Dell Dimension 9100 memory use is limited to 3.25 Gigs max regardless of how much ram is installed or 32/64 bit operating system. So you are really looking at the difference between 3.25 and 2.94 GB. This is easily accounted by what Nick has descibed and other BIOS requirements.

This machine was released about 2004 as a Windows XP machine when memory requirements were so much smaller and BIOS was often not optimized to take avantage of the full 4 GB.

The value is taken from the file /proc/meminfo and is the MemSize field. It is also the first value reported in "top" and "free". It is then divided by 1024*1024 to convert it to GB. Do you have onboard graphics and use shared video memory? Any memory allocated to graphics will be subtracted from what you think you have available by the BIOS before it is even presented to Linux. ClearOS has a very low graphics requirement and you can reduce the amount reserved to as low as possible.

Hello Nick,

Here's what I'm asking in detail, in system details it says 2.94 Gb and the system has 4Gb.

System Details

Item Value
Version ClearOS release 7.8.1 (Final)
Kernel Version 3.10.0-1127.18.2.el7.x86_64
System Time Sun Sep 6 19:59:44 EDT 2020
CPU Model Intel(R) Pentium(R) 4 CPU 3.00GHz
Memory Size 2.94 GB
Uptime 19 Days 1.2 Hours
Load 0.21 0.23 0.23

I think this should say 4Gb, right ??
It is an old 2006 Dell System, but BIOS does recognize 4Gb.

I went to resource report to see what is the current state of memory use but it says nothing to report, as do a few other reports. Is this correct behavior ??

Thanks

Manuel

Manuel Alejandro Aravena wrote:

Hi, I have a couple of questions, I recently logged in to my dashboard to find the following warning : High swap memory usage, what does this mean exactly ???

Probably a transient issue. I always see it on boot. What does "free" or "top" show?

Another questions is why is clear os showing 2.94 Gb in available memory when the PC has 4Gb ??

It is what is currently left as (sort of) unused. In reality, most of it will be used as buffers/cache, but Linux can pull it back if it needs it.

Hi, I have a couple of questions, I recently logged in to my dashboard to find the following warning : High swap memory usage, what does this mean exactly ???

Another questions is why is clear os showing 2.94 Gb in available memory when the PC has 4Gb ??

Thanks

Manuel

Nick,

Once I'm done with all the settings and setup, I'll get a write up done and send it to you. Maybe it'll help others with ClearOS.

Saludos,

Manuel

One of these days I'll do a write up for setting up a basic mail server as there are a number of different things coming into play.

For receiving e-mails from the internet you need to:
- open incoming port tcp:25 (do not forward the port at the same time)
- you should have an MX DNS record pointing to an IP address or an A record (not a CNAME record) - your poweredbyclear.com is normally an A record.
- you need your own domain
- In the Mail Settings App, your e-mail domain should be the domain for your e-mails (the part after the @ in the e-mail address)
- Ideally, the Mail Hostname should be the same as your MX record.
- Your ISP must allow it (many do, some block it) If you open port 25, try doing an external port scan on port 25. It will give you an idea.

For sending e-mails, it is more complicated. Generally from your LAN you relay via ClearOS on port 25 but I prefer port 465 or 587 - see this doc. For your setup you need:
- an MX DNS record pointing to an A record which resolves to your IP address
- an SPF DNS record record permitting you to send (generally you can just include your A and MX records), If you don't have one, some mail providers such as Google will block or spam you.
- a PTR DNS records and this is a problem as that record is owned by your ISP and not you. If you don't have one, or have a generic one, some mail providers such as GMX will block you. There are ways round this
- Because of the requirement of a PTR DNS record and for other reasons, you should not have a Dynamic IP but you can get round this.
- If you have a Dynamic IP you will be on a Spam Blocklist and there is nothing you can do to get the IP removed. Use a mail delivery service (see below) or relay via your ISP.
- your Mail Hostname should match your MX record
- Your ISP must permit it. Many do, some don't and block outgoing port 25. See below for mail services as they often provide other ports such as 465,587 and 2525.

If you have a dynamic IP or no control over your PTR record, you may be able to use your ISP's mail servers and relay via them. I could with VirginMedia, but cannot with Vodafone. Alternatively there are SMTP relay services. I use TurboSMTP but it becomes a paid service after a year. There are free services (I think Mailjet have one) but they may add a small bit of text to the end of your e-mails.

Hello,

I have VPN and everything else working well thanks. Now of course I had problems with email.

I have all the ports open, I don´t know if they need to be port forwarded but I did just the same. I managed to get IMAP and SMTP running but on ports 123 and 25 respectively with no security selected. This ended up with my IP in SpamHouse. I am using mydomain as the server., mydomain is directed to ClearCenter. It works but I sent a test email to my gmail and received this reply back: " The IP you're using to send mail is not authorized to 550-5.7.1 send email directly to our servers. Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn more at 50-5.7.1"

Same with another address I used to test: "The mail system : host xxxxxxxxx[xxxxxxxxxxx] said: 550-"JunkMail rejected - (mail.xxxxxxxxxxxx) [xxxxxxxxxxx]:47152 is in an 550 RBL: https://www.spamhaus.org/query/ip/xxxxxxxxxxx"; (in reply to RCPT TO command)"

I have tried various combinations for ports 993 and 587 and 465, using STARTTLS and SSL/TLS. But nothing secure has worked so far, Mailspring generally complains the OpenSSL is not working.

So, how do I fix this ?? Having secure email and also not being rejected by mail services??

Thanks for all the help,

Manuel

Hi Nick,

Once again thanks for your help, my IP is now fixed and different from the one in ClearCenter, I have now installed the DDNS app. Will wait for that to work and check that my IP is the same as the one in ClearCenter to keep setting things up.

That should also fix the VPN.

Next comes email, then NextCloud, so please bear with me.

Thanks again,

Saludos,

Manuel

From a web browser google "what is my ip" or from ssh on ClearOS do "curl ifconfig.co" and check the results against your FQDN or the IP held at Clearcenter. They should match. If not, have you installed and activated the Dynamic DNS app since you reinstalled? There is no point doing anything else until your poweredbyclear.com FQDN resolves back to your IP.

If you reinstalled and selected a new install, you may need to log onto the Clearcenter portal and delete your old machine to free up your poweredbyclear.com subdomain so you can reuse it.

In OpenVPN, don't worry about the "ns-cert-type is Deprecated" message. For the moment it still works and will work until the OpenVPN 2.5 client is released and I believe that is a while off. The other messages are probably lack of connectivity and you need to fix the poweredbyclear.com issue first.

I would expect Mailspring to work fine with IMAP for picking up e-mails and SMTP for sending e-mails.

Hi,

I have managed to move ahead some. I solved the local certificate issue and managed to open all the ports. Nevertheless I have the following problems when on the open internet.

1.- I can't manage to get the the Powered by ClearOS page up. I get a time out error, when I use mydomain, *.mydomain, mydomain.poweredbyclear.com, and the IP in ClearCenter. There seems to be some sort of disconnect somewhere between my domain-host(Porkbun) and ClearCenter where the "mydomain.poweredbyclear.com" is located. Is this correct ?? Any suggestions on how to fix this ?? I checked in ClearCenter and there is no registered domain loaded for my account, should there be one ?? As I see it mydomain.poweredbyclear.com page does not exist in ClearCenter, but there was one before. ClearCenter does not seem to be recognizing" mydomain.poweredbyclear.com" nor the IP for it, although it does appear in ClearCenter as well as the IP. But neither the IP given nor the web address work. Maybe it is a settings problem on my side, but this also happens to the VPN.

2.- I have OpenVPN installed and working on a Windows PC off my lan. I have followed all the tutorials on this and it should be running ok, I opened all the required ports as well etc. But I have a time out connection error to mydomain.poweredbyclear.com. I get three errors, says -ns-cert-type is Deprecated, use -remote-cert-tld instead, then it tries to connect to mydomain.poweredbyclear.com and I get a TLS key negotiation failed to occur within 60 seconds etc, and a TLS handshake error. Once again I think that mydomain.poweredbyclear.com site is not active. How do I fix this ? Regarding OpenVPN for ClearOS, how do I get it to work on an iOS device, no instructions are to be found.

3.- I have installed and setup SMTP mail and the POP, IMAP app, but have not even tried using it until I get the other two problems fixed. Regarding mail, does Mailspring work for SMTP server ??

My printer is USB, not a networt ready one BTW. Working on how o make it available to the LAN, but this will wait until I have the rest figured out.

Nextcloud will have to wait until all the rest is solved.

Thanks for your help.

Saludos,

Manuel

PS

BTW I now have a fixed IP for my WAN

PPS I fixed this partially as I managed to direct mydomain to my now fixed IP on port 443. Worked for Alias but not for Cnames, or *.mydomain.

I have not been able to fix VPN still.

I have no idea about issue 1. Is your new router using a different LAN subnet? If so, does it clash with the ClearOS LAN subnet? Do you have static IP's on your LAN for ClearOS and PiHole? Is PiHole on your router LAN or on the ClearOS LAN now? You can check if traffic is arriving at the ClearOS WAN with "tcpdump" but you'll need to Google how to use it. Perhaps start with "tcpdump -nni your_clearos_WAN_interface port 443" to check port 443 traffic. Could the router be intercepting port 443 for its management?

I don't know much about printers. There is an Advanced Print Server which probably uses CUPS which you may want. Do you need this sort of set up? My network printer just plugs into the network and I use its Windows utilities to print. CUPS would give you a central print queue, I believe, but what else would you gain unless it is a USB printer directly connected to ClearOS. In that case you may need CUPS.

For NC, you must mount the drive somewhere. It cannot be used as /dev/sdbX. Can I suggest you install the Storage Manager app ("yum install app-storage") but it is not brilliant.

Hi,

Here I am needing help once again. I have two issues and one question.

Issue 1: Today I changed my ISP provider and had to port forward everything once again, set a static IP etc, all done. Seems to work fine, but when I type(http://domain) my domain I get the proxy ClearOS page without the logo and get a broken image instead (text and the rest is fine just no logo), and my https://domain page is not running at all time out error. And my local IP dashboard page once again says not secure. Could it be the ports ?? It might be as OpenVPN is not able to connect either.

I've got port 80 and 443 TCP, 1194 UDP, 81 TCP configured. The router setup is a bit different from others I have used, it asks for an external source IP address, which I have not set as I don´t know what to use.

I read in the WAN setup of the new router that it has NAT enabled, and something called a port restricted cone enabled as well. I'm a bit clueless at this point why the ports are not working.

Issue 2: I tried to install my printer as a network printer, but it turns out that I need a PPD file which is not available in the list for the Brand. It's a Brother DCP-1602. I have looked around the internet for it and can't find it. Any ideas on how to solve this, I downloaded CentOS drivers for it, which should work in ClearOS (correct??). But that does not make it available in port 631 where the printer server is apparently working (correct??). Help, suggestions appreciated.

Now the question, I have added an additional drive to my machine in order to support NextCloud. From what I have read, during the install process I can choose the location of the storage (correct??). Now I am not sure whether or not I should create a directory (as Nick suggested for the pen drive), and mount the drive on that directory (i.e. /mnt/nextcloud/), or if I can just leave it as is /dev/sdb ??

Thanks again for all the help.

Saludos,

Manuel

Hello Nick,

I gave up on trying to install PH on ClearOS, I'm going to run it off the Pi connected to the LAN, that is much easier, it was beyond my knowledge and expertise. Thanks for all your help. I am now re-configuring my install. So I'm sure I'll have more questions. But doing good so far.

Thanks again

Saludos,

Manuel

PS
Pi working perfect off my ClearOS Server, eliminated wireguard vpn and will use OpenVPN on ClearOS. I did what you suggested in the first post I think, and uploaded the driver for the 100 Ethernet Nic, now I have three, WAN, 2 LAN, and the old 100 is for my Pi, it actually works really well and does not slow things up. Lots still to be done, want to set email up now, and understand the configurations of all the gateway and server apps.

Thanks, I'll try that see how it goes. I did not want a dongle on my server, and thought I could just install it in ClearOS as I have seen a couple installs on CentOS.Thanks again, will let you know how it goes.

Saludos,

Manuel

I'd also be very careful about the automated install scripts as it does nasty things like use the Remi repo to update PHP.

I didn't know you were using ClearOS for PiHole. Yes there is another DNS server running on ClearOS, dnsmasq, and it is best not to fight it. The way to work with it is to run PiHole on a non-standard port, e.g 5353. I don't know how you do that in PiHole as I don't know the app, but it is probably a configuration option. Then in ClearOS in /etc/dnsmasq.d, add a file called anything you want. Let's say pihole! In it put:

server=127.0.0.1#5353

Dnsmasq will then pass all internal queries to PiHole.

It will be more of a problem if PiHole also uses dnsmasq underneath.

The setups I have tried for the PiHole are:

LAN -
1.-tried suing the LAN adapter and its IP as PiHole IP, the gateway IP was the LAN gateway. As during the install process I have to choose which adapter I want it on. I then tried to direct the DNS in both IP settings and DNS settings to the PiHole, but it did not work, after the PiHole install it said DNS server not running. Tried to uninstall the PiHole and the sustem broke.

2.- I tried using another IP address, related to the LAN, used the LAN gateway address. No DNS running warining at end of install. All else same as above.

WAN -
1.- Tried using the WAN adapter and IP when installing, same problem, warning after install that the PiHole DNS server is not running, redirect DNS in both settings in ClearOS to the PIH, it does not work, try to uninstall, system breaks.

I'm going into my fourth PH install. I will try on the WAN again, and have opened port 53 and 85 for DNS and lighttpd respectively. I agree that I should not have to open any ports as I never had to before, but I have generally just had one adapter to choose from, and it was on a Raspberry. If this does not work, I'll try the LAN side of things again with another IP and see what happens.

I´m getting the impression that PH is not installing properly for some reason, based on the fact that it can´t run the DNS server as soon as it finishes the install. I have tried rebooting, but it still does not run.

This is what it says on the PH site: If you happen to have another DNS server running, such as BIND, you will need to turn it off in order for Pi-hole to respond to DNS queries.

Does ClearOS have another DNS server running that might conflict with the PH DNS ??

I did read that having a web server that uses port 80 and lighttpd as well, will not work and lighttpd needs to be directed to another port. But this should only impact on the graphics web based dashboard, I think, not the DNS side.

I also found a list of dependencies PH needs installed, I'll trt to install them manually before instalingl PH. Nevertheless PH generally installs everything it needs on its own.

I'll have to check on the Mac, see what is wrong with it.

As I did with the USB and HDD booting issue, I will solve this.

Thanks and saludos,

Manuel

If you leave booting alone, it should always boot to the top kernel which is the latest. The reason you have more is that there has been a kernel update. You will end up showing up to 5 kernels then the old ones begin to drop off the bottom of the list.

If you are running PiHole on the LAN, then, generally, you won't be able to access it from the Internet. If you port forward to it, then the ClearOS web server won't be accessible from the Internet. You can probably get round this by using the ProxyPass app. Where is your PiHole machine in your network? Is it on the ClearOS LAN or WAN? You should not need to open any ports for it to work.

If it is running on your LAN it should have been as easy as giving the Pi a fixed IP on your LAN. Then change the DNS server in ClearOS to the PiHole device and similarly change the DNS entry in the DHCP server.

About the MAC, there is no reason for downloads not to work with the default settings of the firewall.

Hi Nick,

Thanks for that, but I had seen the site and a few other sites on the 9100 as well, turns out the problem was the keyboard, I was using a new one with led lights etc, and my Dell seems to like the traditional old USB 2.0 type, no bells and whistles. I did reset the Bios predetermined configuration and cleared CMOS, but in the end it was the keyboard, who would've guessed.

I'm up and running once again, but had to start from scratch. I can now re-install quickly so if I break it again, I should be fine. I just noticed something though. I just ran a yum update on the terminal and now I have three options to boot from for ClearOS, two "normal" and one rescue. I rebooted after the update and noticed. Used to have one,can't remember which though, why would this happen ??

ClearOS (3.10.0-1062.18.1.el7.x86_64) 7 (Final)
ClearOS (3.10.0-1062.9.1.el7.x86_64) 7 (Final)
Rescue version

Both seem to work, what would be the difference ?? Which should I use ??

Saludos,

Manuel

PS I once again broke my install, as I'm going through the process, the install USB says the version is 7.7.2.280072, just taking notes

Getting PI-Hole running is much harder than what I though, shame as it is a nifty little program.

I am directing it to the external NIC, but it pretty much takes over, and even renames it. I have tried using for PI-Hole the same IP as the NIC, a different one, and once it has finished, I always get the message that the DNS (of PI-Hole) is not running. I will solve this though.

I am thinking my pains might be a firewall issue, in the ISP router, as PH needs a couple of ports open, one for DNS, 53 and another for lighttpd, 80, but it's the same port for the ClearOS webserver. I'll try opening the ports, and give lighttpd a different port, will have to change the lighttpd.conf. I hope this works, fourth time's the charm.


PP
I have a Mac behind ClearOS, and now that it's working (have not tried to install PH again yet) I am having some problems with it. There's a new OSX Catalina update and it gives me a download error, basically reaches the end of the download and stops with an error. Same with an App I tried to download from the AppStore, I tried to download, did download for a bit then stopped. Is this also a firewall issue ?? Any ideas ??

Try googling "dimension 9100 boot from usb". I found http://www.l3jane.net/doc/9100/syssetup.htm and in it, it says:

Boot Sequence

This feature allows you to change the boot sequence for devices.
Option Settings

Diskette Drive — The computer attempts to boot from the floppy drive. If the floppy in the drive is not bootable, the computer attempts to boot to the hard drive.

Hard Drive — The computer attempts to boot from the primary hard drive. If no operating system is on the drive, the computer attempts to boot to the next bootable device.

CD Drive — The computer attempts to boot from the CD drive. If no CD is in the drive, or if the CD has no operating system, the computer attempts to boot to the next bootable device.

NOTE: The computer attempts to boot to all bootable devices but if no bootable device is found, the computer generates the No boot device available error message. Press the <F1> key to retry the boot, or press the <F2> key to enter the setup utility.

USB Flash Device — Insert the memory device into a USB port and restart the computer. When F12 = Boot Menu appears in the upper-right corner of the screen, press <F12>. The BIOS detects the device and adds the USB flash option to the boot menu.

NOTE: To boot to a USB device, the device must be bootable. To ensure that your device is bootable, check the device documentation.
Changing Boot Sequence for the Current Boot

You can use this feature, for example, to restart your computer to a USB device such as a floppy drive, memory key, or CD-RW drive.
NOTE: If you are booting to a USB floppy drive, you must first set the floppy drive to OFF in system setup.

If you are booting to a USB device, connect the USB device to a USB connector (see "Back View of the Computer").

Turn on (or restart) your computer.

When F2 = Setup, F12 = Boot Menu appears in the upper-right corner of the screen, press <F12>.

If you wait too long and the operating system logo appears, continue to wait until you see the Microsoft Windows desktop. Then shut down your computer and try again.

The Boot Device Menu appears, listing all available boot devices. Each device has a number next to it.

At the bottom of the menu, enter the number of the device that is to be used for the current boot only.

For example, if you are booting to a USB memory key, highlight USB Flash Device and press <Enter>.
NOTE: To boot to a USB device, the device must be bootable. To make sure your device is bootable, check the device documentation.

Note the bit about the floppy in there as well.

I'm sorry to say I'm back to square one. I broke the install trying to set up pi-hole, and now have run into a larger problem. I am using an old 2005 Dell Dimension 9100. It actually is not all that bad, but I had a lot of trouble getting it to boot from the USB drive to install ClearOS, and at some point it just booted and I made the install. Nevertheless that was a 2 hour process of trial and error. I have tried to recreate the sequence, but have not been able to make the USB boot. I just installed ClearOS on another PC I have, a much newer one, and everything just worked. But I definitely want to use the Dell as the gateway/server.

I am using Rufus to create the USB, have tried ISO and DD mode several times, tried using MBR and GPT, options but it just does not Boot. On a side comment, I also had trouble booting the drive I had ClearOS on, I had to boot it manually and would never just automatically boot to it.

I do have some sort of conflict with the keyboard, as if I boot with the USB on, it will say no keyboard, so I generally boot to BIOS, then insert the USB to try to Boot from it. I have looked for USB settings but there's not much, and not much for Boot control etc.

If anyone knows how to fix this I would very much appreciate it. I have the motherboard on the latest/ last Bios.

Thanks

Manuel

I've no idea how to personalise the Webconfig landing page, but it must be possible. From your own website it is easy to put a link to the webconfig. Just remember to specify the port in the <a> tag. Obviously port 81 needs to be accessible from wherever you are connecting.

The main ad blocking app is Gateway Management, but it works best as a paid app.

Thanks again Nick.

All good now no more "Not Secure" warnings. Had to clear cache and clean history in the browser etc. but it is gone.

I have a question, is there a way to modify the login page of ClearOS, and "personalize" it ?? Put a logo, change colors etc ?? And if I make a webpage for my domai, can I login from that webpage in to ClearOS ??

Will be working on VPN and adblockig now, I just read there is an adblocking app in the marketplace, will have a good look at all that's available.

There are various gateway apps for antimalware, filter and proxy, filtering and intrusion protection. I don't fully understand what each does, except the simple site or IP blocking ones, so I'll be researching that in order to set up a better and more secure network. This project has become far more interesting and enlightening than what I though initially and to be honest from my POV ClearOS is pretty solid.

Saludos,

Manuel

Thanks again Nick.

All good now no more "Not Secure" warnings. Had to clear cache and clean history in the browser etc. but it is gone.

I have a question, is there a way to modify the login page of ClearOS, and "personalize" it ?? Put a logo, change colors etc ?? And if I make a webpage for my domai, can I login from that webpage in to ClearOS ??

Will be working on VPN and adblockig now, I just read there is an adblocking app in the marketplace, will have a good look at all that's available.

There are various gateway apps for antimalware, filter and proxy, filtering and intrusion protection. I don't fully understand what each does, except the simple site or IP blocking ones, so I'll be researching that in order to set up a better and more secure network. This project has become far more interesting and enlightening than what I though initially and to be honest from my POV ClearOS is pretty solid.

Saludos,

Manuel

PS
I attached what I would like to see on the webpage, I'm sure there must be a wayto link a web page to the log in bit in clearos

For the webconfig there are two bits you have to do.
In System > Settings > General Settings > Settings set the certificate to your Let's Encrypt certificate
In Network > Infrastructure > DNS server set up an entry for your ClearOS LAN IP and map it to your certificate. It can use all the DNS entries on your certificate.

Your set up sounds OK. There is no problem having ClearOS in a DMZ as it has its own firewall and will be little different to connecting ClearOS directly to the WAN IP. You don't need the DDNS from your router if the ClearOS one is working. I doubt you can use the ClearOS web server for PiHole. I'd be surprised if a remote webserver would be able to access PiHole.

Hi Nick,

ClearOS is running in gateway mode, and working really well so far. Thanks for your help, I managed to get the Let´s Encrypt certificate, port forwarded tcp 80 and 443, works fine, externally at least.

I have a question regarding the certificate, I am running ClearOS Web Server, and managed to redirect ALIAS and CNAME records to the xxxx.poweredbyclear.com domain. When loading my domain from the internet I get a webpage from clearos, "congratularions your web sever is running etc." I load the https://domain and it says secure, perfect. But when I load my Dashboard locally it says Not Secure and I need to authorize the web page every time, how can I fix this ?? I try loading https://theIP and it is not using the Let's Encrypt certificate apparently. I did create a locally signed one, but that does not work either. How can I eliminate the Not Secure warning when managing my Server from my LAN ??

My set up as of today is as follows:

ISP Router - has a dynamic IP set by ISP in the WAN area (looked for settings to set it in bridge mode but could not find any. Do not want to be in the DMZ area as it is quite exposed from what I read, maybe I'm being a bit paranoid, but gave it a pass. Lan area has a DHCP server that assigns an IP to my gateway, but reserved and fixed the IP of the Gateway. Router has DDNS capability, but I have no idea how to configure the parameters (asks for DDNS service, protocol, username, key and domain name), and I don't know if I need to use it anymore though.

Server Gateway - receives an IP address from the ISP router, dynamic. I have fixed the IP, by reserving it in the ISP router, will this be enough for ClearOS to work fully ??

Lan - all good on this side, DHCP working, DNS setting working, all OK

I did port forward upd 1194, and am waiting to understand and fix the other points before running the VPN, no rush, I think I had better get the basic set up right. I definitely would like to keep Wiregard, but I don't want to complicate myself with settings and things I don't understand, so I'll use OpenVPN in ClearOS.

Regarding Pi-Hole, as you mentioned I will be pointing the LAN DNS to it, will select an IP address that does not conflict, should work ok. PIHole requires a web server to run for the dashboard to work, it has its own light web server, but I have installed and running the ClearOS server, I'll be giving using the ClearOS one a try. Hopefully that works.

Steep learning curve, but I'm managing, once again thanks for all your help and patience.

Saludos

Manuel

To get a Let's Encrypt certificate for any domain or subdomain (and they can all be on the same certificate), the domain or subdomain must resolve back to your WAN IP. and your router will need to port forward tcp:80 and tcp:443 to ClearOS or ClearOS needs to be in the router DMZ. If you have a domain and a dynamic IP, unless your domain host supports DDNS, you may not be able to have your domain pointing to your server, but you can have any subdomain pointing to your server. The way to do that is set up a subdomain CNAME record e.g. www.yourdomain.com and point it to your free poweredbyclear.com DDNS domain. ClearOS will keep this updated with your WAN IP.

For OpenVPN, if you have a dynamic IP, in the IP Settings screen set your Internet Hostname to your poweredbyclear.com DDNS. Do that before you generate your client config files. Then they will contain the "server" line pointing to your poweredbyclear.com DDNS. Note you only need to port forward udp:1194. Tcp:1194 is not used.

It is better if you can put your router in bridge mode so ClearOS gets the WAN IP. If you have an xDSL line you may need to change the ClearOS WAN interface to PPPoE.

Hello Nick,

I received the NICs yesterday, installed, downloaded drivers as they are r8169 based, all working fine full gigabit experience tanks.

Set ClearOS in gateway mode and set up one NIC as external, the other as LAN static my def of IP and DHCP. I am currently using an IP generated by the ISP router for external, and using ClearOS for LAN DNS and DHCP, so far all good.

I am exploring some of the apps in order to set up better security, but I'm having to research every step as I don't understand much yet. Waiting on new hard drives to set up mail and NextCloud, that will be a later step in the process though. All is working fine, I have internet in my LAN through the server, and once security is in place that bit should be OK. I do need some help with the setup though.

I have two questions right now:

1.- I am trying to get the let's encrypt ceritificate for a xxxxx.host domain I bought for this server and to setup email etc. But I have not managed to create it, last error was no IP address for domain. I have internally called gateway.xxxx.host the external bit and lan.xxxx.host well the lan bit. How do I go about creating the certificates I need ?? I have gone through the documentation and it's a bit sparse, so If you could please explain the process. I understood that the settings in the site that holds the domain need to be changed, I'm using porkbun. But what exactly, and what settings.

2.- This second question may be related to the first. I decided to use OpenVPN in ClearOS, and not wireguard. As I just commented I am using an IP generated by the ISP router for my external wan NIC. If I run OpenVPN, do I need to make it static, and port forward to ClearOS ?? And related to this, the IP that Let's Encrypt is asking for, is it the wan external IP ?? If I change it, do I need to somehow set it up for the domain in porkbun ??

Like I said before, I have little knowledge of networks, servers etc. But I'm trying to learn.

The roadmap for all the process is as follows (sorry if I'm repetitive with this, bit it helps me organize what I need to do still):

get certificates, vpn working (set up the domain, and secure external access for say cell phone, laptop etc)
set security up (use firewall and other apps in the marketplace)
install pi-hole (will need to change DNS and DHCP for ClearOS)
set up email (dedicated internal storage)
set up nextcloud (dedicated internal storage)
set up backup (dedicated internal storage)

I think I will be asking a lot more questions.

Thanks

Manuel

Gb NIC's are better!. Can you just check if you have the RTL8111/8168/8411 type?

lspci -k | grep Eth -A 3

If you do, please install the kmod-r8168 and kmod-r8169 drivers with "yum install kmod-r816*" for a better experience. You will then need to reboot.

Is ClearOS in Gateway or Standalone mode? If it is in gateway mode the ideal solution is to put your router into Bridge Mode, if it supports it, or perhaps a DMZ if it does not, otherwise you have to do port forwards from your router to ClearOS for any service you want to expose to the internet. If your external line is xDSL you may also need to switch your WAN interface to PPPoE. If you are behind a NAT router you will want to give ClearOS a Static IP on the router LAN, or fix its IP in the router (in ClearOS it is called a static lease).

Your external DNS is controlled by the IP settings screen, but the settings can point to an internal DNS server like Pi-Hole.

I am not sure how to integrate Wireguard with ClearOS. It may be just by setting the Gateway IP in the ClearOS DHCP server to the Wireguard IP. This would put all DHCP machines on your LAN to use Wireguard. Similarly you can configure the DHCP server to hand out the Pi-Hole IP address as a DNS server.

If you wanted it, ClearOS has a VPN solution in partnership with ibVPN, but it does tie you to them as a supplier.

I believe Pi-Hole can run on ClearOS. Google for instructions for Centos.

You can disable the ClearOS DHCP server if you want and use another one on your LAN with no problem. Just make sure you don't have two DHCP servers enabled at the same time.

While talking about LAN's, if you intend to use OpenVPN then keep clear of the 192.168.0.0/24 and 192.168.1.0/24 LAN subnets.

The ClearOS LAN IP should always be static.

Hello Nick,

Thanks for the reply, sorry for the delay in replying. I actually opted for a simpler solution, I ordered two brand new network adapters, I have the idea of using one for WAN and one for LAN, the NIC in the machine is quite old and only does 100Mbps, so I got 1 gigabit adapters, it'll be better in the long run. I don't know much of anything regarding networks, so it'll probably be a bit of a steep learning curve for me. I will probably keep on asking a lot of questions as I move along with the project.

As I said, I already installed ClearOs, and as a list of things to do I am planning on setting up SMTP Server for mail, NextCloud for well .. cloud, and as many control and security apps I can. On a side note, today I run a Raspberry Pi with Wireguard and Pi-Hole, neither are supported in the app Marketplace, are there any plans to have Wireguard in the near future ?? Regarding Pi-Hole, well it runs great for me, and using the VPN gives me ad blocking even on my cell phone. I read that it was apparently a bit complicated to install, but that it is doable.

As I said I'm struggling with network configuration, and I'm trying to understand how such a setup would work.

Please let me know if my understanding of how this works is right:

The WAN IP if I have a VPN (OpenVPN in this case) would have to be fixed, and I would probably have to port forward from my ISP router to my machine, correct ?? As I do today with the Pi.

In the machine (OS) I have to select a DNS server or resolver correct ?? And have to decide whether ClearOS is the DCHP server, correct ??

If I use Pi-Hole, it works as a DNS server for my LAN, and can be used as DHCP server as well, correct ??

The DNS server in ClearOS would be just upstream from the machine ?? and if i set up Pi-Hole, it would be the DNS for my LAN, or downstream ?? Or do I have to choose one only ??

If I use Pi-Hole as DHCP, will it affect ClearOS in any way ??

Either way (Pi-Hole or no Pi-Hole), I have to set a fixed IP for the lan NIC as well, correct ?? and that it relates to the DHCP settings, correct ??

For me, the ideal working setup would be to use Pi-Hole as DNS resolver and DHCP server ?? It does work with OpenVPN, so it should not be a problem setting them up together. But will such a setup work ?? Will all other security apps in ClearOS work (malware scanning, mail av, app filter, attack detector, etc ??)?? and cloud, email etc ??

I would like to set backups from ClearOS as well, but I think I'd best leave that alone for now.

Sorry for all the trouble, but I'm trying to understand how this is all linked together and what it needs to work properly. I definitely want the VPN, and would also like to keep the ad filtering, it does work great and is a relief visually, and peace of mind in terms of tracking.

Thanks,

Manuel

PS getting the NICs this week so I'm trying to go over how all this needs to be set up. Will probably give it a go this weekend.

PPS I am installing a drive specifically for email storage, and one specifically for cloud storage, it just personal email so I guess 120 Gb for mail should be OK right ?? As for the cloud drive, I have about 250 Gb of data I want to send to the cloud, so I'm thinking 500Gb drive should be ok, right ?? I read in the forum there are a couple of ways of directing the storage to these drives, so I'll give it a go before running anythig, but will probably need help !!

Your problem is mainly one of drivers. Your NIC appears to need the e100 driver which RedHat have removed from the kernel. Fortunately many of the older drivers which have been removed from the kernel are now available from ElRepo. The one you want is here.

For the pen drive stick with FAT32. You should be able to use the Storage Manager app to mount it. Mount it anywhere such as /mnt/pen. I think the app creates the folder for you. Otherwise do the following:
Insert the pen drive
run lsblk and note the device is. It will probably be sdb or sdb1
Create a folder to mount it into "mkdir /mnt/pen"
Mount it "mount /dev/sdb1 /mnt/pen"

You should bow be able to install the driver:
cd /mnt/pen
yum install kmod-e100-*

Unmount the pen drive:
cd ..
umount /mnt/pen (or umount /dev/sdb1, I can never remomber)

Remove the pen drive
Reboot
Your NIC should now be recognised.

USB NIC's have the same issue. We'll need to identify the driver. WiFi is harder.