I recently went back to using clearOS after getting some new hardware. I have run into a weird issue. When behind my ClearOS box, I cannot browse to www.clearos.com. I have tried putting the URL and IP of my cliant and the web site into the bypass lists, but it doesn't help. Anyone have any ideas? I can resolve www.clearos.com fine using nslookup, ping, etc.
Share this post:
Responses (15)
-
Accepted Answer
-
Accepted Answer
This is what I am doing for UPNP:
[root@zelbinion firewall.d]# [root@zelbinion firewall.d]# cat local
#XBOXONE1 is set to the IP of the XBOX
#create a new variable for any others
XBOXONE1=192.168.2.100
XBOXONE2=192.168.2.102
XBOXONE3=192.168.2.103
XBOXONE4=192.168.2.104
$IPTABLES -t nat -I PREROUTING -i ${LANIF} -s ${XBOXONE1} -p tcp -m tcp --dport 80 -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i ${LANIF} -s ${XBOXONE2} -p tcp -m tcp --dport 80 -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i ${LANIF} -s ${XBOXONE3} -p tcp -m tcp --dport 80 -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i ${LANIF} -s $(XBOXONE4} -p tcp -m tcp --dport 80 -j ACCEPT -
Accepted Answer
... unless your firewall rules are now different from the ones you posted. The PREROUTING port 8080 rules give away the transparent proxy. I was thinking the INPUT port 3128 rule was teh content filter, but now I'm not so confident. DNSThingy/GM is all the DNSTHINGY rules and chains.
How are you bypassing the MiniUPNP for the XBox? I've no idea how MiniUPNP would work with multiple XBoxes. -
Accepted Answer
Strange, I have all of them turned off. I can send screenshots.
I'm starting to winder if a re-install is in order, as I am having issues with UPnP also. Specifically, xbox live party chats and game connections are not working correctly even though the xbox IP's are bypassed.
Nick Howitt wrote:
By your firewall rules, you have the proxy, content filter and GM running at the same time. The content filter is blocking just about everything. -
Accepted Answer
-
Accepted Answer
Bane wrote:
I am currently testing with proxy/content filtering, and gw management off. enp1s0 is a physical interface. I have four NIC's on the appliance.
If by clocks, you are talking about the system date/time, then the system date/time is accurate.
Nick Howitt wrote:
If it is SSL, check your clocks. ClearOS does not intercept SSL.
Can you remove enp1s0 from network.conf, unless it physically exists? Presumably it is a hang-up from your system change.It may be worth removing it anyway.
You seem to be operating DNSThingy/Gateway Management. Can you disable it for the moment just to test if it is doing the blocking. Are you using the Don't Talk to Strangers feature?
Are all the PREROUTING rules your Proxy Bypass rules? Note the Proxy should not be touching SSL traffic.
..... and I've remembered. The proxy and DNSTHingy/GM do not work well together. Use one or the other, but not both. If you can, I'd just use DNSThingy/GM. The proxy in transparent mode is not much use these days as a huge amount of traffic is now https which the proxy does not touch. -
Accepted Answer
I am currently testing with proxy/content filtering, and gw management off. enp1s0 is a physical interface. I have four NIC's on the appliance.
If by clocks, you are talking about the system date/time, then the system date/time is accurate.
Nick Howitt wrote:
If it is SSL, check your clocks. ClearOS does not intercept SSL.
Can you remove enp1s0 from network.conf, unless it physically exists? Presumably it is a hang-up from your system change.It may be worth removing it anyway.
You seem to be operating DNSThingy/Gateway Management. Can you disable it for the moment just to test if it is doing the blocking. Are you using the Don't Talk to Strangers feature?
Are all the PREROUTING rules your Proxy Bypass rules? Note the Proxy should not be touching SSL traffic.
..... and I've remembered. The proxy and DNSTHingy/GM do not work well together. Use one or the other, but not both. If you can, I'd just use DNSThingy/GM. The proxy in transparent mode is not much use these days as a huge amount of traffic is now https which the proxy does not touch. -
Accepted Answer
If it is SSL, check your clocks. ClearOS does not intercept SSL.
Can you remove enp1s0 from network.conf, unless it physically exists? Presumably it is a hang-up from your system change.It may be worth removing it anyway.
You seem to be operating DNSThingy/Gateway Management. Can you disable it for the moment just to test if it is doing the blocking. Are you using the Don't Talk to Strangers feature?
Are all the PREROUTING rules your Proxy Bypass rules? Note the Proxy should not be touching SSL traffic.
..... and I've remembered. The proxy and DNSTHingy/GM do not work well together. Use one or the other, but not both. If you can, I'd just use DNSThingy/GM. The proxy in transparent mode is not much use these days as a huge amount of traffic is now https which the proxy does not touch. -
Accepted Answer
[root@zelbinion firewall.d]# ifconfig | grep netm -B 1
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.2 netmask 255.255.255.0 broadcast 192.168.2.255
--
enp4s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.5.1 netmask 255.255.255.0 broadcast 192.168.5.255
--
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
--
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1492
inet 97.122.64.151 netmask 255.255.255.255 destination 207.225.112.3
--
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.10.1 netmask 255.255.255.255 destination 10.8.10.2
--
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
[root@zelbinion firewall.d]# iptables -nvL
Chain INPUT (policy DROP 123 packets, 5321 bytes)
pkts bytes target prot opt in out source destination
6 456 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
406 21604 DNSthingyBP all -- * * 0.0.0.0/0 172.27.27.27
0 0 DROP tcp -- * * !127.0.0.1 0.0.0.0/0 tcp dpt:3128
305 24983 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
75 21265 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP all -- ppp0 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- ppp0 * 169.254.0.0/16 0.0.0.0/0
12970 7658K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
16154 2300K ACCEPT all -- enp2s0 * 0.0.0.0/0 0.0.0.0/0
140 10920 ACCEPT all -- enp4s0 * 0.0.0.0/0 0.0.0.0/0
35 1015 ACCEPT icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 97.122.64.151 udp dpt:16293
0 0 ACCEPT tcp -- * * 0.0.0.0/0 97.122.64.151 tcp dpt:16293
14 851 ACCEPT tcp -- * * 0.0.0.0/0 97.122.64.151 tcp dpt:81
2160 353K ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
5821 6699K ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4555K 2307M DNSthingyEST all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
5668 1839K DNSthingyIPE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
5668 1839K ACCEPT all -- enp2s0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- enp4s0 * 0.0.0.0/0 0.0.0.0/0
0 0 MINIUPNPD all -- ppp0 !ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
12970 7658K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
15252 13M ACCEPT all -- * enp2s0 0.0.0.0/0 0.0.0.0/0
910 369K ACCEPT all -- * enp4s0 0.0.0.0/0 0.0.0.0/0
162 15296 ACCEPT icmp -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * ppp0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * ppp0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
0 0 ACCEPT udp -- * ppp0 97.122.64.151 0.0.0.0/0 udp spt:16293
0 0 ACCEPT tcp -- * ppp0 97.122.64.151 0.0.0.0/0 tcp spt:16293
12 1696 ACCEPT tcp -- * ppp0 97.122.64.151 0.0.0.0/0 tcp spt:81
7083 586K ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain DNSthingyBP (1 references)
pkts bytes target prot opt in out source destination
5 656 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,6373
401 20948 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 reject-with tcp-reset
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain DNSthingyEST (1 references)
pkts bytes target prot opt in out source destination
7 284 ACCEPT all -- * * 0.0.0.0/0 216.239.38.21
0 0 DNSthingyREJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set dt_wa4 src
4555K 2307M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DNSthingyIPE (1 references)
pkts bytes target prot opt in out source destination
Chain DNSthingyREJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DROP-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.103 udp dpt:53350
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.22 tcp dpt:32400
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.102 udp dpt:53128
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.100 udp dpt:3074
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.104 udp dpt:49412
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.197 udp dpt:56773
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.242 udp dpt:56884
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.217 udp dpt:19132
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.201 udp dpt:1201
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.100 udp dpt:2054
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.100 udp dpt:1203
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.100 udp dpt:53049
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.169 udp dpt:1202
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.201 udp dpt:2065
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.101 udp dpt:56161
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.101 udp dpt:2015
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.2.101 udp dpt:1200
[root@zelbinion firewall.d]#
Chain PREROUTING (policy ACCEPT 10348 packets, 1436K bytes)
pkts bytes target prot opt in out source destination
10700 1456K DNSthingy all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.2 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.5.1 tcp dpt:80
3 120 ACCEPT tcp -- * * 0.0.0.0/0 97.122.64.151 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 167.114.119.127 tcp dpt:80
0 0 ACCEPT tcp -- * * 167.114.119.127 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.217.5.72 tcp dpt:80
0 0 ACCEPT tcp -- * * 172.217.5.72 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.73.252.134 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.73.252.134 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 199.96.57.6 tcp dpt:80
0 0 ACCEPT tcp -- * * 199.96.57.6 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.203.246.237 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.203.246.237 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.204.75.223 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.204.75.223 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.205.40.87 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.205.40.87 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.240.149.130 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.240.149.130 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 66.210.41.67 tcp dpt:80
0 0 ACCEPT tcp -- * * 66.210.41.67 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 72.195.165.48 tcp dpt:80
0 0 ACCEPT tcp -- * * 72.195.165.48 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 72.195.165.72 tcp dpt:80
0 0 ACCEPT tcp -- * * 72.195.165.72 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 74.125.28.155 tcp dpt:80
0 0 ACCEPT tcp -- * * 74.125.28.155 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.72.171.32 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.72.171.32 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 34.194.133.145 tcp dpt:80
0 0 ACCEPT tcp -- * * 34.194.133.145 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.217.1.206 tcp dpt:80
0 0 ACCEPT tcp -- * * 172.217.1.206 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.165 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.165 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.150 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.150 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.166 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.166 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.91 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.91 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 152.90.230.177 tcp dpt:80
0 0 ACCEPT tcp -- * * 152.90.230.177 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 152.90.230.169 tcp dpt:80
0 0 ACCEPT tcp -- * * 152.90.230.169 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 152.90.230.170 tcp dpt:80
0 0 ACCEPT tcp -- * * 152.90.230.170 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 152.90.230.167 tcp dpt:80
0 0 ACCEPT tcp -- * * 152.90.230.167 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.110 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.110 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.192.139.158 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.192.139.158 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.192.139.121 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.192.139.121 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.192.139.174 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.192.139.174 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.192.139.216 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.192.139.216 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.192.139.35 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.192.139.35 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 204.176.0.0/14 tcp dpt:80
0 0 ACCEPT tcp -- * * 204.176.0.0/14 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.111 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.111 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.112 tcp dpt:80
4 240 ACCEPT tcp -- * * 192.168.2.112 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.209 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.209 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.79 tcp dpt:80
1 60 ACCEPT tcp -- * * 192.168.2.79 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.1 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.207.90.113 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.207.90.113 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.55.148.70 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.55.148.70 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 64.37.254.214 tcp dpt:80
0 0 ACCEPT tcp -- * * 64.37.254.214 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 130.248.144.156 tcp dpt:80
0 0 ACCEPT tcp -- * * 130.248.144.156 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.4.160.28 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.4.160.28 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 64.37.254.210 tcp dpt:80
0 0 ACCEPT tcp -- * * 64.37.254.210 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.217.4.168 tcp dpt:80
0 0 ACCEPT tcp -- * * 172.217.4.168 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 157.58.248.200 tcp dpt:80
0 0 ACCEPT tcp -- * * 157.58.248.200 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.43.32.143 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.43.32.143 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.43.45.242 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.43.45.242 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.43.211.100 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.43.211.100 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.88.123.73 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.88.123.73 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.88.165.130 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.88.165.130 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.43.69.87 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.43.69.87 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.88.205.37 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.88.205.37 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.43.110.107 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.43.110.107 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 34.209.185.102 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 35.160.112.124 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 35.166.68.183 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.42.228.237 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.42.235.31 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.69.239.253 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.70.73.70 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.71.111.34 tcp dpt:80
