP address of the private interface is 192.168.1 the gateway IPaddress has to be 192.168.1.x. To configure the gateway choose the interface ETH0.

If IPBrick works as a Communication server (IPBrick.C ) or if it combinesthe work of an Intranet and Communication server (IPBrick.I + IPBrick.C ) theaddress to fill in this field is the address of the equipment that connects with theInternet, for example a router.

! Attention: In the just described situation the gateway IP address has tobe an address of the same IP network configured in the public interface, the ETH1.To configure the gateway choose the interface ETH1.

Click on Change to modify the Gateway definitions.

5.1.2 System Information

On this page you can find the following information: a summary of the IPBricksettings, the active time of the machine (counting from the last time the machinewas started), the traffic volume in the logical and hardware interfaces (ETH0 andETH1), the server hardware characteristics, the memory usage and the server harddisk partitions.

5.1.3 Web Access

In this section you can change the access data of IPBrick, which by default isthe following:

• Login: admin

• Password: 123456

Both administrator password and login are exclusively for the IPBrick accessauthentication through the web interface. You can change both.⇒ Note: In contrast to the Administrator user this login has no work area

in IPBrick.IPBrick is currently available in five languages:


5.1 IPBrick 89

Figure 5.1: IPBrick definitions



Figure 5.2: System Information


5.1 IPBrick 91

Figure 5.3: Access Login



• Portuguese;

• English;

• Spanish;

• French;

• Dutch.

This section allows the alteration of language in IPBrick. To execute that al-teration, it is only necessary to choose, click Change, select the intended languageand afterwards click in Update Settings so that the alterations become effective.If you want to accede the IPBrick configuration interface through the internet(External Web Access), you should click Change and choose Yes. It is also indis-pensable to activate the HTTPS service for the Internet. It is necessary to clickUpdate Settings so that it can become effective.

In this page you can handle the IPBrick licensing. If you possess an exper-imental license, you should click on ”Download the file to send” and send it [email protected]. After receiving iPortalMais answer (withan attached file), you should Cancel temporary License and in the generated pageyou may insert the file you have received, and this way the license shall be perma-nent.

5.1.4 Authentication

This section is particularly important because here you define the authentica-tion type to access IPBrick services, like for example the e-mail service. In orderto read e-mails a user needs to have a user name and a keyword for authentication.In this section you define where IPBrick verifies the user data in order to allowor deny later access. IPBrick can check user data in the server or outside fromanother server. The following options are available:

1. IPBrick Master: the authentication is done in IPBrick. Even if there is an-other authentication server this IPBrick is the Master authentication server.

2. IPBrick Slave: authentication is made in IPBrick but this IPBrick is notthe main authentication server. It is a secondary authentication server, syn-chronising its users database with master IPBrick ;

3. IPBrick Client: in this type of authentication, the customer uses an IPBrickserver to do its authentication, without the users database;

4. NetBios client: for compatibility with Windows NT users;

5. AD Domain Member (Master IPBrick): in this case, IPBrick is member ofan AD Domain, and possesses a copy of the users database;

6. AD Domain Member (Slave IPBrick): IPBrick is also a member of the do-main, synchronising its copy of the users database with the Master IPBrick,which is also a member of that domain.


[email protected]

5.1 IPBrick 93

Figure 5.4: Language



Figure 5.5: Authentication


5.1 IPBrick 95

! Attention: After changing the authentication type and clicking on Update Settings

IPBrick restarts automatically.

Chose the Master IPBrick in the following two situations:

• When there is only one IPBrick in the organisation and users have alreadybeen registered in IPBrick.

• When there are two or more IPBrick in the organisation but this IPBrickis the Master authentication server. In this case it is necessary to name thesecondary servers (Slaves). Therefore click on Slaves and indicate the nameor the IP address for each secondary server.

Only chose the Slave IPBrick in the following situation.

• When there is another IPBrick in the organisation configured as the LocalLDAP (Master). In this case you can’t register users in the IPBrick config-ured as Local LDAP. You only have to indicate the name or the IP addressof the IPBrick configured as Master (Local LDAP).

Chose the AD Domain Member in the following situation:

• When you have a Windows server in the organisation with all user registra-tions. In this case you don’t have to register a user in IPBrick. You needthe following data to configure the Win Server authentication type:

1. IP address of the AD server;

2. Domain name

3. User name and password of a remote domain user who has Administra-tor permissions

4. Administrator and Base DN;

5. Users search base DN;

6. Groups search base DN;

⇒ Note: In order to organise and save the user information IPBrick uses aLightweight Directory Access Protocol (LDAP). The LDAP is a directory ser-vice where all information of a organisation is saved (users, computers, contacts,printers, etc.).

5.1.5 Multiprocessing

Most recent computers have multiple processors (virtual or material). To makethe most of these several processors, it is necessary to activate the multiprocessingsupport, according to Figure 5.6. After this one becomes effective, the system shallstart-up a Kernel the SMP1 type.

1Symmetric MultiProcessor



Figure 5.6: Multiprocessing


5.2 Telephony 97

5.2 Telephony

In this section (Advanced Settings � Telephony) it is possible to configureRDIS BRI, RDIS PRI or ANALOGIC cards. After its material configuration2, itis necessary to execute its configuration in IPBrick. To that end, it is necessaryto know how the material configuration of the plate was made, that is, the con-figuration of each door. To insert it is necessary to choose the connection Insert,and afterwards indicate (Figure 5.7):

Figure 5.7: Telephony - Insert

• Card type:

– Analogic;

– RDIS BRI;

– RDIS PRI.

• Number of ports: 1, 2, 4, 8, etc (it depents on card configuration);

• Ports Configuration:

– Port:

∗ PSTN;

∗ PBX.

– Configuration:

∗ NT PtP (Point to Point);

2For more information please read IPBrick.GT Installation Manual



∗ NT PtMP (Point to Multi-Point);

∗ TE PtP (Point to Point);

∗ TE PtMP (Point to Multi-Point).

The Insert button is to confirm the addition of the new card.After configuration of the card, when acceding Advanced Settings � Telephony,

shall appear the list with the configured cards, according to Figure 5.8.

Figure 5.8: Telephony

5.3 Network

Here you have the service configurations related to the firm network structure.You define personalized rules for the firewall, rules and QoS3 priorities as well asindicate the routes to other internal (or external) networks.

5.3.1 Firewall

Presentation This section deals with the IPBrick firewall management. Someof the pre-defined rules were already mentioned in the section Firewall in thechapter IPBrick.C (rules that can’t be changed by the user, only deactivated).In the meantime the configuration of some other services demands some otherrules. These rules can only by managed in part by the user in the Order section.Nevertheless, IPBrick offers his administrator an advanced interface for the firewallmanagement. There he can define a group of rules with high personalisation.

3Quality of Service


5.3 Network 99

Figure 5.9: Network - Firewall



Top Menu Here you have links to:

1. Insert: new rules in advanced mode

2. Delete: already inserted rules

3. Order: the order interface of all existing rules in the firewall

The insertion of new rules may be of three types, namely:

• Dnat rule: it allows NAT4;

• Disable machine access: it allows to restrict the traffic of a certain ipdoor/group;

• General configuration: it allows to insert general rules, which need:

– Rule:

∗ INPUT: the data received by the firewall, besides their source;

∗ OUTPUT: data sent by the firewall;

∗ FORWARD: allows the passage of traffic from an interface to another;

∗ PREROUTING: for packages from the internet that accede to a privateip server;

∗ POSTROUTING: for packages that go to the internet, to which thesource ip address (private) is exchanged for a public ip address.

– Interface: you should choose the interface to which you intend toapply the rule;

– Protocol: the protocol (or all) to apply the rule;

– Module;

– Source IP: pack source IP address;

– Source Port: pack source port;

– Destination IP: pack destiny IP address;

– Destination Port: pack destination port;

– Identifier: name of the rule;

– Police:

∗ ACCEPT: to accept the pack and let it pass the firewall rules;

∗ REJECT: Rejects the pack and it is deleted;

∗ MARK: it allows to guard a mark on the pack. These marks mayafterwards be used to take decisions when leading the packs;

∗ LOG: keeps a log of all packs that satisfy the rule.

4Network Address Translation


5.3 Network 101

Body Here you have a list of all user controlled rules. You can change the rulestatus from Enable to Desable. It is not possible to change/rewrite a rule. Toeliminate the rules, you should click Delete, select the rule or rules you wantto remove and press the Delete button. The rules defined by default cannot beeliminated, but they can be disabled.

5.3.2 Routes Management

Figure 5.10: Network - Routes Management

Presentation When there are several networks distributed in a firm and sepa-rated by several routers you have to indicate the router for these networks in orderto allow IPBrick to have access to them.

Top Menu Here you have a link to Insert a new route. In order to do so youhave to indicate the recipient IP network, its mask and the connecting router IP.Besides this you also have to indicate the network interface which is connected tothe network of the indicated router.



Body Here you have a list of the inserted routes.

5.3.3 QoS

Figure 5.11: Network - QoS

Presentation The aim of this IPBrick service is to guarantee a certain level ofservice quality for the end user. Therefore it is important to indicate the avail-able bandwidth for the Internet connection. Certain rules can be established withthis information related to the priority of several traffic types in a network. Forexample, why not limit the bandwidth for the e-mail service to guarantee the min-imum for the web traffic instead of having a connection to the Internet completelyoccupied with mails?

Body Here you see a list of the available Public Interfaces (which is normallyonly ETH1) and the service status for each NIC. You can change the status fromActivated to Deactivated by clicking on it. (Figure 5.12)


5.3 Network 103

Figure 5.12: Network - QoS Management



5.4 Support Service

5.4.1 Machines Management

This section is an advanced version of the machines management menu inIPBrick.I. This interface allows you to add, change or remove the machines regis-trations.

The current IPBrick version allows you in this section to add a new machineto the domain. In order to register simultaneously a machine in the domain, theDNS and/or the DHCP you have to use the IPBrick.I menu in the machines man-agement section.

5.4.2 DNS

Figure 5.13: DNS - Domains

Presentation This is the main section of DNS configuration. Here you canmanage the domains served by the machine and change the machines, alias (CNAME)


5.4 Support Service 105

and the MX5 registrations.

Top Menu Here you have a link to Insert a new domain (Figure 5.14)

Body Here you have a list of several forward and reverse name resolution zonesregistered in IPBrick. You can access the interface management of these areas byclicking on one of them. (Figure 5.15)

Domains

Figure 5.14: DNS - Insert forward and reverse name resolution zones

Insert Zones

Top Menu Here you have a link to get Back to the previous list and cancel thecurrent process of introducing a new zone.

5Mail Exchange record - used to indicate the e-mail servers of a domain



Body Here you see a register form for forward and/or reverse name resolutionzones. You find the following fields:

1. Domain ame of the new registration; e.g. empresa.pt; porto.empresa.pt;acme.inc.

2. IP Network the associated IP network for which you are going to createregistrations of reverse name resolution PTR6.

3. Zone type field that allows you to create a master or secondary zone. Asecondary zone is a copy of another DNS server master zone.

4. Server name of the machine that will serve7 this domain (e.g. ipbrick.domain.com)(this field is only applied on master zones)

5. Email e-mail of the responsible for this domain. This e-mail is registered inthe DNS under the name of the responsible technician for this domain (thisfield is only applied on master zones)

6. Refresh time he time of a secondary zone to see if there are any changes inthe master zone. (this field is only applied on master zones)

7. Transfer retry time the time a secondary zone has to wait to retry theconnection to the master zone, that is, if the last refresh was unsuccessfully.(this field is only applied on master zones)

8. Expiry time the time a secondary zone has to consider the dates of a zoneas valid since the last successful refresh. (this field is only applied on masterzones)

9. Default time-to-live the time in which the other DNS servers have toconsider the dates of this zone as valid. (this field is only applied on masterzones)

10. Master servers he zone master server IP (this field is only applied on sec-ondary zones)

11. Insert Button

Domains Management

Presentation In this section you control all DNS registrations of a selected zone.

Top Menu Here you have a link to get Back to the zones list and see dates of aselected domain. Here you can change or delete a domain registration.

6Pointer7SOA - Start of Authority



Figure 5.15: DNS - Domains Management



Body Here you have a list of several DNS sections:

1. Machines, machines addresses in the current domain (name associated to anIP - machine) e.g.:

myipbrick -> 192.168.2.1

2. Aliases8 alias registration for domain machines (this option is only availablefor a forward name resolution zone) e.g.:

www -> myipbrick

3. Name Servers registration of FQDN addresses of machines that serve thisdomain (DNS). e.g.:

domain.com -> myipbrick.domain.com

4. Mail Servers e-mail server registration for this domain. You can have sev-eral registrations each with different internal positive values. The values indi-cate which registration to use first. The registration with the lowest value isalways the first one to be used. The value to be introduced here must alwaysbe the e-mail server FQDN, no matter if it is a server of the domain itself, like.empresa.pt., or an internet server, like mail.saturno.com.. This optionis only available for a forward name resolution zone. For example:

20 mail.saturno.com

10 ipbrick.empresa.pt

5. VoIP Servers registration of VoIP servers for this domain. The value tobe introduced here is the FQDN of the VoIP server, like for example voip.

empresa.pt. This option is only available for a forward name resolutionzone. For example:

voip.empresa.pt

Forwarders

Presentation If a DNS server receives a request for a domain which he neitherserves nor has in cache, then the server has to forward this request to other DNSservers in the Internet. The forwarders should be the most nearest which arenormally the ISP DNS servers. Here you have the most appropriate interface toregister the nearest DNS servers. (Figure 5.16)


voip.empresa.pt

voip.empresa.pt


Figure 5.16: DNS - Forwarders



Figure 5.17: DNS - Name resolution



Name Resolution

Presentation No matter if the DNS service is being executed or not in thisserver you can configure the server to handle its DNS requests in another server.You can apply this configuration to all server services (with the obvious exceptionof the DNS server which uses its forwarders for requests he does not know). Inorder to make the server use its own DNS you have to configure the IP of thelocalhost9, 127.0.0.1 (Figure 5.17)

5.4.3 DHCP

Subnets

Presentation Here you see the configuration section of the DHCP. You candefine the subnets to be served as well as the machine network configuration pa-rameters. (Figure 5.18)

Figure 5.18: DHCP - Subnets

8Alternative names9local server



Top Menu Here you have a link to Insert new subnets, configure Redundancy

parameters and define General Options by default. (Figure 5.19)

Figure 5.19: DHCP - General Options

Body Here you have a list of the inserted subnets. Each line is a link that opensa configuration form with options for each subnet. (Figure 5.20)

Insert

Presentation It allows the insertion of sub-networks.

Top Menu Connection to Back.

Body It allows the insertion of the sub-network data, which shall be attributedto customers. These data are:

• Network Address: here you should indicate the network address and itsmask;



Figure 5.20: DHCP - Subnets Definition



• Dynamic addresses group: which group of addresses are reserved for thecustomers;

• Customers mask: the network mask to be given to customers;

• Broadcast address: the broadcast address to be given to customers;

• Default lease time: the default time during which the lease of the addressis valid;

• Max lease time: maximum time;

• Option Router: the router address that shall serve as a default route;

• DNS Servers: a list (one by line) of the NetBios servers to be used bycustomers;

• DNS domain: the name of the domain indicated to the customers.

General Settings

Presentation It allows to insert data attributed by default.

Top Menu Connection to Back.

Body It allows the insertion of general network data, which shall be attributedby default to the customers. These data are:

• Base domain;

• DNS servers;

• NetBios servers;

• Customers mask;

• Default lease time;

• Max lease time.

You may also want the DNS Dynamic Update. In this case, you should choose”Yes” in the respective box.

Redundancy

Presentation If you don’t configure two servers as primary and secondary re-spectively there can only be one DHCP server in a network. This function allowsyou to have redundancy in the DHCP service as long as you configure a com-munication channel (connection) between the primary and the secondary server.(Figure 5.21)



Top Menu Here you have a link to get Back and Insert a new connection.

Body Here you see a list of the inserted connections. Each line is a link to aform with connection configurations.

Figure 5.21: Redundancy

Machines

Presentation Here you see a list of the registered machines with their MAC ad-dresses in the DHCP service. You can register the machines in Machines Management

(see section 3.1, page 11) or directly in this section.

5.4.4 Images Server

This interface is related to the image replication service of Linux user stations.

Images Management

In this interface you can insert images of user stations from a cd. You can alsosee information about the images that are currently in IPBrick as well as its size



Figure 5.22: DHCP - Machines


5.5 Settings 117

on the hard disk.

Clients

Visualization of the in IPBrick registered machines and their associated images(if there are any).

5.5 Settings

All configurations that are done in IPBrick through the web interface are savedin a database. In this way any changes done will only be effective in the systemafter Update Settings.

Besides, when you update the settings in IPBrick a copy with all settings isautomatically saved on a USB pen.

! Attention: A pen should always be connected to the server where IPBrickis installed. On this pen is saved a copy with all settings. With it you can recoverthe configurations done in IPBrick.

Each copy on the pen is listed with date and hour of when it was created.

5.5.1 Replace

In this section you see a list of all saved copies on the USB pen. In order toreplace a setting you just have to click over it.

⇒ Note: All services will be reconfigured when replacing a copy of the set-tings. After the configuration of all services IPBrick restarts automatically.

5.5.2 Download

This section allows you to download the copies of the configurations done to alocal computer.

With this useful option you can save IPBrick settings on another place.

5.5.3 Upload

In this section it is possible to upload a previously downloaded configurationfile to the server.

! Atention: It is not possible to use setting copies in different IPBrick ver-sions. The configuration files are not compatible with the different IPBrick ver-sions.



Figure 5.23: Replace Settings


5.5 Settings 119

Figure 5.24: Download Configurations



Figure 5.25: Upload remote configurations


5.6 System 121

5.6 System

Inside the menu System, we can find the options indicated in the followingpoints.

5.6.1 Services

In Services (Figure 5.26) you find a list of several services available in IPBrick.The State column shows you if the service is enable or disable. It is possible torestart any service without having to restart IPBrick.

Figure 5.26: Services

In order to restart any service you have to:

• Change the State from Enable to Disable

• Update Settings

• Change the State from Disable to Enable

• Update Settings



The Start column defines the way of how each service has to start with theserver (whether after a reboot or after a period while the server was disconnected).If you see Automatic in the Start column of a service then the service will startautomatically with the server. On the other way, if you see Manual on the columnthen the service will not start with the server. Nevertheless it can be startedmanually in this menu by changing its State from Disable to Enable

⇒ Note: Any changes in the Start column of a service will not have im-mediate effects on the service start. The changed start will only be valid for thenext server start. On the other way, a change in the State column has immediateeffects. That is, by changing the service state from Enable to Disable IPBrickstops this service (after clicking on Update Settings).

5.6.2 Task Manager

The Task Manager shows you a list of all executed processes in IPBrick.It gives you information about:

• The system user name that started the process

• The date of the process start

• The memory and CPU percentage that the process is using

In this section it is possible to stop a certain process. Therefore you only haveto click over the process identifier.

! Attention: Speaking in generally, the executing processes should not bestopped this way. To stop a process in this interface may cause instability in IP-Brick. In order to stop services use the Services menu.

5.6.3 Date and Hour

In this menu (Figure 5.27) you can see and change the server date and hour.

5.6.4 System Logs

In this menu you can see the IPBrick logs. The logs are an important infor-mation source for the system work.

The most recent information is available in Current Log. In case there areother log registrations then each of them provides information generated by IP-Brick till their indicated date (Figure 5.28).

5.6.5 SSH

The SSH menu implements a save connection to the IPBrick shell, showned inFigure 5.29.


5.6 System 123

Figure 5.27: System Date and Hour



Figure 5.28: System Logs


5.6 System 125

Figure 5.29: SSH



The SSH (Secure Shell) is similar to the known Telnet application but onlysaver.

⇒ Note: This function needs the installation of Java Virtual Machine. Thesoftware is available in www.java.com.

Before making a connection it is necessary to make an authentication. There-fore you need the introduce the following data:

• Username: operador

• Password: L1opardo

5.6.6 Reboot

This option allows you to reboot IPBrick(Figure5.29). After confirming thereboot option the web connection with the server is automatically stopped. WhenIPBrick starts again it is possible to establish a new https connection with theserver.

Figure 5.30: Server Reboot


www.java.com

5.6 System 127

5.6.7 Shutdown

This option is to shutdown IPBrick (Figure 5.31), assuring that all the servicesare correctly concluded. You should resort to this menu, whenever it is necessaryto shutdown IPBrick.

Figure 5.31: Shutdown server




Chapter 6

Update Settings

The option Update Settings allows you to make the configurations done inIPBrick become effective in the system. In other words, any realized configurationsbecome only effective in IPBrick after clicking on Update Settings.

Figure 6.1: System update


130 Update Settings


Chapter 7

Appendix AJoin in the domain

7.1 Join in the domain

This section describes the process of:

• Configuring a workstation with DHCP;

• Joining a workstation in a domain.

This process description presupposes the following:

• the domain controlling server is IPBrick.I ;

• the DNS domain is empresa.pt;

• the domain is EMPRESA.

In order to join a workstation in a domain you need to do the following steps:

1. Know the MAC address of the machine’s network interface card;

2. Chose a machine ”name”;

3. Have a machine IP address;

4. Create an entry for the machine in IPBrick.I ;

5. Update IPBrick.I.


132 Appendix A - Join in the domain

7.1.1 Windows XP Professional Workstation

⇒ Note: Before starting the process of joining a machine in a domain youhave to know the username/password of a user who is administrator of the XPmachine. Then you can start the migration process.Therefore you have to:

1. Press [windows];

2. Select My Local Network ;

3. Select Network Connections ;

4. Right click the icon Local Network Connection and select Properties ;

5. Chose TCP/IP in the open window and click on Properties;

6. Chose Get the IP Address Automatically in the open window and thenselect Get the DNS server addresses automatically;

7. Close the network properties windows.

The next step is to confirm that the machine IP address is the same that wasintroduced in IPBrick.I. Therefore you have to:

1. Press the keys [windows]+[R];

2. cmd [ENTER];

3. ipconfig /all;

4. Check the information in the IP Address field.

If the IP address is not the one introduced in IPBrick you have to release itand renew it with the following commands:

1. Press the keys [windows]+[R];

2. cmd [ENTER];

3. ipconfig /release;

4. ipconfig /renew;

5. ipconfig /all.

If the machine IP address is right you can join the machine in the domainEMPRESA:


7.1 Join in the domain 133

1. Press the keys [windows]+[pause] and open the System Properties;

2. Select ”Computer Name”, click on ”Change...” and give the computer a name(the name must have been created in IPBrick.I before);

3. Press button ”more..” and add the dns machine domain: empresa.pt. Donot select the option Change the primary dns suffix when the association tothe domain is changed ;

4. Insert EMPRESA in the domain. The password of the domain EM-PRESA or of the machine administrator may be requested;

5. Click OK and close ”System Properties”;

6. Install the WinXPSignOnSeal (changes an entry in the machine registry).Therefore copy the file to the machine. Right click and select Add;

7. Restart the machine. While the machine is starting you can already loginthe domain EMPRESA.

⇒ Note: The workstation must not be with the DHCP. It can be configuredwith a fix IP address. In this case you don’t have to fill in the field Mac Address

while you register the machine in IPBrick.


134 Appendix A - Join in the domain


Chapter 8

Appendix BConfiguring a VPN connection

8.1 Configuring a VPN connection (PPTP)

In order to create a VPN (PPTP) connection in a Windows XP Professionalworkstation you have to do the following steps:

1. Press [windows]

2. Select Control Panel

3. Double click Network Connections

4. In the window Network Connections, select Create a New Connection

5. The Wizard appears to create a new connection. Select ”Connect to my workarea network” (refers to the VPN description), ”Virtual Private NetworkConnection”. After that select a name for the connection to be created, forexample ”Enterprise connection”. Then you have to indicate the IP addressor the full name by which IPBrick is known in the Internet. At last you haveto select who can use the VPN connection.

The VPN connection is configured. In order to establish a VPN you only haveto introduce the user name and password registered in IPBrick. IPBrick is nowworking as a VPN-PPTP server.


136 Appendix B - Configuring a VPN connection


Chapter 9

Appendix CConfiguration of a VPN SSLconnection (Open VPN)

9.1 Configuration of a VPN SSL Connection (Open

VPN)

To create a VPN connection (Open VPN) in a Windows XP Professional work-station it is necessary to install the Open VPN GUI software::

• Open VPN - VPN Open Source Pack;

• Open VPN GUI - Graphic Interface for Open VPN.

The installation of this pack should be executed without changing the defaultdefinitions. This software is installed in directory C:\Program Files\OpenVPN.The certificate generated by IPBrick must be unpacked into directory C:\Program Files\OpenVPN\config.

To initiate VPN connection, press the right button on icon OpenVPN in thetoolbar, choose the intended connection and press Connect.

Insert the password used to create the certificate in IPBrick and the VPN shallbe established.

9.1.1 Two or more SSL certificates

When it is intended to put more than one certificate in the same workstation(create VPN connections for distinct places) it is necessary to execute the nextsteps before putting the certificates into directory C:\Program Files\OpenVPN\config:

1. Change the file name ca.crt, p.e., into ca1.crt.

2. Edit the file <certificado>.ovpn and change the line with the entry ca ca.crtinto ca ca1.crt.

After that, copy the 4 files that compose the certificate into directory C:\Program Files\OpenVPN\config.


Documents

IPBrick Reference Manual...10 Before Starting causes a restart of IPBrick (IPBrick needs approximately 1 minute to restart, depending on the hardware where it is installed). After