Thank you the help! Well I found a solution. I change the lan IP to 192.168.2.1 /24 now everything is working well. My notebook doesn't love the 10.0.0.1 ip address.

With WIn7 you should have had some sort of "new network" wizard pop up. Try googling "win7 new network" to get some idea. It is not a brilliant search but may point you in the right direction. This link may also help.

Well well I found the problem, but I dont found the solution.

In my laptop I try to run a live linux system and everything is good under linux. I can access the 10.0.0.1. But my default windows 7 system cant access the https://10.0.0.1:81
So something in my system blocked or etc. I turn every firewall off. Interesting.

Thinking with more clarity in the morning. If WiFi devices can get in to the LAN but wired devices can't, this indicates ClearOS is working. This makes me think about your WiFi access point. Most people tend to use an old router as a WAP these days. If you've done this, please check the WAP IP address is on the same subnet as ClearOS and outside DHCP scope. You have a default DCHP server so you can use any address from 10.0.0.2 - 10.0.0.79 without causing future problems (PPTP takes .80-.99 if you install it, DHCP is .100-.254, .255 is broadcast and .1 is ClearOS). You also have to turn off the DHCP server in the WAP and then connect the WAP to ClearOS by its LAN port. Your laptop should be able to plug into a spare LAN port on the WAP.

Are you using the laptop wirelessly? Either way, it should discover a new LAN and ask if you want to trust it and it may be this doing the blocking. Can you ping ClearOS from the laptop? Do you get the same issue with wireless and wired? Can you try plugging the laptop directly into the USB NIC?

Typo fixed in the command I gave you. "tum" -> "yum".

Yes my LAN NIC is an USB nic, but this is temporary only test version, I was order a PCI-E intel Gigabit NIC, but thank you I will try your driver.

Hmm. From its name, enp0s20u1 is a USB NIC but it is your LAN one. It is the other one with the dodgy driver. I'm shutting down now and will pick up again in the morning.

Quick message. Stop before you try my driver and check your version of ClearOS ("cat /etc/clearos-release"). If you are on a trial version you may still be on 7.4. The repos should still work for that. If not you will need the 7_4 version of the driver from my site.

Is one of your NIC's a USB NIC or wireless NIC? The lspci command is only picking up one NIC. Anyway you have a NIC which works much better with a different driver. There is an issue with the repos at the moment which they are trying to fix. Please do a:

yum install kmod-r816*

If you only get the kmod-r8169 package then the repo issue is not yet fixed and you'll need to install the kmod-r8168 from my site:

wget https://www.howitts.co.uk/clearos/ClearOS_7.x/kmod-r8168-8.045.08-2.el7_5.elrepo.x86_64.rpm

yum localinstall kmod-r8168-8.045.08-2.el7_5.elrepo.x86_64.rpm

Then reboot. Do not reboot until you have both drivers installed or you will lose access to the NIC.

I make and install a CA but nothing so here your commands output


[root@gateway ~]# cat /etc/clearos/network.conf
# Network mode
MODE="gateway"

# Network interface roles
EXTIF="enp4s0"
LANIF="enp0s20u1"
DMZIF=""
HOTIF=""

# Domain and Internet Hostname
DEFAULT_DOMAIN="censored*******"
INTERNET_HOSTNAME="gateway.censored**********.com"

# Extra LANS
EXTRALANS=""

# ISP Maximum Speeds


[root@gateway ~]# cat /etc/dnsmasq.d/dhcp.conf
dhcp-option=enp0s20u1,1,255.255.255.0
dhcp-option=enp0s20u1,28,10.0.0.255
dhcp-option=enp0s20u1,3,10.0.0.1
dhcp-option=enp0s20u1,6,8.8.8.8,8.8.4.4
dhcp-range=enp0s20u1,10.0.0.100,10.0.0.254,12h
read-ethers


[root@gateway ~]# ifconfig | grep ^e -A 1
enp0s20u1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
--
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.170 netmask 255.255.255.0 broadcast 192.168.1.255


[root@gateway ~]# lspci -k | grep Eth -A 3
04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 11)
Subsystem: ASRock Incorporation Motherboard (one of many)
Kernel driver in use: r8169
Kernel modules: r8169
[root@gateway ~]#

It is OK I believe I understand your situation. I was giving you two different ways of managing the WAN interface and a firewall rule so you can connect to it for the moment on on its WAN interface while it is connected to your LAN but in a way which will be safe when the ClearOS WAN connects directly to the internet in case you forget to disable it again..

There is a known issue with Firefox and it is best avoided for the initial connection to ClearOS. Anyway, please connect via the ClearOS WAN and generate its system certificate. It may help.

If it does not help, please give the output of:

cat /etc/clearos/network.conf

cat /etc/dnsmasq.d/dhcp.conf

ifconfig | grep ^e -A 1

lspci -k | grep Eth -A 3

If you use Windows you can use PuTTy as a remote console/ssh session although Win10 1803 now has a native client. You can copy from it by selecting the text and paste to it by right-clicking. WinSCP also makes a good file manager and text editor.

Thank you the fast answer! No I use google chrome, but I will try to explorer, firefox, but nothing!

I think you misunderstood my problem. I dont want to use the wan interface to access the webconfig. But only the lan interface access work on my notebook. But on my phone can access the server on the lan IP.

The tp-link router is a permanent solution, only testing. If I fully configured my clearOS, I disconnect the tp-link and I plug in the internet directly my WAN interface on the ClearOS PC. So I really need to access to the ClearOS via LAN IP.

Is your browser by any chance Firefox? If it is, please log in via the WAN IP as you say you can. Then navigate to Webconfig > System > Settings > Certificate Manager and generate your CA certificate and System certificate. Then try again from the LAN.

Once you are up and running, either use a very strong password, load the Attack Detector app and leave the ports open (not my favoured configuration), or close the incoming firewall to SSH and Webconfig. Temporarily add the following Custom Firewall rule:

$IPTABLES -I INPUT -s 192.168.1.0/24 -j ACCEPT

This will allow full access from theTP-Link subnet and, if you forget to delete the rule if you connect ClearOS directly to the internet, it is pretty safe.

If you want access from the WAN, my recommendation is to use OpenVPN then you can access ClearOS as if you are connected to its LAN.