Hi
Running 7.9.1 here with 4 NICS:
enp4s0 - external 1 (multi-WAN)
enp5s0 - external 2 (multi-WAN)
enp6s0 - main LAN
enp7s0 - NEW! -> HotLAN
By definition in ClearOS docs HOT LAN is: "Interfaces designated as HotLAN have NAT applied to them but do not have access to LAN networks. Specify HotLAN for networks that are considered restricted but still need access to the Internet."
'ifcfg-enp7s0':
We also have DHCP enabled for our new HotLAN.
The problem is nothing is working as it should - DHCP doesn't assign IP to HotLAN clients, if we enter IP settings manually on a client we can't ping gateway and obviously clients have no internet.
The 'enp7s0' interface is up.
Output of 'iptables -L -n -v':
All IPtables rules for 'enp7s0' were added by ClearOS. They include few custom rules added in "Incoming Firewall" to allow TCP 1875, UDP 1194 and TCP 81 for some reason.
Running 7.9.1 here with 4 NICS:
enp4s0 - external 1 (multi-WAN)
enp5s0 - external 2 (multi-WAN)
enp6s0 - main LAN
enp7s0 - NEW! -> HotLAN
By definition in ClearOS docs HOT LAN is: "Interfaces designated as HotLAN have NAT applied to them but do not have access to LAN networks. Specify HotLAN for networks that are considered restricted but still need access to the Internet."
'ifcfg-enp7s0':
DEVICE=enp7s0
TYPE="Ethernet"
ONBOOT="yes"
USERCTL="no"
BOOTPROTO="static"
IPADDR="192.168.25.1"
NETMASK="255.255.255.0"
GATEWAY="192.168.25.1"
We also have DHCP enabled for our new HotLAN.
The problem is nothing is working as it should - DHCP doesn't assign IP to HotLAN clients, if we enter IP settings manually on a client we can't ping gateway and obviously clients have no internet.
The 'enp7s0' interface is up.
Output of 'iptables -L -n -v':
Chain INPUT (policy DROP 514 packets, 74315 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set f2b-sshd-ddos src reject-with icmp-port-unreachable
104 4184 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
8 608 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
77 3084 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP all -- enp4s0 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- enp5s0 * 127.0.0.0/8 0.0.0.0/0
17883 4586K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
116K 37M ACCEPT all -- enp6s0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- enp7s0 * 0.0.0.0/0 255.255.255.255 udp spt:68 dpt:67
0 0 ACCEPT tcp -- enp7s0 * 0.0.0.0/0 255.255.255.255 tcp spt:68 dpt:67
677 43858 ACCEPT udp -- enp7s0 * 192.168.25.0/24 192.168.25.1 udp dpt:53
16 832 ACCEPT tcp -- enp7s0 * 192.168.25.0/24 192.168.25.1 tcp dpt:53
0 0 ACCEPT icmp -- enp7s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- enp7s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
12 720 ACCEPT icmp -- enp7s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- enp7s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
132 3828 ACCEPT icmp -- enp4s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- enp4s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
71 2978 ACCEPT icmp -- enp4s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- enp4s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT udp -- enp4s0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- enp4s0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
132 3828 ACCEPT icmp -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT udp -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
8 768 DROP all -- enp7s0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.25.1 tcp dpt:1875
0 0 ACCEPT tcp -- * * 0.0.0.0/0 62.xxx.xxx.6 tcp dpt:1875
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.5 tcp dpt:1875
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.25.1 udp dpt:1194
0 0 ACCEPT udp -- * * 0.0.0.0/0 62.xxx.xxx.6 udp dpt:1194
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.5 udp dpt:1194
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.25.1 tcp dpt:81
10 482 ACCEPT tcp -- * * 0.0.0.0/0 62.xxx.xxx.6 tcp dpt:81
8 402 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.5 tcp dpt:81
0 0 ACCEPT udp -- enp7s0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- enp7s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- enp4s0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- enp4s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
6642 975K ACCEPT udp -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
1042 1657K ACCEPT tcp -- enp5s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
0 0 ACCEPT all -- enp7s0 enp6s0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
336 17472 DROP all -- enp7s0 enp6s0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- enp6s0 enp7s0 0.0.0.0/0 0.0.0.0/0
1190 73385 DROP all -- enp7s0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * enp7s0 0.0.0.0/0 0.0.0.0/0
2348K 2125M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
21350 5272K ACCEPT all -- enp6s0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- enp7s0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 enp5s0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- enp5s0 tun0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
17883 4586K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
104K 116M ACCEPT all -- * enp6s0 0.0.0.0/0 0.0.0.0/0
203 6806 ACCEPT icmp -- * enp4s0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * enp4s0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * enp4s0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
265 26859 ACCEPT icmp -- * enp5s0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * enp5s0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * enp5s0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
705 82746 DROP all -- * enp7s0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * enp7s0 192.168.25.1 0.0.0.0/0 tcp spt:1875
0 0 ACCEPT tcp -- * enp4s0 62.xxx.xxx.6 0.0.0.0/0 tcp spt:1875
0 0 ACCEPT tcp -- * enp5s0 192.168.1.5 0.0.0.0/0 tcp spt:1875
0 0 ACCEPT udp -- * enp7s0 192.168.25.1 0.0.0.0/0 udp spt:1194
0 0 ACCEPT udp -- * enp4s0 62.xxx.xxx.6 0.0.0.0/0 udp spt:1194
0 0 ACCEPT udp -- * enp5s0 192.168.1.5 0.0.0.0/0 udp spt:1194
0 0 ACCEPT tcp -- * enp7s0 192.168.25.1 0.0.0.0/0 tcp spt:81
7 348 ACCEPT tcp -- * enp4s0 62.xxx.xxx.6 0.0.0.0/0 tcp spt:81
6 304 ACCEPT tcp -- * enp5s0 192.168.1.5 0.0.0.0/0 tcp spt:81
0 0 ACCEPT all -- * enp7s0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * enp4s0 0.0.0.0/0 0.0.0.0/0
7706 693K ACCEPT all -- * enp5s0 0.0.0.0/0 0.0.0.0/0
Chain DROP-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
All IPtables rules for 'enp7s0' were added by ClearOS. They include few custom rules added in "Incoming Firewall" to allow TCP 1875, UDP 1194 and TCP 81 for some reason.
In Firewall
Share this post:
Responses (16)
-
Accepted Answer
HotLAN does not have access to the server either which is why pings don't work. Can the HotLAN clients access the internet and are they getting successfully getting an IP address by DHCP?
What is the contents of /etc/clearos/network.conf and /etc/dnsmasq.d/dhcp.conf? Also what is the output to:
ifconfig | grep '^\S' -A 1 -
Accepted Answer
Hi Nick,
HotLAN does not have access to the server either which is why pings don't work.
We have non-functional DHCP on our HotLAN (IP settings are not assigned to clients connected to HotLAN) and we can't ping the HotLAN's gateway from the client set using manual IP settings. Basically, HotLAN is not working at all - if we have a HotLAN client connected via ethernet to enp7s0 NIC, pings to '192.168.25.1' should go through and they don't.
ifconfig | grep '^\S' -A 1
Output:
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 62.xxx.xxx.6 netmask 255.255.255.252 broadcast 62.xxx.xxx.7
--
enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255
--
enp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
--
enp7s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.25.1 netmask 255.255.255.0 broadcast 192.168.25.255
--
ifb0: flags=195<UP,BROADCAST,RUNNING,NOARP> mtu 1500
inet6 fe80::c24:4bff:fed3:a0c4 prefixlen 64 scopeid 0x20<link>
--
ifb1: flags=195<UP,BROADCAST,RUNNING,NOARP> mtu 1500
inet6 fe80::6812:44ff:feda:a64 prefixlen 64 scopeid 0x20<link>
--
ifb2: flags=195<UP,BROADCAST,RUNNING,NOARP> mtu 1500
inet6 fe80::802b:91ff:fe90:5187 prefixlen 64 scopeid 0x20<link>
--
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
--
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.10.1 netmask 255.255.255.255 destination 10.8.10.2
--
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
'enp4s0' - external 1 (multi-WAN)
'enp5s0' - external 2 (multi-WAN)
'enp6s0' is our LAN.
'enp7s0' is our HotLAN's NIC. -
Accepted Answer
contents of '/etc/clearos/network.conf'
# Network mode
MODE="gateway"
# Network interface roles
EXTIF="enp4s0 enp5s0"
LANIF="enp6s0"
DMZIF=""
HOTIF="enp7s0"
# Domain and Internet Hostname
DEFAULT_DOMAIN="cc.lan"
INTERNET_HOSTNAME="system.cc.lan"
# Extra LANS
EXTRALANS=""
# ISP Maximum Speeds
ENP6S0_MAX_DOWNSTREAM=0
ENP6S0_MAX_UPSTREAM=0
ENP7S0_MAX_DOWNSTREAM=14870
ENP7S0_MAX_UPSTREAM=1100
ENP4S0_MAX_DOWNSTREAM=99999
ENP4S0_MAX_UPSTREAM=99999
ENP5S0_MAX_DOWNSTREAM=99999
ENP5S0_MAX_UPSTREAM=99999
contents of '/etc/dnsmasq.d/dhcp.conf'
# This file is managed by the API. Please add custom options in dnsmasq.conf.
dhcp-option=enp6s0,1,255.255.255.0
dhcp-option=enp6s0,28,192.168.2.255
dhcp-option=enp6s0,3,192.168.2.1
dhcp-option=enp6s0,42,192.168.2.1
dhcp-option=enp6s0,44,192.168.2.1
dhcp-option=enp6s0,46,8
dhcp-option=enp6s0,6,192.168.2.1,192.168.2.2
dhcp-option=enp7s0,1,255.255.255.0
dhcp-option=enp7s0,28,192.168.25.255
dhcp-option=enp7s0,3,192.168.25.1
dhcp-option=enp7s0,6,192.168.25.1
dhcp-range=enp6s0,192.168.2.10,192.168.2.248,96h
dhcp-range=enp7s0,192.168.25.100,192.168.25.254,12h -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Please remove the line.
Done.
'ifcfg-enp7s0' is now:
DEVICE=enp7s0
TYPE="Ethernet"
ONBOOT="yes"
USERCTL="no"
BOOTPROTO="static"
IPADDR="192.168.25.1"
NETMASK="255.255.255.0"
I have also amended '/etc/clearos/network.conf' and for enp7s0 put zeros. Then run: 'systemctl restart network.service'.
Still no functional DHCP server for HotLAN and can't ping 192.168.25.1 from a client connected via ethernet to the enp7s0 NIC.
Manual IP config of the Win 10 client used for testing:
IP Address: 192.168.25.3
Subnet mask: 255.255.255.0
Gateway: 192.168.25.1
DNS: 192.168.25.1
Still can't ping 192.168.25.1 and no internet even if I use 8.8.8.8 as DNS. -
Accepted Answer
As it looks like there were some config files affected by the same NIC previously being set as 'external' we deleted it in 'IP Settings' and re-created the HotLAN with the same config.
Still DHCP server is not working for HotLAN, can't ping 192.168.25.1 from the client with manual IP settings and internet is not working on the HotLAN client. -
Accepted Answer
This is puzzling. On the PC, when IP Settings are by DHCP/automatic, is the PC getting any IP address (except one beginning 169.x.y.z)?
From ClearOS, can you do:
Note it is an upper case "i" and not a lower case "L". You should not get any response. Ctl+c to stop.arping -I enp7s0 192.168.25.1
What is the output of:lspci -k | grep Eth -A3
What is your HotLAN network set up while testing? Can you try with a PC directly connected to enp7s0? -
Accepted Answer
This is puzzling. On the PC, when IP Settings are by DHCP/automatic, is the PC getting any IP address (except one beginning 169.x.y.z)?
It's getting '169. 254.27.239', subnet mask '255.255.0.0', no gateway, no DNS.
arping -I enp7s0 192.168.25.1
no response when run on ClearOS.
ARPING 192.168.25.1 from 192.168.25.1 enp7s0
Sent 95 probes (95 broadcast(s))
Received 0 response(s)
Output of:
lspci -k | grep Eth -A3
04:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03)
Subsystem: ASRock Incorporation Device 1533
Kernel driver in use: igb
Kernel modules: igb
05:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03)
Subsystem: ASRock Incorporation Device 1533
Kernel driver in use: igb
Kernel modules: igb
06:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03)
Subsystem: ASRock Incorporation Device 1533
Kernel driver in use: igb
Kernel modules: igb
07:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03)
Subsystem: ASRock Incorporation Device 1533
Kernel driver in use: igb
Kernel modules: igb
What is your HotLAN network set up while testing? Can you try with a PC directly connected to enp7s0?
We eliminated all routers yesterday. Since yesterday all tests are made with one PC connected directly to 'enp7s0' via cat6 ethernet cable. We also tried different cables. -
Accepted Answer
First I need to correct something I said. ClearOS should respond to pings on a HotLAN interface. There are specific rules for that.
It seems strange that, even with a direct connection, you are not getting DHCP. Is there anything in /etc/dnsmasq.conf or any file in /etc/dnsmasq.d/ which mentions the work interface and may stop dnsmasq binding to enp7s0?
Can you set up a packet dump on the interface. You may need to install tcpdump, ("yum install tcpdump"). Then:
Then try to get a lease (connect a PC).tcpdump -nni enp7s0 portrange 67-68 -
Accepted Answer
Output of '/etc/dnsmasq.conf':
bogus-priv
cache-size=5000
conf-dir=/etc/dnsmasq.d
dhcp-authoritative
dhcp-lease-max=1000
domain-needed
domain=cc.lan
expand-hosts
no-negcache
resolv-file=/etc/resolv-peerdns.conf
strict-order
user=nobody
read-ethers
log-facility=/var/log/dnsmasq
In '/etc/dnsmasq.d' folder we have 2 files:
- 'app-adamone.conf' which is empty
- 'dhcp.conf' which contains:
# This file is managed by the API. Please add custom options in dnsmasq.conf.
dhcp-option=enp6s0,1,255.255.255.0
dhcp-option=enp6s0,28,192.168.2.255
dhcp-option=enp6s0,3,192.168.2.1
dhcp-option=enp6s0,42,192.168.2.1
dhcp-option=enp6s0,44,192.168.2.1
dhcp-option=enp6s0,46,8
dhcp-option=enp6s0,6,192.168.2.1,192.168.2.2
dhcp-option=enp7s0,1,255.255.255.0
dhcp-option=enp7s0,28,192.168.25.255
dhcp-option=enp7s0,3,192.168.25.1
dhcp-option=enp7s0,6,192.168.25.1
dhcp-range=enp6s0,192.168.2.10,192.168.2.248,96h
dhcp-range=enp7s0,192.168.25.100,192.168.25.254,12h
Output of 'tcpdump -nni enp7s0 portrange 67-68' when client PC unsuccessfully tried to obtain a lease from DHCP:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp7s0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:22:51.588666 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:xx:09:a1:9d, length 300
16:22:55.124773 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:xx:09:a1:9d, length 300
16:23:00.136082 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:xx:09:a1:9d, length 300
16:23:08.883978 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:xx:09:a1:9d, length 300
16:23:25.839126 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:xx:09:a1:9d, length 300
16:23:58.210216 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:xx:09:a1:9d, length 300
16:24:03.047948 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:xx:09:a1:9d, length 300
16:24:10.554854 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:xx:09:a1:9d, length 300
16:24:26.462497 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:xx:09:a1:9d, length 300
^C
9 packets captured
9 packets received by filter
0 packets dropped by kernel
'var/log/messages' filtered by 'enp7s0' contains plenty of:
Line 9009: Jul 14 15:17:53 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Line 9009: Jul 14 15:17:53 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Line 9010: Jul 14 15:18:46 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Down
Line 9010: Jul 14 15:18:46 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Down
Line 9015: Jul 14 15:19:30 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Line 9015: Jul 14 15:19:30 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Line 9020: Jul 14 15:35:47 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Down
Line 9020: Jul 14 15:35:47 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Down
Line 9023: Jul 14 15:38:46 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Line 9023: Jul 14 15:38:46 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Line 9056: Jul 14 16:13:55 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Down
Line 9056: Jul 14 16:13:55 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Down
Line 9057: Jul 14 16:14:24 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Line 9057: Jul 14 16:14:24 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Line 9064: Jul 14 16:22:47 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Down
Line 9064: Jul 14 16:22:47 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Down
Line 9065: Jul 14 16:22:51 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Line 9065: Jul 14 16:22:51 system kernel: igb 0000:07:00.0 enp7s0: igb: enp7s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX -
Accepted Answer
-
Accepted Answer
So you have Gateway Management installed, but not running? Can you try starting and stopping it? Or just reboot the server.
We uninstalled it as it wasn't used.
Is enp7s0 mentioned in /etc/clearos/multiwan.conf? If so, please remove it.
It was - we removed all entries mentioning enp7s0.
I don't like the message log either. Perhaps a full restart is in order.
Full restarted helped - DHCP and internet are working on our new HotLAN
We can ping 192.168.25.1 (HotLAN gateway). We can also ping 192.168.2.1 (main LAN gateway) which is a bit strange. Our local domain is not visible from a client connected to HotLAN though. -
Accepted Answer
Yay!
tomas wrote:
From the firewall, ICMP messages are allowed in from enp7s0 to anywhere on the server so that includes the other NIC. Perhaps it could be tightened up just to the one NIC IP address but it is not particularly important.
We can ping 192.168.25.1 (HotLAN gateway). We can also ping 192.168.2.1 (main LAN gateway) which is a bit strange. Our local domain is not visible from a client connected to HotLAN though.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »