Forums

Resolved
0 votes
Hi Forum Members,

Recently I installed ClearOS Community 7 Edition. Enabled gateway with Multi-wan Option Two Links External and One for Lan with DHCP Enabled.

The Problem I'm facing is within the network everything will be working accessing each different PC's and the internet. suddenly in my windows pc shows that there is no internet. and also I'll not be able to access gateway with local IP address or the internet. Or any of the local PC's will not be able to ping each other. don't understand what is the problem. If I restart the gateway again everything start working fine. Even I increased the DHCP Lease time to 6 days. Still facing the same issue.

I would be happy to get a solution for this problem.
Wednesday, November 06 2019, 09:11 AM
Share this post:
Responses (21)
  • Accepted Answer

    Wednesday, November 06 2019, 11:22 AM - #Permalink
    Resolved
    1 votes
    The problem may be the RTL8111/8168/8411 NIC where the built in driver (r8169) is not the best. Can you do a:
    yum install kmod-r816*
    This will give you the r8168 driver and update the r8169 driver to be no longer compatible with the NIC. Then restart the server.

    Using the r8169 driver on that NIC has been seen to give all sorts of problems from slowdowns, and DNS failures to totally obscure things, yet for some people it works OK. The r8168 driver is much better. I use it as do many others.

    Can I ask how fast your PPPoE link is from your ISP? You probably don't have a fast one as you only have a 10/100 NIC, but there is a great tweak you can do if you have a very fast link (> 200Mbps). We hope to be able to roll out the fix soon to make it available to everyone.
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 06 2019, 09:58 AM - #Permalink
    Resolved
    0 votes
    What is the output to:
    lspci -k | grep Eth -A 3
    ifconfig
    grep IF /etc/clearos/network.conf
    When the LAN devices lose connectivity, can you still access the internet from the ClearOS console (alt+f2 from the login prompt)
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 06 2019, 10:20 AM - #Permalink
    Resolved
    0 votes
    Hi,

    Yes I'll be able to access the internet from the ClearOS Console, when the LAN Devices lose connectivity.

    Just Some time back I restarted the Gateway and again started getting NET to LAN.

    You want to use the given command and post the OutPut.

    Regards
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 06 2019, 10:33 AM - #Permalink
    Resolved
    0 votes
    Yes I'll be able to access internet from ClearOS Console, when the LAN Devices lose connectivity.

    > lspci -k | grep Eth -A 3:

    02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01)
    Subsystem: Intel Corporation Device d606
    Kernel driver in use: r8169
    Kernel modules: r8169
    05:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too
    05:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too

    >ifconfig:
    enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::21c:c0ff:fe69:d73d prefixlen 64 scopeid 0x20<link>
    ether 00:1c:c0:69:d7:3d txqueuelen 1000 (Ethernet)
    RX packets 133400 bytes 161029780 (153.5 MiB)
    RX errors 0 dropped 5 overruns 0 frame 0
    TX packets 101068 bytes 13974815 (13.3 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    enp5s4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 122.166.104.238 netmask 255.255.255.0 broadcast 122.166.104.255
    inet6 fe80::280:48ff:fe6b:d573 prefixlen 64 scopeid 0x20<link>
    ether 00:80:48:6b:d5:73 txqueuelen 1000 (Ethernet)
    RX packets 55098 bytes 49333377 (47.0 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 24348 bytes 4887377 (4.6 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    enp5s5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.11.8 netmask 255.255.255.0 broadcast 192.168.11.255
    inet6 fe80::280:48ff:fe6b:d6e5 prefixlen 64 scopeid 0x20<link>
    ether 00:80:48:6b:d6:e5 txqueuelen 1000 (Ethernet)
    RX packets 166604 bytes 28358755 (27.0 MiB)
    RX errors 6 dropped 20 overruns 0 frame 0
    TX packets 210794 bytes 209937713 (200.2 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 1000 (Local Loopback)
    RX packets 4694 bytes 601206 (587.1 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 4694 bytes 601206 (587.1 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1454
    inet 106.51.132.91 netmask 255.255.255.255 destination 106.51.128.1
    ppp txqueuelen 3 (Point-to-Point Protocol)
    RX packets 130862 bytes 155938835 (148.7 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 100942 bytes 11749833 (11.2 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
    inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
    inet6 fe80::a12b:108b:7882:562a prefixlen 64 scopeid 0x20<link>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 3 bytes 144 (144.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
    inet 10.8.10.1 netmask 255.255.255.255 destination 10.8.10.2
    inet6 fe80::9ce4:5623:b619:7e0d prefixlen 64 scopeid 0x20<link>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 3 bytes 144 (144.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    >grep IF /etc/clearos/network.conf:
    EXTIF="enp5s4 ppp0"
    LANIF="enp5s5"
    DMZIF=""
    HOTIF=""
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 06 2019, 10:38 AM - #Permalink
    Resolved
    0 votes
    Well, you have not necessarily fixed the problem, so it may be worth checking.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 06 2019, 10:42 AM - #Permalink
    Resolved
    0 votes
    Yes I'll be able to access internet from ClearOS Console, when the LAN Devices lose connectivity.

    > lspci -k | grep Eth -A 3:

    02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01)
    Subsystem: Intel Corporation Device d606
    Kernel driver in use: r8169
    Kernel modules: r8169
    05:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too
    05:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too

    >ifconfig:
    enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::21c:c0ff:fe69:d73d prefixlen 64 scopeid 0x20<link>
    ether 00:1c:c0:69:d7:3d txqueuelen 1000 (Ethernet)
    RX packets 133400 bytes 161029780 (153.5 MiB)
    RX errors 0 dropped 5 overruns 0 frame 0
    TX packets 101068 bytes 13974815 (13.3 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    enp5s4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 122.166.104.238 netmask 255.255.255.0 broadcast 122.166.104.255
    inet6 fe80::280:48ff:fe6b:d573 prefixlen 64 scopeid 0x20<link>
    ether 00:80:48:6b:d5:73 txqueuelen 1000 (Ethernet)
    RX packets 55098 bytes 49333377 (47.0 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 24348 bytes 4887377 (4.6 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    enp5s5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.11.8 netmask 255.255.255.0 broadcast 192.168.11.255
    inet6 fe80::280:48ff:fe6b:d6e5 prefixlen 64 scopeid 0x20<link>
    ether 00:80:48:6b:d6:e5 txqueuelen 1000 (Ethernet)
    RX packets 166604 bytes 28358755 (27.0 MiB)
    RX errors 6 dropped 20 overruns 0 frame 0
    TX packets 210794 bytes 209937713 (200.2 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 1000 (Local Loopback)
    RX packets 4694 bytes 601206 (587.1 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 4694 bytes 601206 (587.1 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1454
    inet 106.51.132.91 netmask 255.255.255.255 destination 106.51.128.1
    ppp txqueuelen 3 (Point-to-Point Protocol)
    RX packets 130862 bytes 155938835 (148.7 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 100942 bytes 11749833 (11.2 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
    inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
    inet6 fe80::a12b:108b:7882:562a prefixlen 64 scopeid 0x20<link>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 3 bytes 144 (144.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
    inet 10.8.10.1 netmask 255.255.255.255 destination 10.8.10.2
    inet6 fe80::9ce4:5623:b619:7e0d prefixlen 64 scopeid 0x20<link>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 3 bytes 144 (144.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    >grep IF /etc/clearos/network.conf:
    EXTIF="enp5s4 ppp0"
    LANIF="enp5s5"
    DMZIF=""
    HOTIF=""
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 06 2019, 10:52 AM - #Permalink
    Resolved
    0 votes
    # lspci -k | grep Eth -A 3
    02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controll er (rev 01)
    Subsystem: Intel Corporation Device d606
    Kernel driver in use: r8169
    Kernel modules: r8169
    05:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too
    05:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too
    [root@blrzkngateway ~]# ifconfig
    enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::21c:c0ff:fe69:d73d prefixlen 64 scopeid 0x20<link>
    ether 00:1c:c0:69:d7:3d txqueuelen 1000 (Ethernet)
    RX packets 506622 bytes 654053379 (623.7 MiB)
    RX errors 0 dropped 5 overruns 0 frame 0
    TX packets 327147 bytes 36105239 (34.4 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    enp5s4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 122.166.104.238 netmask 255.255.255.0 broadcast 122.166.104.255
    inet6 fe80::280:48ff:fe6b:d573 prefixlen 64 scopeid 0x20<link>
    ether 00:80:48:6b:d5:73 txqueuelen 1000 (Ethernet)
    RX packets 125271 bytes 130781044 (124.7 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 49055 bytes 9082078 (8.6 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    enp5s5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.11.8 netmask 255.255.255.0 broadcast 192.168.11.255
    inet6 fe80::280:48ff:fe6b:d6e5 prefixlen 64 scopeid 0x20<link>
    ether 00:80:48:6b:d6:e5 txqueuelen 1000 (Ethernet)
    RX packets 420325 bytes 56708848 (54.0 MiB)
    RX errors 15 dropped 2384 overruns 0 frame 8
    TX packets 655525 bytes 781768152 (745.5 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 1000 (Local Loopback)
    RX packets 15013 bytes 20217722 (19.2 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 15013 bytes 20217722 (19.2 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1454
    inet 106.51.132.91 netmask 255.255.255.255 destination 106.51.128.1
    ppp txqueuelen 3 (Point-to-Point Protocol)
    RX packets 502870 bytes 639906575 (610.2 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 326958 bytes 28907359 (27.5 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
    inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
    inet6 fe80::a12b:108b:7882:562a prefixlen 64 scopeid 0x20<link>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 3 bytes 144 (144.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
    inet 10.8.10.1 netmask 255.255.255.255 destination 10.8.10.2
    inet6 fe80::9ce4:5623:b619:7e0d prefixlen 64 scopeid 0x20<link>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 3 bytes 144 (144.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    [root@blrzkngateway ~]# grep IF /etc/clearos/network.conf
    EXTIF="enp5s4 ppp0"
    LANIF="enp5s5"
    DMZIF=""
    HOTIF=""

    The above one is when again I lost LAN connectivity
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 07 2019, 05:14 AM - #Permalink
    Resolved
    0 votes
    Hi,

    Thanks, I'll work on that and let you know if any problems. Or Maybe I'll try on New PC with Fresh Installation.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 07 2019, 09:09 AM - #Permalink
    Resolved
    0 votes
    Hi,

    I've not yet tried installing the driver. But one thing I have observed is, after stopping Openvpn yesterday evening and rebooting till today local LAN connectivity is working fine. Is there anything to do with openvpn. In your earlier comment you'd asked, "Can I ask how fast your PPPoE link is from your ISP? You probably don't have a fast one as you only have a 10/100 NIC, but there is a great tweak you can do if you have a very fast link (> 200Mbps). We hope to be able to roll out the fix soon to make it available to everyone."

    Actually I'm not able to start openvpn client with downloaded certificates. it's giving an error stating that "OpenVPNClient start gateway_zaikenn_com_p3938: process started and then immediately exited: [". Whereas I was able to connect through windows vpn(I think it's using PPTP).

    Right now I have stopped OpenVPN Service. But This i need to get working out.

    Regards
    Vasant
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 07 2019, 09:29 AM - #Permalink
    Resolved
    1 votes
    Why have you stopped the OpenVPN service? It should make no difference if it is the client giving errors. Is the service configured with Automatic Configuration Enabled. Have you opened the incoming OpenVPN service in the firewall (you don't need the OpenVPN TCP service)

    Which OS ore you using OpenVPN on? Did you download four files, the .ovpn file, the CA certificate, User Certificate and User Key and have you used them all? What does the client connection log say and also /var/log/messages at the time of making the connection.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 07 2019, 11:16 AM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    1) Why have you stopped the OpenVPN service? It should make no difference if it is the client giving errors.
    After stopping the this service, i've not lost local LAN Connectivity till now.

    2) Is the service configured with Automatic Configuration Enabled.
    Yes.
    3) Have you opened the incoming OpenVPN service in the firewall (you don't need the OpenVPN TCP service)
    Yes Opened in incoming as below. Also Enabled the RUle in Dynamic Firewall
    OpenVPN OpenVPN UDP 1194
    OpenVPN-TCP OpenVPN TCP TCP 1194

    Allow OpenVPN No allusers


    4) Which OS ore you using OpenVPN on?
    You mean client, on Windows.

    5) Did you download four files, the .ovpn file, the CA certificate, User Certificate and User Key and have you used them all?
    Yes.

    6) What does the client connection log say and also /var/log/messages at the time of making the connection.
    Client connection error. "OpenVPNClient start gateway_zaikenn_com_p3938: process started and then immediately exited:"
    And log file shows.
    "Thu Nov 07 14:37:37 2019 Note: option http-proxy-fallback ignored because no TCP-based connection profiles are defined
    Options error: If you use one of --cert or --key, you must use them both
    Use --help for more information."




    I was using
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 07 2019, 11:41 AM - #Permalink
    Resolved
    0 votes
    OpenVPN should have little to do with LAN connectivity. Almost certainly that is the NIC driver issue. Have you updated and rebooted?

    How did you add you ovpn profile to Windows? If you used the OpenVPN Import button, it does not import the certificates and you manually need to place them in the folder it created in "%userprofile%\OpenVPN\config". Did you do that or use the other method of dragging and dropping all four of the files into "C:\Program Files\OpenVPN\config"?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, November 08 2019, 07:37 AM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    OpenVPN should have little to do with LAN connectivity. Almost certainly that is the NIC driver issue. Have you updated and rebooted?

    How did you add you ovpn profile to Windows? If you used the OpenVPN Import button, it does not import the certificates and you manually need to place them in the folder it created in "%userprofile%\OpenVPN\config". Did you do that or use the other method of dragging and dropping all four of the files into "C:\Program Files\OpenVPN\config"?


    Today again I'd lost the LAN Connectivity after Started VPN Service. When the LAN Connectivity lost don't know. Morning I stopped the Service and reboted the PC and LAN Connectivity got back.

    Also tried updating the driver. After Updating and executing some commands Net is not working for me.

    Working. This may take some time ...
    Done.
    Verifying : kmod-r8168-8.045.08-2.el7_5.elrepo.x86_64 1/1

    Installed:
    kmod-r8168.x86_64 0:8.045.08-2.el7_5.elrepo
    >>> After Installing & Re-booting
    # lspci -k | grep Eth -A 3
    02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Control ler (rev 01)
    Subsystem: Intel Corporation Device d606
    Kernel driver in use: r8169
    Kernel modules: r8169, r8168
    05:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too
    05:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too

    I executed these below command
    rmmod r8169
    depmod -a
    modprobe r8168
    service network restart
    service ipaliases restart

    network restart didn't worked. so I reboted the pc. And now I lost the internet connection. I'm able to ping locally.

    # ethtool -i enp2s0
    driver: r8169
    version: 2.3LK-NAPI
    firmware-version:
    expansion-rom-version:
    bus-info: 0000:02:00.0
    supports-statistics: yes
    supports-test: no
    supports-eeprom-access: no
    supports-register-dump: yes
    supports-priv-flags: no


    Now I'm Trying to get internet connection.

    Regards
    The reply is currently minimized Show
  • Accepted Answer

    Friday, November 08 2019, 08:51 AM - #Permalink
    Resolved
    0 votes
    Is this a new installation? I don't see you installing the kmod-r8169 driver. Your lspci output shows you are using the original driver so nothing has changed. It shows the r8168 driver as available but not in use. What is the output of:
    uname -r
    cat /etc/clearos-release
    There may be an issue installing the drivers while Community is on 7.7 but the latest release for Home/Business is 7.6. If the uname output is 3.10.0-1062.???? you can grab the correct drivers with:
    yum install kmod-r816* --enablerepo=clearos-updates

    If the uname output is 3.10.0-957.21.3.v7.x86_64 then you should be still be using the built in r8169 driver. If you can install the kmod-r8169 and reboot, you will switch to the r8168.

    From what you've done on a running system, you should have been OK if there is no driver mismatch in this interim period and your ethtool output shows you still have the old r8169 driver loaded. This effectively means you have done no change, so I am not sure why you have no connection.

    I am not sure about the ipaliases service. This is not a normal ClearOS service. Where has it come from and what is it doing?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, November 09 2019, 10:30 AM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Is this a new installation? I don't see you installing the kmod-r8169 driver. Your lspci output shows you are using the original driver so nothing has changed. It shows the r8168 driver as available but not in use. What is the output of:
    uname -r
    cat /etc/clearos-release
    There may be an issue installing the drivers while Community is on 7.7 but the latest release for Home/Business is 7.6. If the uname output is 3.10.0-1062.???? you can grab the correct drivers with:
    yum install kmod-r816* --enablerepo=clearos-updates

    If the uname output is 3.10.0-957.21.3.v7.x86_64 then you should be still be using the built in r8169 driver. If you can install the kmod-r8169 and reboot, you will switch to the r8168.

    From what you've done on a running system, you should have been OK if there is no driver mismatch in this interim period and your ethtool output shows you still have the old r8169 driver loaded. This effectively means you have done no change, so I am not sure why you have no connection.

    I am not sure about the ipaliases service. This is not a normal ClearOS service. Where has it come from and what is it doing?


    Hi,

    Now the R8618 driver is getting used.. after 14Hrs. when I checked remotely connecting to the gateway. From gateway, i'm not able to ping any local pc's which i've kept on. Below is the details.
    # lspci -k | grep Eth -A 5
    02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01)
    Subsystem: Intel Corporation Device d606
    Kernel driver in use: r8168
    Kernel modules: r8168
    05:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too
    05:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 10)
    Subsystem: Realtek Semiconductor Co., Ltd. RTL-8100/8101L/8139 PCI Fast Ethernet Adapter
    Kernel driver in use: 8139too
    Kernel modules: 8139cp, 8139too

    # ifconfig

    enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::21c:c0ff:fe69:d73d prefixlen 64 scopeid 0x20<link>
    ether 00:1c:c0:69:d7:3d txqueuelen 1000 (Ethernet)
    RX packets 875185 bytes 1049748344 (1001.1 MiB)
    RX errors 0 dropped 5 overruns 0 frame 0
    TX packets 335267 bytes 41695730 (39.7 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
    device interrupt 17 base 0xe000

    enp5s4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 122.166.104.238 netmask 255.255.255.0 broadcast 122.166.104.255
    inet6 fe80::280:48ff:fe6b:d573 prefixlen 64 scopeid 0x20<link>
    ether 00:80:48:6b:d5:73 txqueuelen 1000 (Ethernet)
    RX packets 344890 bytes 127783177 (121.8 MiB)
    RX errors 1 dropped 0 overruns 0 frame 0
    TX packets 320309 bytes 210806464 (201.0 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    enp5s5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.11.8 netmask 255.255.255.0 broadcast 192.168.11.255
    inet6 fe80::280:48ff:fe6b:d6e5 prefixlen 64 scopeid 0x20<link>
    ether 00:80:48:6b:d6:e5 txqueuelen 1000 (Ethernet)
    RX packets 506025 bytes 238420625 (227.3 MiB)
    RX errors 12 dropped 177465 overruns 0 frame 7
    TX packets 985291 bytes 1149814153 (1.0 GiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 1000 (Local Loopback)
    RX packets 78440 bytes 25039849 (23.8 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 78440 bytes 25039849 (23.8 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1454
    inet 106.51.132.91 netmask 255.255.255.255 destination 106.51.128.1
    ppp txqueuelen 3 (Point-to-Point Protocol)
    RX packets 828130 bytes 1027909886 (980.2 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 330393 bytes 34281874 (32.6 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    # grep IF /etc/clearos/network.conf
    EXTIF="enp5s4 ppp0"
    LANIF="enp5s5"
    DMZIF=""
    HOTIF=""

    # cat /etc/clearos-release
    ClearOS release 7.7.1 (Final)

    # uname -r
    3.10.0-957.21.3.v7.x86_64
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, November 09 2019, 11:53 AM - #Permalink
    Resolved
    0 votes
    Looking more closely at your output, the only interface we have been affecting is enp2s0/ppp0. We have not touched the other interfaces.

    Can I ask if you have installed the MultiWAN app? If not, you should.
    Also have you installed the Attack Detector app? If so, could you have locked yourself out from the LAN? Check the app documentation to see how to unblock an IP or whitelist your LAN.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, November 09 2019, 12:08 PM - #Permalink
    Resolved
    0 votes
    Also, can I was what you are doing with ipaliases? Reading up about it, it should not be necessary in ClearOS and I have never seen it used.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, November 09 2019, 12:21 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Looking more closely at your output, the only interface we have been affecting is enp2s0/ppp0. We have not touched the other interfaces.

    Can I ask if you have installed the MultiWAN app? If not, you should.
    Also have you installed the Attack Detector app? If so, could you have locked yourself out from the LAN? Check the app documentation to see how to unblock an IP or whitelist your LAN.


    1) Yes, I've installed MultiWan App in the begning, as I've two ISP which is required.
    Destination Port Rules
    Nickname Protocol Port Interface Action
    OpenVPN TCP 1194 enp5s4 Enabled
    OpenVPN UDP 1194 enp5s4 Enabled

    2) Yes, Attack Detector app is installed at the first installation of OS.
    Below are the rule enabled.
    Rules
    Name Description Action
    cyrus-imap IMAP Mail Failed Logins Enabled
    postfix-sasl SMTP Failed Logins Enabled
    proftpd FTP Failed Logins Enabled
    sshd SSH Brute Force Detection Enabled
    sshd-ddos SSH DDoS Detection Enabled

    Found the document for above for whitelisting on this link: https://www.clearos.com/resources/documentation/clearos/content:en_us:7_ug_attack_detector
    This is as below.
    f this application is installed and you want to whitelist an IP addresses or subnets, create a file /etc/fail2ban/jail.local and in it put:

    [DEFAULT]
    ignoreip = 127.0.0.1/8 ip1_to_whitelist ip2_to_whitelist subnet1_to_whitelist subnet2_to_whitelist
    Change “ip1_to_whitelist ip2_to_whitelist subnet1_to_whitelist subnet2_to_whitelist” to the IPs and/or subnets you want to whitelist in the “ignoreip” line (separated by spaces). Then restart the app.

    Manually Unbanning IP's
    To manually unban an IP first you need to determine the jail name where the IP is being blocked. Copy and paste the following line into a terminal:

    for SET in `ipset list -n | grep f2b`; do ipset list $SET -o save | grep ^add | awk '{print $2 " " $3}'; done
    Then unblock the IP from the jail with:

    fail2ban-client set {jail-name} unbanip {IP_to_unblock}
    The jail name is the part of the string after “f2b-” so the jail name for “f2b-cyrus-imap” is “cyrus-imap”.


    So if my local IP range is 192.168.1.0 then I should add 192.168.1.0/24 line in /etc/fail2ban/jail.local .




    Regards
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, November 09 2019, 01:23 PM - #Permalink
    Resolved
    0 votes
    Yes. You'd have something like my one:
    [DEFAULT]

    banaction = iptables-ipset-proto6
    banaction_allports = iptables-ipset-proto6-allports
    ignoreip = 127.0.0.1/8 172.17.2.0/23 192.168.10.0/24 192.168.30.0/24 10.8.0.0/24 172.18.0.0/15 67.18.3.134 173.255.233.57 159.203.59.228 209.90.117.194
    Mine is a bit OTT and my LAN is 172.17.2.0/24 which is covered by the 172.17.2.0/23 rule. I don't think you need 127.0.0.1/8 any more is it is now a built-in rule.

    Restart the attack detector after making changes (the service is fail2ban).
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 10 2019, 04:48 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Yes. You'd have something like my one:
    [DEFAULT]

    banaction = iptables-ipset-proto6
    banaction_allports = iptables-ipset-proto6-allports
    ignoreip = 127.0.0.1/8 172.17.2.0/23 192.168.10.0/24 192.168.30.0/24 10.8.0.0/24 172.18.0.0/15 67.18.3.134 173.255.233.57 159.203.59.228 209.90.117.194
    Mine is a bit OTT and my LAN is 172.17.2.0/24 which is covered by the 172.17.2.0/23 rule. I don't think you need 127.0.0.1/8 any more is it is now a built-in rule.

    Restart the attack detector after making changes (the service is fail2ban).


    Hi,

    I added ignoreip line as shown below in jail.local file I restarted the Attacdetector.
    [DEFAULT]

    banaction = iptables-ipset-proto6
    banaction_allports = iptables-ipset-proto6-allports

    ignoreip = 192.168.11.0/24

    But still, after some time, Local LAN connectivity goes off.

    Still, the problem is not getting solved.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 10 2019, 07:46 PM - #Permalink
    Resolved
    0 votes
    Can you check the routing table before and after you lose connectivity: "ip r"
    When you lose connectivity, what does the firewall show: "iptables -nvL" (and please put the output between code tags, the piece of paper icon with a "<>" on it)
    Also when you lose connectivity, the output from:
    for SET in `ipset list -n`; do ipset list $SET -o save | grep ^add | awk '{print $2 " " $3}'; done | grep 192.168.11

    Lastly you could perhaps try switching to the 8139cp driver. I don't know the best way to do this. One way is to blacklist the 8139too driver:
    echo "blacklist 8139too" > /usr/lib/modprobe.d/blacklist-8139too.conf
    Then reboot. Delete the file and reboot to revert. Alternatively, if you create a file /etc/sysconfig/modules/anything_you_like.modules and in it put "modrpobe 8139cp". Then reboot. This *may* force the cp driver to load first, in which case the "too" driver may not load. There are other ways. Again, delete the file and reboot to revert.

    When you lose connectivity, is there anything in the output to the command "dmesg"? If there is, it will be towards the bottom. Also check the system and messages log.

    For any of these outputs, if you are trying to grab them to add to your post, you can redirect the output by adding a "> some_file" at the end of the command.
    The reply is currently minimized Show
Your Reply