This post is part of a series, for the series contents see:
With my Ubuntu VM built, the next step was to get Zentyal firewall installed and configured.
This was a right pain in the butt. If ClearOS wasn’t a Market Place product (and therefore out of reach for my MSDN subscription) I would have just dumped Zentyal and gone for that instead.
- First I thought I’d get the latest version (5.0 at the time of writing) installed on Ubuntu 16.04-LTS but it hit a load of dependency issues at install time.
- Then I went old skool and tried to install version 3.5 on Ubuntu 14.04-LTS to no avail – same problems.
- Eventually I got it working with 4.2 on Ubuntu 14.04-LTS.
Because I don’t have a site-to-site VPN, or ExpressRoute, I had to jump off of my management VM to hit the firewall box:
Once I had an SSH session, then installing Zentyal was as simple as these commands (credit to this blog post):
#Add the repository deb http://archive.zentyal.org/zentyal 4.2 main sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 10E239FF wget -q http://keys.zentyal.org/zentyal-4.2-archive.asc -O- | sudo apt-key add - #Apply updates and then install Zentyal sudo apt-get update sudo apt-get install zentyal
Once all the packages have been pulled down and the installer has kicked in you get asked to set a MySQL password:
Then you get prompted to set a port over which to access the Zentyal web interface. I simply used the default of “8443”:
With that all set, the next step is to hit that web interface. I jumped onto my management server (mgmt-vm) and hit it from there:
After logging in with the “adminuser” credentials I setup the VM with, I was prompted to go through the initial setup:
Zentyal is actually a pretty feature rich piece of software but for the purposes of this lab I just need the firewall:
To get the firewall setup, the installer prompts you to specify which interfaces are internally or externally facing so I set my 10.2.1.4 interface (eth0) as my internal side of the firewall and 10.2.1.5 (eth1) as external:
Next up, you have to choose the addressing of the interfaces. As we’re in an Azure IaaS world “DHCP” is the right choice for each interface here but annoyingly the external interface doesn’t let you choose this option so I manually configured it to get me through the installer (later I went back changed it to be DHCP too):
Then, ta da, it’s all done:
Which leads to……
Obviously, in the real world I would heed the warnings and get the box updated but after all the trouble getting this set up I can’t be bothered to risk breaking it so it can stay as is, which is to say “functioning”.