Forums

Resolved
1 votes
First of all, thank you for a free community edition with which one can tinker.
I understand that it is the testing ground for future stable (paid) releases.

I am trying to get to a 'working proof of concept' stage so that I may suggest the
adoption of ClearOS as the 'server of choice' for our away offices.

I started testing with version 6 (Community) and was quite OK, and then 7 came out.

Ever singe installing 7 (and fully upgrading or updating), it seems as if not one of three
or four test rigs can actually make it through a day without at least one restart, sometimes
more than one.

Version ClearOS release 7.3.0 (Final)
Kernel Version 3.10.0-514.21.2.v7.x86_64
CPU Model Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Memory Size 4.84 GB
Uptime 0 Days 0.6 Hours
Load 0.05 0.16 0.24


Gateway mode (complete with all sorts of protections and transparant proxy)
with Flexshare is the primary objective.
Dynamic DNS - thank you for the service.
Remote access and port forwarding needed.
PPTP works (sort of)


Uptime in the 6.x versions was weeks .... in 7.x it is seldom more than a day before requiring
a restart.

FYI - internet instability is a factor, that is part of the reason for choosing ClearOS,I need/use
multiple WAN feeds with load balancing and failover. Will internet instability actually bring ClearOS down ?
What about File Sharing that does not depend on internet connection (I find it extremely unstable)

There are so many logs, and possibilities, I don't know where to start.

I have two questions :

1. Is it any-one else's experience that 7.x is particularly hangy ?
2. Where do I start looking through the logs to narrow things down ?


I thank you kindly for your comments.
Sunday, July 09 2017, 10:53 AM

Location [ View Larger Map ]

http://maps.googleapis.com/maps/api/staticmap?center=-25.6099895,27.79597130000002&language=en&maptype=roadmap&zoom=5&size=450x300&sensor=true&markers=color:red|label:S|-25.6099895,27.79597130000002
Share this post:
Responses (13)
  • Accepted Answer

    Monday, July 17 2017, 07:38 PM - #Permalink
    Resolved
    0 votes
    I guess that is pretty much normal. If those ports aren't open, there is no point in monitoring activity on them with IDS/IPS. The internet is a pretty hostile place. There are bots out there constantly probing port 22 (ssh) looking for password weaknesses, lots of probes to apache for old vulnerabilities and so on. On ADSL/dynamic IP's you may also get traffic destined for the previous user of that IP, especially p2p file sharing.

    It is hard for an ISP to block it all. 1433 and 3306 could be valid if you run an SQL server which is open to external access and so on.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, July 17 2017, 07:15 PM - #Permalink
    Resolved
    0 votes
    My concern is : If these are the logs of the ADSL router .....
    It claims to have blocked these attempts at 'intrusion'
    (There are hundreds of these)

    These are the ones that got blocked. Can any form of attack actually get through and mess with clearos settings or workings ?

    I am surprised at the ISP who does nothing to this.
    Downstream from clearos, everything should be fine , but the WAN port is under constant attack.

    Your take on this ?



    Jul 17 19:26:53 kern alert kernel: Intrusion -> IN=ppp1.1 OUT= MAC= SRC=58.213.66.130 DST=My WAN LEN=40 TOS=0x10 PREC=0x00 TTL=236 ID=20146 PROTO=TCP SPT=35152 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
    Jul 17 19:29:08 kern alert kernel: Intrusion -> IN=ppp1.1 OUT= MAC= SRC=113.96.132.212 DST=My WAN LEN=40 TOS=0x10 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=48509 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000
    Jul 17 19:29:20 kern alert kernel: Intrusion -> IN=ppp1.1 OUT= MAC= SRC=144.138.107.69 DST=My WAN LEN=52 TOS=0x10 PREC=0x00 TTL=99 ID=17594 DF PROTO=TCP SPT=55809 DPT=61402 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000
    Jul 17 19:29:23 kern alert kernel: Intrusion -> IN=ppp1.1 OUT= MAC= SRC=144.138.107.69 DST=My WAN LEN=52 TOS=0x10 PREC=0x00 TTL=99 ID=17595 DF PROTO=TCP SPT=55809 DPT=61402 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000
    Jul 17 19:29:29 kern alert kernel: Intrusion -> IN=ppp1.1 OUT= MAC= SRC=144.138.107.69 DST=My WAN LEN=48 TOS=0x10 PREC=0x00 TTL=99 ID=17596 DF PROTO=TCP SPT=55809 DPT=61402 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x8000000
    Jul 17 19:37:23 kern alert kernel: Intrusion -> IN=ppp1.1 OUT= MAC= SRC=220.233.248.163 DST=My WAN LEN=40 TOS=0x14 PREC=0x00 TTL=237 ID=23472 PROTO=TCP SPT=49357 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
    Jul 17 19:48:08 kern alert kernel: Intrusion -> IN=ppp1.1 OUT= MAC= SRC=89.39.107.111 DST=My WAN LEN=40 TOS=0x10 PREC=0x00 TTL=246 ID=4504 PROTO=TCP SPT=50937 DPT=5038 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
    The reply is currently minimized Show
  • Accepted Answer

    Monday, July 17 2017, 06:52 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    I am not aware of any issues with the Intel NIC but there are with the RTL8111/8168. It needs the r8168 driver to operate properly. It works somewhat with the r8169 driver but can give all sorts of issues such as slowdowns and Ethernet lockups and other more exotic issues. Please can you download and install both the kmod-r8168 and kmod-r-8169 drivers from here then reboot the server. lspci should then show the r8168 driver in use and not the r8169 driver.

    Note also, to post data like you have, it is generally easier to use PuTTy from a remote Windows box. Selecting text automatically copies it to the clipboard. Right clicking into PuTTy pastes as well. If you use Linux on you LAN you can do something similar from an ssh session. Also, if on Windows, use WinSCP for remote file management and test editing.



    Thank you.

    I will try new drivers.

    The machines were isolated, that picture post was quickest and easiest for me to do.
    I've been too busy to give this my full attention.
    PS. I have often seen that DHCP is the first functionality to fail, before there is a reboot needed.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 13 2017, 08:52 AM - #Permalink
    Resolved
    0 votes
    I am not aware of any issues with the Intel NIC but there are with the RTL8111/8168. It needs the r8168 driver to operate properly. It works somewhat with the r8169 driver but can give all sorts of issues such as slowdowns and Ethernet lockups and other more exotic issues. Please can you download and install both the kmod-r8168 and kmod-r-8169 drivers from here then reboot the server. lspci should then show the r8168 driver in use and not the r8169 driver.

    Note also, to post data like you have, it is generally easier to use PuTTy from a remote Windows box. Selecting text automatically copies it to the clipboard. Right clicking into PuTTy pastes as well. If you use Linux on you LAN you can do something similar from an ssh session. Also, if on Windows, use WinSCP for remote file management and test editing.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 13 2017, 08:30 AM - #Permalink
    Resolved
    0 votes
    [/quote]Please do the "lspci -k | grep Eth -A 3" and post back.[/quote]
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 13 2017, 08:15 AM - #Permalink
    Resolved
    0 votes
    Mark Turner wrote:

    I also tried multi-wan and gave up as it caused problems, now have faster Broadband.

    Usually machine hangs are caused by overheating, or faulty RAM or PSU in my experience.


    Thank you, the machine was BURN-TESTED for a week, successfully so, before this post.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 11 2017, 06:35 PM - #Permalink
    Resolved
    0 votes
    Tobias J Viljoen wrote:

    Nick Howitt wrote:

    I think you can cache Windows updated but you'll have to read up about it.

    What is failing and causing you to reboot?


    I have been unable to establish what causes the hang, the machine is simply frozen.

    I am re-installing from scratch as we speak ....
    Please do the "lspci -k | grep Eth -A 3" and post back.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 11 2017, 05:52 PM - #Permalink
    Resolved
    0 votes
    I also tried multi-wan and gave up as it caused problems, now have faster Broadband.

    Usually machine hangs are caused by overheating, or faulty RAM or PSU in my experience.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 11 2017, 05:22 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    I think you can cache Windows updated but you'll have to read up about it.

    What is failing and causing you to reboot?


    I have been unable to establish what causes the hang, the machine is simply frozen.

    I am re-installing from scratch as we speak ....
    The reply is currently minimized Show
  • Accepted Answer

    Monday, July 10 2017, 07:10 PM - #Permalink
    Resolved
    0 votes
    I think you can cache Windows updated but you'll have to read up about it.

    What is failing and causing you to reboot?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, July 10 2017, 12:55 PM - #Permalink
    Resolved
    0 votes
    Thank you guys. I will investigate.

    Samba should not be restarting during a multiwan event unless you are somehow using your multiwan interfaces as part of your config, which should not be the case.

    It is not the case.

    My suggestion, don't use active/active or balanced mode but rather, set your most unstable internet connection as the backup. That way, if it is flappy, it will not restart the firewall when it goes up and down, only when the primary does.

    Will do.

    On all your servers, can you please do an "lspci -k | grep Eth -A 3" If it comes back showing the RTL8111/8168 devices and you're using the r8169 driver please post back as you need a driver change.

    Will check.


    You can also use the command "top" to check for excessive memory and CPU usage.

    I often see high swap memory usage warning.

    With respect to the proxy, with the modern day tendency to go to https, I am not sure the transparent proxy does much.

    It does not seem as if it does, I was hoping for my remote low bandwidth site, that updates for Windows were cached, but no.

    I will study logs to see if I get any wiser.
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Monday, July 10 2017, 04:15 AM - #Permalink
    Resolved
    0 votes
    Sorry you are having trouble. It is not normal for the system to be that unstable, even with community...

    Will internet instability actually bring ClearOS down ?
    What about File Sharing that does not depend on internet connection (I find it extremely unstable)


    Internet instability can be a factor but the scope should only be limited to the firewall stack. For this, the /var/log/syswatch file will give you the detail of how the multiwan is working. You will notice that when there is internet instability, the firewall gets restarted and the routing tables are rebuilt.

    My suggestion, don't use active/active or balanced mode but rather, set your most unstable internet connection as the backup. That way, if it is flappy, it will not restart the firewall when it goes up and down, only when the primary does.

    Samba should not be restarting during a multiwan event unless you are somehow using your multiwan interfaces as part of your config, which should not be the case.
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, July 09 2017, 06:32 PM - #Permalink
    Resolved
    0 votes
    I am disappointed by your experiences. I upgraded to 7.x community last summer and have had few issues with it and most of them are of my own making. Having said that I upgraded to Business last December. Business only follows community by a few weeks.

    You are running apps which I don't use - MultiWAN and proxy and I hardly touch flexshares although I use Samba a lot. I don't port forward as all my services requiring external access run on the server. I use OpenVPN and IPsec VPN instead of PPTP.

    Logs for troubleshooting are all in /var/log. There is messages for all sorts of things, also has firewall and update stuff, syswatch has WAN/MultiWAN. I can't remember where the proxy files are.

    With respect to the proxy, with the modern day tendency to go to https, I am not sure the transparent proxy does much.

    On all your servers, can you please do an "lspci -k | grep Eth -A 3" If it comes back showing the RTL8111/8168 devices and you're using the r8169 driver please post back as you need a driver change.

    [edit]
    You can also use the command "top" to check for excessive memory and CPU usage.
    [/edit]
    Like
    1
    The reply is currently minimized Show
Your Reply