Share this post:
Accepted Answer
The netstat command should have been:
The problem appears to be the firewall. It is only open to DHCP when ClearOS is trying to get its connection by DHCP. You will need a custom firewall rule as an incoming rule uses your WAN IP and initial packets are broadcast to 255.255.255.255 and not directed to the WAN interface, so, at the command line try:
BTW, you will need to get quite involved with your firewall if you are firewalling ClearOS from your LAN. If you want it to act as your DNS server you'll need to open udp:53 and tcp:53. If you want it as a file server you'll need more for Samba and so on. Normally Standalone with Firewall is meant for a standalone internet facing device.
netstat -pln | egrep '67|68) '
I can pick out what I needed from yours.The problem appears to be the firewall. It is only open to DHCP when ClearOS is trying to get its connection by DHCP. You will need a custom firewall rule as an incoming rule uses your WAN IP and initial packets are broadcast to 255.255.255.255 and not directed to the WAN interface, so, at the command line try:
iptables -I INPUT -p tcp --dport 67 -j ACCEPT
If that works, change the "iptables" to "$IPTABLES" and put it into the custom firewall module.BTW, you will need to get quite involved with your firewall if you are firewalling ClearOS from your LAN. If you want it to act as your DNS server you'll need to open udp:53 and tcp:53. If you want it as a file server you'll need more for Samba and so on. Normally Standalone with Firewall is meant for a standalone internet facing device.
Responses (10)
-
Accepted Answer
Glad it is working now.
The forum is making a mess of my egrep rule. It should start "single quote" then "colon" then "open bracket", but it looks like the "colon" then "open bracket" is being dropped by the forum (a smilie?). This may show better and achieve the same thing:
netstat -pln | egrep '(:67|:68) '
[edit]
Yay! It worked.
[/edit] -
Accepted Answer
-
Accepted Answer
Hello Nick,
the requested outputs
[root@server ~]# systemctl status dnsmasq.service -l
● dnsmasq.service - DNS caching server.
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2018-08-16 22:57:23 EEST; 1 day 10h ago
Main PID: 1016 (dnsmasq)
Tasks: 1
CGroup: /system.slice/dnsmasq.service
└─1016 /usr/sbin/dnsmasq -k
Aug 16 22:57:23 server.darzu.com systemd[1]: Starting DNS caching server....
Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: started, version 2.76 cachesize 5000
Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
Aug 16 22:57:23 server.darzu.com dnsmasq-dhcp[1016]: DHCP, IP range 192.168.13.150 -- 192.168.13.254, lease time 3d
Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: reading /etc/resolv-peerdns.conf
Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: using nameserver 192.168.13.1#53
Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: using nameserver 1.1.1.1#53
Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: using nameserver 8.8.8.8#53
Aug 16 22:57:23 server.darzu.com dnsmasq[1016]: read /etc/hosts - 2 addresses
Aug 16 22:57:23 server.darzu.com dnsmasq-dhcp[1016]: read /etc/ethers - 0 addresses
the next output
[root@server ~]# ps aux | grep dnsm
nobody 1016 0.0 0.0 52704 2388 ? Ss Aug16 0:00 /usr/sbin/dnsmasq -k
root 29970 0.0 0.0 112708 956 pts/0 S+ 09:22 0:00 grep --color=auto dnsm
i need tot modify at the syntax of netstat because it was giving me error i hope didnt modified the scope of the function
[root@server ~]# netstat -pln | egrep '(67|68)'
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1683/mysqld
udp 0 0 0.0.0.0:67 0.0.0.0:* 1016/dnsmasq
unix 2 [ ACC ] STREAM LISTENING 28845 1688/gnome-session- @/tmp/.ICE-unix/1688
unix 2 [ ACC ] STREAM LISTENING 17676 1/systemd /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 17679 1/systemd /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 19705 767/gssproxy /var/lib/gssproxy/default.sock
unix 2 [ ACC ] STREAM LISTENING 26320 1167/gdm @/tmp/dbus-wGte83wG
unix 2 [ ACC ] STREAM LISTENING 17675 1/systemd @ISCSID_UIP_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 26316 1167/gdm @/tmp/dbus-YhU4jnVO
unix 2 [ ACC ] STREAM LISTENING 30276 1683/mysqld /var/lib/mysql/mysql.sock
unix 2 [ ACC ] STREAM LISTENING 26317 1167/gdm @/tmp/dbus-lQ3OxpoE
unix 2 [ ACC ] STREAM LISTENING 33363 2683/dbus-daemon @/tmp/dbus-VjDmAJqTma
unix 2 [ ACC ] STREAM LISTENING 26319 1167/gdm @/tmp/dbus-p43KbqFm
unix 2 [ ACC ] STREAM LISTENING 16851 1/systemd @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 16848 1/systemd /var/run/libvirt/virtlockd-sock
unix 2 [ ACC ] STREAM LISTENING 16852 1/systemd /var/run/libvirt/virtlogd-sock
unix 2 [ ACC ] STREAM LISTENING 28846 1688/gnome-session- /tmp/.ICE-unix/1688
unix 2 [ ACC ] STREAM LISTENING 19706 767/gssproxy /run/gssproxy.sock
[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp2s0f0
DEVICE=enp2s0f0
TYPE="Ethernet"
ONBOOT="yes"
USERCTL="no"
BOOTPROTO="static"
IPADDR="192.168.13.28"
NETMASK="255.255.255.0"
GATEWAY="192.168.13.1"
[root@server ~]# iptables -nvL
Chain INPUT (policy DROP 10098 packets, 1678K bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
61 3501 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP all -- enp2s0f0 * 127.0.0.0/8 0.0.0.0/0
110 17600 DROP all -- enp2s0f0 * 169.254.0.0/16 0.0.0.0/0
1626 163K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
1451 42142 ACCEPT icmp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
2 144 ACCEPT icmp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
50 28800 ACCEPT udp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
560 44434 ACCEPT tcp -- * * 0.0.0.0/0 192.168.13.28 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.13.28 tcp dpt:8081
11761 3822K ACCEPT tcp -- * * 0.0.0.0/0 192.168.13.28 tcp dpt:81
456 39928 ACCEPT udp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
155 393K ACCEPT tcp -- enp2s0f0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1687 166K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
1466 43018 ACCEPT icmp -- * enp2s0f0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * enp2s0f0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * enp2s0f0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
581 162K ACCEPT tcp -- * enp2s0f0 192.168.13.28 0.0.0.0/0 tcp spt:22
0 0 ACCEPT tcp -- * enp2s0f0 192.168.13.28 0.0.0.0/0 tcp spt:8081
11120 8783K ACCEPT tcp -- * enp2s0f0 192.168.13.28 0.0.0.0/0 tcp spt:81
626 53447 ACCEPT all -- * enp2s0f0 0.0.0.0/0 0.0.0.0/0
Chain DROP-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
[root@server ~]#
I hope i had done as you requested!.
Thanks
Ervin -
Accepted Answer
I guess this calls for more intense troubleshooting. I know you're running a desktop on ClearOS, but can I suggest some remote access with PuTTy and WinSCP. With PuTTy (a terminal) you can copy text just by selecting it. Then you can paste it straight into the forum.
Can you check dnsmasq is running with a:
and that it is running as expected:systemctl status dnsmasq.service
You can paste into PuTTy just by right-clicking.ps aux | grep dnsm
netstat -pln | egrep '67|68) '
[edit]
Also, what is the contents of /etc/sysconfig/network-scripts/ifcfg-enp2s0f0?
[/edit]
[edit2]
Please also confirm you are in Standalone Without Firewall mode or give the results of:
But please but the output between code tags.iptables -nvL
[/edit2] -
Accepted Answer
I had switched off the dhcp server on my router again and run wireshark when i tried to get new ip i dont get response from any dhcp server the dhcp request from my pc is there, see the attached picture.
Dhcp request
Ervin -
Accepted Answer
They should not be related. The file you probably edited was /etc/resolv.conf. I suggest you change it back then in the Webconfig, in IP settings set a manual DNS server of 192.168.13.1. If you have to change a file, edit /etc/resolv-peerdns.conf instead but using the Webconfig is preferable.
The use of a GUI in ClearOS is not recommended. Have you tried using kimchi instead. I've never tried it so it is not a recommendation.
I still can't think why DHCP is not working unless the GUI came with its own network management utilities (especially NetworkManager) which are interfering with ClearOS -
Accepted Answer
I like the number 28 past days I had some issue with dns service and I changed in one of the conf file from 127.0.0.1 to 192.168.13.1 and the dns lookup it was ok again, I never used this installation (installed ~ 2 weeks ago) for dhcp server yet, but I had installed 1 week ago a gui because I wanted to test a kvm installation, after this started the issue with the DNS could be related to this?
Thanks
Ervin -
Accepted Answer
I can't do pictures either. I just attach files, but then I can't control where they go in the post.
Your network should work but I would put the DNS servers the other way round. That does not affect DHCP leases.
I assume you've given ClearOS a Static IP? I'd normally give it a low one or high one but it should work with .28 as long as it is fixed. With your router on .1 I'd normally give it .2 or .254 (and adjust the DHCP scope).
If your client PC is Windows, it may detect a new network, in which case it needs to be configured and trusted.
I can't think of any obvious reason why it is not working. You may need to run tcpdump on ports 67 and 68 to sniff what is happening. -
Accepted Answer
Hello Nick,
please see below the requested information's
Network Diagram
[root@server ~]# cat /etc/clearos/network.conf
# Network mode
MODE="standalone"
# Network interface roles
EXTIF="enp2s0f0"
LANIF=""
DMZIF=""
HOTIF=""
# Domain and Internet Hostname
DEFAULT_DOMAIN="darzu.com"
INTERNET_HOSTNAME="server.darzu.com"
# Extra LANS
EXTRALANS=""
# ISP Maximum Speeds
ENP2S0F0_MAX_DOWNSTREAM=100000
ENP2S0F0_MAX_UPSTREAM=100000
and the output for ifconfig
[root@server ~]# ifconfig
enp2s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.13.28 netmask 255.255.255.0 broadcast 192.168.13.255
inet6 2a02:2f08:890d:4700:7210:6fff:feca:57c4 prefixlen 64 scopeid 0x0<global>
inet6 fe80::7210:6fff:feca:57c4 prefixlen 64 scopeid 0x20<link>
ether 70:10:6f:ca:57:c4 txqueuelen 1000 (Ethernet)
RX packets 37874 bytes 28613558 (27.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11134 bytes 4918629 (4.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 31
enp2s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 70:10:6f:ca:57:c5 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 32
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3646 bytes 388164 (379.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3646 bytes 388164 (379.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
p.s. do you know why I cant attach pictures on the forum i tried using the Picture tag from the toolbar but not working with the Dropbox link.
Thanks
Ervin -
Accepted Answer
Is ClearOS in Gateway or Standalone mode?
If you're disabling DHCP in the router but still using it as your gateway, I'd expect ClearOS to be in Standalone mode. If it is replacing your router as the gateway it should be in Gateway mode.
Can you make a diagram or describe your set up (with IP addresses as well)?
Also, what is the contents of /etc/clearos/network.conf and the result of the commandifconfig
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »