Tuesday, May 24, 2016

Dropbox LAN sync - Save bandwidth and time with local dropbox LAN sync

If you are working in organization which uses Dropbox at the daily bases, you might came across with bandwidth issue especially when syncing large file across different computers. At normal the file should be uploaded to Dropbox servers and then downloaded to each individual computers where the file is shared and this is considerable large use of bandwidth and takes time especially if the file is large enough, but with Dropbox LAN syncing feature bandwidth can be saved and syncing time can be minimized.

What is Dropbox LAN sync?

Dropbox LAN Sync is a feature that allows you to download files from other computers on your network, saving time and bandwidth compared to downloading them from Dropbox servers.

The LAN Sync feature can speed up the syncing of files that exist on your local area network (shared folders and computers connected to the network). It allows Dropbox to check for new versions of a file on your network without having to download the copy of the latter from Dropbox servers.

What is Dropbox LAN sync prerequisites?

 If you want to force a LAN Sync, you’ll need two computers on the network with either the same account or a shared folder in common. Add a file to one of the computers, and the other computer should attempt a LAN Sync. The computers should be in the same LAN.

How to configure and enable LAN sync?

a. Install the Dropbox client on your PC: www.dropbox.com.

b. Allow Dropbox.exe in your firewall's settings: The LAN Sync feature requires access to port 17500 (TCP). Go to the Control Panel > Firewall > Allow app or feature through Windows Firewall.

c. Click on the Dropbox tray icon > Preferences. Go to the Bandwidth tab and tick the Enable LAN sync checkbox: Click on Apply > OK.


Enjoy!



Friday, May 13, 2016

How to enable remote desktop in Window Server 2012 R2 Core

Server Core is a minimal server installation option for Windows Server that provides a low-maintenance server environment with limited functionality.After installing window server core there greater possibility you won't have direct access to server so remote desktop is the best option for you, follow the below steps to enable remote desktop on window server core.

a. Login to the server
After login below is the screen your going to see,


Use the seen command line interface to enable remote desktop.

b. Migrate to system32 directory
cd \Windows\system32
c. Run the script below found in system directory which will show you the current state of remote desktop
cscript scregedit.wsf /AR /v
If it returns 1, that means the remote desktop is not enabled you need to enable it by running the following command
cscript scregedit.wsf /AR 0
As seen below:



d.  Check if remote desktop is enabled on firewall, by running the following command.

Get-NetFirewallRule -DisplayGroup "Remote Desktop" | format-table Name,enabled -autosize

If it return false, enable it by running the following

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

As seen below:



Now you're good you can manage your server any ware by using remote desktop client.
Don't forget to allow tcp/udp port 3389 on the router via port forwarding when the server is inside local area network.

Wednesday, May 4, 2016

CSF firewall installation and configuration for VOIP/PBX systems-Part 2

After installation of csf firewall and webmin done on part 1 of this document, part 2 will concentrate on only configuration of the firewall, configuration to be done is described in steps below.

a. Allowing IP/IP blocks with fully access to the server.
You may start the configuration by adding you own block which should have fully access to pbx/voip system,fully access means the ip's should have fully access to all ports on the server these IP's should be your private LAN ip or ISP ip's if your configuring service providers voip/pbx system, to do so logon to your system via https://serverip:1000, then go to System > ConfigServer Security & Firewall, then csf - ConfigServer Firewall section, add your ip/ip blocks to Quick Allow and Quick Ignore,as seen on example below:

Don't forget to click on Quick Allow and Quick Ignore to save it to configuration file.
You should also add you Voip provider IP, if your system is connecting to online voip provider, otherwise you might experience issue when calls are routed to voip provider.

b. Allowing specific ports for IP/IP blocks without fully access.
Now go Firewall Configuration, to add ports which should be accessible for anyone without fully access to the server, if your voip system is accessible from the Internet, these are ports will be seen directly from the Internet.
You may allow as many ports as you can  for ports going out, but you should restrict ports which are coming to your server as minimum as you can, as far as my research below ports working fine for PBX/VOIP systems,

   i. Incoming
Only allow voip/pbx pors 5060:5061 and 10001:20000 which are used as media ports for some pbx systems, so the setup may look as below.
       a. TCP
           5060:5061

         b. UDP
           5060:5061,10001:20000

   ii. Outgoing
As i said you may allow as outgoing ports as you can, no problem on this.

       a. TCP
           20,21,22,25,53,80,110,113,443
       b. UDP
           20,21,53,113,123,1000:65000

So the setting will look as below,

c. Blocking ping from outside
You may also need to block ping from outside as means of security, to do search for Allow incoming PING and change it from ON(1) to OFF(0).



d. Enabling the firewall
When all configuration is done, you should enable the firewall for it to be operation on your server, go back to the beginning of configuration file and look for TESTING part and turn it off, as seen below:

e. Testing the firewall
After enabling the configuration you should now test the firewall to make sure it works as intended, below are hints for testing.

-Test if all pbx users are able to call via the pbx, also monitor if they can hear the voice with required quality.
-Test if the users coming from restricted IP are able to access the admin interface of PBX/VOIP, i mean any traffic going to port 80/443, they should not as the access to only be available to allowed IP's.

There a lot of settings which can be done on CSF firewall, but above is minimum which can be used to lock down your VOIP/PBX systems,drop down comments if you face any problem implementing the settings.