License terms and conditions

I cannot find the terms and conditions for the VirtualminPro product ... but it seems I read this somewhere in the forum ... if I have a single unlimited VminPro license, is it valid to run a second instance on a server intended strictly as a "hot swap" backup system?

Also, I note that if I have a firewall enabled on the backup system (so no one can use it) it cannot connect to the Virtualmin license server:

"Now re-checking your Virtualmin license ..
.. a problem was detected : Failed to contact licence server : Failed to lookup IP address for software.virtualmin.com"

If I open the firewall, this works just fine, but since this is a non-production, backup system (assuming I can run such under the license), what do I need to open on the firewall to allow access. Tried allowing 67.228.198.99 for TCP/IP and that didn't seem to work either ...

Status: 
Closed (fixed)

Comments

Yes, it is fine to use the same license on a backup system..

Regarding the problem contacting software.virtualmin.com , this will eventually cause a warning to appear when you login to Virtualmin on the backup system. However, it won't actually break anything, and will go away if and when the backup system is 'promoted' to become the master, and gets network access back.

Does that answer all your questions?

oopps! I also find that the not only does the firewall prohibit validation of the license, it also doesn't allow updates ... same reason as far as I can tell ... can't communicate with software.virtualmin.com

I can open the firewall, do software upgrades and then close it ... again, wondering if there's a rule for an IP that will allow me to have the firewall allow legitimate communication with the software.virtualmin.com system ... IP or IP range to allow?

Currently software.virtualmin.com is a single machine at 67.228.198.99, but that may change in future. Also, even if you allow this, you won't be able to install other OS updates like MySQL, PHP and so on, as they come from your distribution vendor's repository.

Perhaps it would be simpler to allow outgoing connections, but not incoming?

Rereading this thread ... I thought I'd clarify the firewall issue. What I intended to do with the firewall was to add a chain that limited access only to specific IP addresses, blocking all others. I guess I don't see how to allow all outgoing connections nor do I see how this will open the system for updates while closing it for specific systems. I've fiddled a bit and still haven't had much luck. Basically, at the top of the IPUT ruls section, I addeda rule to call a chain that has rules that accept incoming access form just spefici IP addresses (and 67.228.198.99 is one). One guess was that port 53 (TCP and UDP) were denied for all but the allowed IP's so DNS resolution for software.virtualmin.com was blocked. However, moving the alow 53 rules above my cahin still doesn't work right. I have a work around ... when the primary vmin server needs updating, I can togle open the firewall, run updates and close it again. If you have any specific ideas for firewall settings that would block user access but allow update/license verification to work, that would be great.

Are you just using regular Linux iptables for your firewall? If so, setting it up to allow outgoing traffic is easy .. just make sure in your INPUT chain you have a rule like :

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Thanks! That worked! Set it up in Webmin. Made it the first rule in the INPUT chain and made my "restricted access" chain second. All looks fine. Final test will be actually applying updates, but aside from that, license is validating and it is able to correctly populate the update screens ... so I assume updates will work properly as well.