Hello!
I have a gateway system. At the moment the wan interface is connected to my tp-link router. So my wan IP is 192.168.1.170
The Lan interface is connected a wireless access point. The lan interface ip is 10.0.0.1
Now the internet works well both my notebook and my phone. They connected to the wireless access point via wireless. They give DHCP IP addressed like 10.0.0.101 or 10.0.0.102 etc everything perfect.
But when I type my notebook the https://10.0.0.1:81 my browser immediately display "connection refused" or if I try to log in via SSH the putty display me connection refused.
When I try my phone the https://10.0.0.1:81 everything work fine I can access the web interface.
But one more interesting fact. When on my notebook I try the https://192.168.1.170:81 <--- my wan IP address. I can access both the web interface and the SSH. But I like to use the lan IP address not the wan.
So why my notebook refused connection via the lan ip? When I try another IP on my notebook like 10.0.0.110 or etc I still give connection refused. So not the IP is the problem.
I have a gateway system. At the moment the wan interface is connected to my tp-link router. So my wan IP is 192.168.1.170
The Lan interface is connected a wireless access point. The lan interface ip is 10.0.0.1
Now the internet works well both my notebook and my phone. They connected to the wireless access point via wireless. They give DHCP IP addressed like 10.0.0.101 or 10.0.0.102 etc everything perfect.
But when I type my notebook the https://10.0.0.1:81 my browser immediately display "connection refused" or if I try to log in via SSH the putty display me connection refused.
When I try my phone the https://10.0.0.1:81 everything work fine I can access the web interface.
But one more interesting fact. When on my notebook I try the https://192.168.1.170:81 <--- my wan IP address. I can access both the web interface and the SSH. But I like to use the lan IP address not the wan.
So why my notebook refused connection via the lan ip? When I try another IP on my notebook like 10.0.0.110 or etc I still give connection refused. So not the IP is the problem.
In Hardware
Share this post:
Responses (13)
-
Accepted Answer
-
Accepted Answer
With WIn7 you should have had some sort of "new network" wizard pop up. Try googling "win7 new network" to get some idea. It is not a brilliant search but may point you in the right direction. This link may also help. -
Accepted Answer
Well well I found the problem, but I dont found the solution.
In my laptop I try to run a live linux system and everything is good under linux. I can access the 10.0.0.1. But my default windows 7 system cant access the https://10.0.0.1:81
So something in my system blocked or etc. I turn every firewall off. Interesting. -
Accepted Answer
Thinking with more clarity in the morning. If WiFi devices can get in to the LAN but wired devices can't, this indicates ClearOS is working. This makes me think about your WiFi access point. Most people tend to use an old router as a WAP these days. If you've done this, please check the WAP IP address is on the same subnet as ClearOS and outside DHCP scope. You have a default DCHP server so you can use any address from 10.0.0.2 - 10.0.0.79 without causing future problems (PPTP takes .80-.99 if you install it, DHCP is .100-.254, .255 is broadcast and .1 is ClearOS). You also have to turn off the DHCP server in the WAP and then connect the WAP to ClearOS by its LAN port. Your laptop should be able to plug into a spare LAN port on the WAP.
Are you using the laptop wirelessly? Either way, it should discover a new LAN and ask if you want to trust it and it may be this doing the blocking. Can you ping ClearOS from the laptop? Do you get the same issue with wireless and wired? Can you try plugging the laptop directly into the USB NIC? -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Is one of your NIC's a USB NIC or wireless NIC? The lspci command is only picking up one NIC. Anyway you have a NIC which works much better with a different driver. There is an issue with the repos at the moment which they are trying to fix. Please do a:
If you only get the kmod-r8169 package then the repo issue is not yet fixed and you'll need to install the kmod-r8168 from my site:yum install kmod-r816*
Then reboot. Do not reboot until you have both drivers installed or you will lose access to the NIC.wget https://www.howitts.co.uk/clearos/ClearOS_7.x/kmod-r8168-8.045.08-2.el7_5.elrepo.x86_64.rpm
yum localinstall kmod-r8168-8.045.08-2.el7_5.elrepo.x86_64.rpm -
Accepted Answer
I make and install a CA but nothing so here your commands output
[root@gateway ~]# cat /etc/clearos/network.conf
# Network mode
MODE="gateway"
# Network interface roles
EXTIF="enp4s0"
LANIF="enp0s20u1"
DMZIF=""
HOTIF=""
# Domain and Internet Hostname
DEFAULT_DOMAIN="censored*******"
INTERNET_HOSTNAME="gateway.censored**********.com"
# Extra LANS
EXTRALANS=""
# ISP Maximum Speeds
[root@gateway ~]# cat /etc/dnsmasq.d/dhcp.conf
dhcp-option=enp0s20u1,1,255.255.255.0
dhcp-option=enp0s20u1,28,10.0.0.255
dhcp-option=enp0s20u1,3,10.0.0.1
dhcp-option=enp0s20u1,6,8.8.8.8,8.8.4.4
dhcp-range=enp0s20u1,10.0.0.100,10.0.0.254,12h
read-ethers
[root@gateway ~]# ifconfig | grep ^e -A 1
enp0s20u1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
--
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.170 netmask 255.255.255.0 broadcast 192.168.1.255
[root@gateway ~]# lspci -k | grep Eth -A 3
04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 11)
Subsystem: ASRock Incorporation Motherboard (one of many)
Kernel driver in use: r8169
Kernel modules: r8169
[root@gateway ~]# -
Accepted Answer
It is OK I believe I understand your situation. I was giving you two different ways of managing the WAN interface and a firewall rule so you can connect to it for the moment on on its WAN interface while it is connected to your LAN but in a way which will be safe when the ClearOS WAN connects directly to the internet in case you forget to disable it again..
There is a known issue with Firefox and it is best avoided for the initial connection to ClearOS. Anyway, please connect via the ClearOS WAN and generate its system certificate. It may help.
If it does not help, please give the output of:cat /etc/clearos/network.conf
cat /etc/dnsmasq.d/dhcp.conf
ifconfig | grep ^e -A 1
lspci -k | grep Eth -A 3
If you use Windows you can use PuTTy as a remote console/ssh session although Win10 1803 now has a native client. You can copy from it by selecting the text and paste to it by right-clicking. WinSCP also makes a good file manager and text editor. -
Accepted Answer
Thank you the fast answer! No I use google chrome, but I will try to explorer, firefox, but nothing!
I think you misunderstood my problem. I dont want to use the wan interface to access the webconfig. But only the lan interface access work on my notebook. But on my phone can access the server on the lan IP.
The tp-link router is a permanent solution, only testing. If I fully configured my clearOS, I disconnect the tp-link and I plug in the internet directly my WAN interface on the ClearOS PC. So I really need to access to the ClearOS via LAN IP. -
Accepted Answer
Is your browser by any chance Firefox? If it is, please log in via the WAN IP as you say you can. Then navigate to Webconfig > System > Settings > Certificate Manager and generate your CA certificate and System certificate. Then try again from the LAN.
Once you are up and running, either use a very strong password, load the Attack Detector app and leave the ports open (not my favoured configuration), or close the incoming firewall to SSH and Webconfig. Temporarily add the following Custom Firewall rule:
This will allow full access from theTP-Link subnet and, if you forget to delete the rule if you connect ClearOS directly to the internet, it is pretty safe.$IPTABLES -I INPUT -s 192.168.1.0/24 -j ACCEPT
If you want access from the WAN, my recommendation is to use OpenVPN then you can access ClearOS as if you are connected to its LAN.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »