Forums

Resolved
0 votes
Hi,

I do not continue on my orignal post : https://www.clearos.com/clearfoundation/social/community/dns-server-on-lan-side-is-not-workingi-am-using-clearos-7-1-final
I had several problem in that post, it started to be confused. so i prefer to separate the things, it should be more clear.

I re-install ClearOS from scratch, today (5 time I install it, each time I am stuck at one step) on my HP 7900 SFF computer.
I have 2 ethernet card, and want to set clearOS as a gateway.

during the install, I have "connected" the ethernet card, using the interface (where you choose the language, keyboard, destination etc...)
after reboot, I follow the link provided on the local hp computer (this redirecting to a simplified version of IP Settings), and have completed my parameter :
ethernet card 1 : WAN, ip provided by dhcp server of my xDSL modem.
ethernet card 2 : LAN, ip is static : 20.20.20.1.
mode = gateway.

after a reboot, and after connecting a computer to the lan ethernet card : I don't have any IP Address provided.
also, now, I don't have internet access, on wan side. dhcp of the xDsl modem provide an IP.
a ping using a text console return : network unreachable.

- should I reinstall it again ? but what could I change in all the step I did ?
- is there a more stable version of clearOS ? (the version 6 ? or ?)
- is there a complete manual explaining step by step how to configure it, since the install, until having internet and dhcp configured ?
(I followed the doc, and have the result listed here)

now, I am lost.
I am desperate.
Thursday, November 12 2015, 02:07 PM
Share this post:

Accepted Answer

Thursday, November 12 2015, 03:37 PM - #Permalink
Resolved
0 votes
If you can get a text console, do "ifconfig". You should see your LAN NIC has an IP address, either 192.168.0.1 or 192.168.1.1. Configure a PC connected to the LAN NIC with a fixed IP address in the same subnet - say 192.168.0.10 or 192.168.1.10. Then you will be able to browse to your webconfig.

>By giving yourself a non-private IP/subnet on your LAN you risk not being able to browse any public website on the same subnet - the block 20.0.0.0/8 is owned by Computer Sciences >Corporation.
ok, but on lan side, I am isolated from public side (wan), no ? so, why it should be an issue to use my own subnet ?
especially when I still not have set the subnet parameter (the ip range for any client computer, the dns server, the mask...) and not having parameter the firewall.
If you want to browse to a website, e.g. example.com and that happens to resolve to an IP address of 20.20.20.2, ClearOS will see that IP address as being on your LAN and will not forward any traffic for it to the internet. This is the point of the private IP address ranges. They will never appear in the public internet.
The reply is currently minimized Show
Responses (10)
  • Accepted Answer

    Friday, November 13 2015, 04:33 PM - #Permalink
    Resolved
    0 votes
    There is an English saying "if it ain't broke don't fix it", so don't try the kmod-e1000e driver unless the NIC still crashes. For the kmod-r8168 and kmod-r8169 you should install them as the issues are otherwise very hard to diagnose.

    192.168.1.x is legitimate but not good if you plan to use OpenVPN. I use 172.17.2.x, but 192.168.4.x would also be fine. Use almost any private subnet apart from 192.168.0.x, 192.168.1.x, 192.168.100.x, 10.8.0.x and 10.8.1.x.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, November 13 2015, 08:13 AM - #Permalink
    Resolved
    0 votes
    Hi,

    >As you have reinstated the RTL8111/8168 card and presumably have the D-Link card installed as well, I seriously suggest you install the kmod-r8168 and kmod-r8169 >drivers again.

    not exactly.
    for the moment, I have the eth card on mother board (intel 82567), used for the LAN. with the IP 10.20.10.1
    I have the eth tplink TG 3468 (chipset r8168/8169) used for the WAN.

    my goal : if there is crash, I disable the eth on mother board, and use the DLG 528 T Dlink.
    if no crash : I touch nothing :o)

    so, ok, I will install the latest r8168/69 kmod today.
    do you suggest that I install also the nex e1000e driver that you have compile again on the 12 November ?


    >You're going to hate me for the next bit.
    no way :o) you and your colleague help me a lot. on different issue or question. you are patient, and you know what you are talking about...
    this could be 50% of the motivation to invest in clearOS pro, when my company will be started (next year)

    >You have chosen a perfectly valid LAN subnet but out of all the valid LAN subnets the two best avoided are 192.168.0.0/24 and 192.168.1.0/24. They are too common >and often get in the way of incoming VPN's (if you ever want to run OpenVPN or others) as the local and remote subnets must be different. Also, at least you have not >used the .1 or .254 addresses, as they are often defaults on routers which you can use as a WAP and other network devices. This can give a clash of IPs which is very >hard to diagnose.

    ok, sounds good. so you confirm that my subnet is ok ? I plan to configure, later, an openVPN. please confirm that I don't have to change the value of my subnet :o)

    thanks
    Olivier
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 12 2015, 05:40 PM - #Permalink
    Resolved
    0 votes
    As you have reinstated the RTL8111/8168 card and presumably have the D-Link card installed as well, I seriously suggest you install the kmod-r8168 and kmod-r8169 drivers again.

    You're going to hate me for the next bit. You have chosen a perfectly valid LAN subnet but out of all the valid LAN subnets the two best avoided are 192.168.0.0/24 and 192.168.1.0/24. They are too common and often get in the way of incoming VPN's (if you ever want to run OpenVPN or others) as the local and remote subnets must be different. Also, at least you have not used the .1 or .254 addresses, as they are often defaults on routers which you can use as a WAP and other network devices. This can give a clash of IPs which is very hard to diagnose.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 12 2015, 04:31 PM - #Permalink
    Resolved
    0 votes
    Hi,

    I accepted your latest answer.

    it unlock me.

    I will close that thread, for the moment, it works
    I have internet, dhcp provide IP, I set the domain, hostname, etc...

    we will see, in few days, if crash still occur or not.
    then, I will create a new thread, in order to not mess this one.

    thanks for all you did.

    Best regards
    Olivier
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 12 2015, 04:02 PM - #Permalink
    Resolved
    0 votes
    ok, my next step is :

    I set, on the router, a static IP for the lan.

    I choose 10.20.10.1 (it should be ok, right ? and it is different of my Untangle router, to be sure there is no mistake on the IP delivered :o)

    I rebooted
    I set a static IP on my mcbook : 10.20.10.2. I connected the cable. and I can enter in the web admin page :o)

    now, I am filling the subnet parameter of the dhcp server.
    is my behavior correct ?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 12 2015, 03:49 PM - #Permalink
    Resolved
    0 votes
    Hi,
    >If you can get a text console, do "ifconfig". You should see your LAN NIC has an IP address, either 192.168.0.1

    ok, here is the screen shot.

    now, because I had random crash with my onboard e100e card, used as WAn, in a previous test, I use the PCI express x1 card (chipset r8168/8169) as wan, e100e as lan.

    here
    enp48s0 is my wan : ip = 192.168.1.9, this is correct.

    enp0s25 is my lan : no IP.
    should I force this lan card with a static IP on the router ?

    sorry, I progress step by step, because when I try to do things like I think it could work, it does not :o)
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 12 2015, 03:37 PM - #Permalink
    Resolved
    0 votes
    ok, I rebooted without the lan cable connected to my computer.
    then, the admin page, on router side, is accessible now :o)

    so here is all the picture I can take, about the parameter possible to set, on router side.

    I didn't set anything here, except the host name of each card. and the bandwidth of wan.
    during install, I didn't set property for each card, except I disabled ipv6 for both.

    you will note that in latest image (I just rebooted the router, after having set the value above) (IMG_0169), my wan card seem to not be recognized anymore)
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 12 2015, 03:17 PM - #Permalink
    Resolved
    0 votes
    sorry.

    I re Installed agin the system. rebooted.

    no I am stuck and cannot do anything in a graphic page (locally, or in browser)

    AND ... TADAAA ! in a text console, I have now internet access, if I do ping to 8.8.8.8, www.google.fr, etc...
    :o)
    but I cannot do anything with it, ad I don't have any interface to do any parameter :o)

    I will try to re install it again :o(

    >By giving yourself a non-private IP/subnet on your LAN you risk not being able to browse any public website on the same subnet - the block 20.0.0.0/8 is owned by Computer Sciences >Corporation.
    ok, but on lan side, I am isolated from public side (wan), no ? so, why it should be an issue to use my own subnet ?
    especially when I still not have set the subnet parameter (the ip range for any client computer, the dns server, the mask...) and not having parameter the firewall.

    so, right now, I have a fresh install, from scratch (format disk etc), no static ip on lan, dhcp on wan. internet on wan.
    no ip provided on lan (normal, I cannot set any parameter)
    no admin page accessible on router, or in browser.
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 12 2015, 03:13 PM - #Permalink
    Resolved
    0 votes
    sorry.

    I re Installed agin the system. rebooted.

    no I am stuck and cannot do anything in a graphic page (locally, or in browser)

    I will try to re install it again :o(

    >By giving yourself a non-private IP/subnet on your LAN you risk not being able to browse any public website on the same subnet - the block 20.0.0.0/8 is owned by Computer Sciences >Corporation.
    ok, but on lan side, I am isolated from public side (wan), no ? so, why it should be an issue to use my own subnet ?
    especially when I still not have set the subnet parameter (the ip range for any client computer, the dns server, the mask...) and not having parameter the firewall.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 12 2015, 02:50 PM - #Permalink
    Resolved
    0 votes
    Can you give a screen shot of the DHCP server configuration for the LAN NIC?

    By giving yourself a non-private IP/subnet on your LAN you risk not being able to browse any public website on the same subnet - the block 20.0.0.0/8 is owned by Computer Sciences Corporation.
    The reply is currently minimized Show
Your Reply