0 0 ACCEPT tcp -- * * 34.209.185.102 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 35.160.112.124 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 35.166.68.183 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.42.228.237 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.42.235.31 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.69.239.253 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.70.73.70 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.71.111.34 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.103 tcp dpt:80
1 52 ACCEPT tcp -- * * 192.168.2.103 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 167.114.119.127 tcp dpt:80
0 0 ACCEPT tcp -- * * 167.114.119.127 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.172 tcp dpt:80
44 2640 ACCEPT tcp -- * * 192.168.2.172 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 151.101.2.217 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 151.101.66.217 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 151.101.130.217 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 151.101.194.217 tcp dpt:80
0 0 ACCEPT tcp -- * * 151.101.2.217 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 151.101.66.217 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 151.101.130.217 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 151.101.194.217 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.3.6.240 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 34.203.123.71 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.3.6.240 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 34.203.123.71 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.226.182.138 tcp dpt:80
0 0 ACCEPT tcp -- * * 172.226.182.138 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 80.91.34.234 tcp dpt:80
0 0 ACCEPT tcp -- * * 80.91.34.234 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 18.211.9.206 tcp dpt:80
0 0 ACCEPT tcp -- * * 18.211.9.206 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 152.90.230.244 tcp dpt:80
0 0 ACCEPT tcp -- * * 152.90.230.244 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 84.234.251.155 tcp dpt:80
0 0 ACCEPT tcp -- * * 84.234.251.155 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 216.58.217.200 tcp dpt:80
0 0 ACCEPT tcp -- * * 216.58.217.200 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.5.35.20 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.5.35.20 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.72.171.32 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.72.171.32 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.1.125.153 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.1.125.153 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 31.13.66.36 tcp dpt:80
0 0 ACCEPT tcp -- * * 31.13.66.36 0.0.0.0/0 tcp dpt:80
--More--
0 0 ACCEPT tcp -- * * 0.0.0.0/0 209.197.3.20 tcp dpt:80
0 0 ACCEPT tcp -- * * 209.197.3.20 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 23.52.253.254 tcp dpt:80
0 0 ACCEPT tcp -- * * 23.52.253.254 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 107.178.243.85 tcp dpt:80
0 0 ACCEPT tcp -- * * 107.178.243.85 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 162.243.1.175 tcp dpt:80
0 0 ACCEPT tcp -- * * 162.243.1.175 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 130.211.12.53 tcp dpt:80
0 0 ACCEPT tcp -- * * 130.211.12.53 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.217.5.200 tcp dpt:80
0 0 ACCEPT tcp -- * * 172.217.5.200 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 151.101.24.65 tcp dpt:80
0 0 ACCEPT tcp -- * * 151.101.24.65 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 23.10.255.56 tcp dpt:80
0 0 ACCEPT tcp -- * * 23.10.255.56 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 216.58.219.8 tcp dpt:80
0 0 ACCEPT tcp -- * * 216.58.219.8 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.1.101.255 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.1.101.255 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.229.163.25 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.229.163.25 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.192.136.69 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.192.136.69 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 8.27.234.123 tcp dpt:80
0 0 ACCEPT tcp -- * * 8.27.234.123 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.192.139.154 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.192.139.154 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.0.204.113 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.0.204.113 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 92.242.140.2 tcp dpt:80
0 0 ACCEPT tcp -- * * 92.242.140.2 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 216.58.216.8 tcp dpt:80
0 0 ACCEPT tcp -- * * 216.58.216.8 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.192.136.69 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.192.136.69 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.192.139.213 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.192.139.213 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 54.192.139.92 tcp dpt:80
0 0 ACCEPT tcp -- * * 54.192.139.92 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 151.101.25.130 tcp dpt:80
0 0 ACCEPT tcp -- * * 151.101.25.130 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 80.91.34.248 tcp dpt:80
0 0 ACCEPT tcp -- * * 80.91.34.248 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.3.6.240 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 34.203.123.71 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.3.6.240 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 34.203.123.71 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 52.4.160.28 tcp dpt:80
0 0 ACCEPT tcp -- * * 52.4.160.28 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 65.0.0.0/8 tcp dpt:80
0 0 ACCEPT tcp -- * * 65.0.0.0/8 0.0.0.0/0 tcp dpt:80
4 232 ACCEPT tcp -- * * 0.0.0.0/0 23.0.0.0/8 tcp dpt:80
0 0 ACCEPT tcp -- * * 23.0.0.0/8 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 23.0.0.0/8 tcp dpt:80
0 0 ACCEPT tcp -- * * 23.0.0.0/8 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 96.0.0.0/8 tcp dpt:80
0 0 ACCEPT tcp -- * * 96.0.0.0/8 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 131.0.0.0/8 tcp dpt:80
0 0 ACCEPT tcp -- * * 131.0.0.0/8 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.100 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.100 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.101 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.101 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.2.104 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.2.104 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 192.168.1.1 0.0.0.0/0 tcp dpt:80
239 12896 REDIRECT tcp -- enp2s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
0 0 REDIRECT tcp -- enp4s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
201 26738 MINIUPNPD all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 3603 packets, 341K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 6001 packets, 586K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 3916 packets, 425K bytes)
pkts bytes target prot opt in out source destination
10044 810K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
6128 385K MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE all -- * ibvpn 0.0.0.0/0 0.0.0.0/0
Chain DNSthingy (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- enp4s0 * 0.0.0.0/0 !192.168.4.1 udp dpt:53 to:192.168.4.1:53
0 0 DNAT tcp -- enp4s0 * 0.0.0.0/0 !192.168.4.1 tcp dpt:53 to:192.168.4.1:53
51 2919 DNAT udp -- enp2s0 * 0.0.0.0/0 !192.168.2.2 udp dpt:53 to:192.168.2.2:53
4 240 DNAT tcp -- enp2s0 * 0.0.0.0/0 !192.168.2.2 tcp dpt:53 to:192.168.2.2:53
1 52 DNAT tcp -- * * 0.0.0.0/0 172.27.27.27 tcp dpt:80 to:172.27.27.27:6373
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53350 to:192.168.2.103:53350
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:18214 to:192.168.2.22:32400
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53128 to:192.168.2.102:53128
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3074 to:192.168.2.100:3074
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:49412 to:192.168.2.104:49412
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:56773 to:192.168.2.197:56773
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:56884 to:192.168.2.242:56884
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:19132 to:192.168.2.217:19132
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1201 to:192.168.2.201:1201
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2054 to:192.168.2.100:2054
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1203 to:192.168.2.100:1203
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53049 to:192.168.2.100:53049
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1202 to:192.168.2.169:1202
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2065 to:192.168.2.201:2065
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:56161 to:192.168.2.101:56161
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2015 to:192.168.2.101:2015
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1200 to:192.168.2.101:1200
[root@zelbinion firewall.d]#
[root@zelbinion clearos]# cat network.conf
# Network mode
MODE="gateway"
# Network interface roles
EXTIF="ppp0"
LANIF="enp2s0 enp4s0 enp1s0"
DMZIF=""
HOTIF=""
# Domain and Internet Hostname
DEFAULT_DOMAIN="gamak.katrotzy"
INTERNET_HOSTNAME="zelbinion.gamak.katrotzy"
# Extra LANS
EXTRALANS=""
# ISP Maximum Speeds
ENP2S0_MAX_DOWNSTREAM=0
ENP2S0_MAX_UPSTREAM=0
ENP3S0_MAX_DOWNSTREAM=0
ENP3S0_MAX_UPSTREAM=0
PPP0_MAX_DOWNSTREAM=100000000
PPP0_MAX_UPSTREAM=100000000
ENP1S0_MAX_DOWNSTREAM=0
ENP1S0_MAX_UPSTREAM=0
[root@zelbinion clearos]#
-
Accepted Answer
It looks like it may be an SSL issue. There are other SSL sites besides clearOS that I cannot access. Two more examples are www.militarybenefit.org and https://apply.loanpal.com/dashboard -
Accepted Answer
There is no such thing. If you flag the thread "For moderators only", no one can read it, not even the mods.
If you munge you addresses, be consistent. From network.conf, I am just after the EXTIF, LANIF and any HotLAN or DMZ. I don't need anything else. From the ifconfig, you can change your WAN IP if you want, but make sure you change it the same in the iptables listings. LAN IP's are no particular secret as we can do nothing with them. -
Accepted Answer
Can I mark this private before posting? I don't want my config results out there.
Nick Howitt wrote:
What is the result of:
Please expand your screen before running the iptables commands and put the results between "code" tags.ifconfig | grep netm -B 1
iptables -nvL
iptables -nvL -t nat
cat /etc/clearos/network.conf -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »