Good afternoon everyone,
Have a bit of an odd situation in that I setup (first time user / eval) a new install of ClearOS Community for testing purposes, I managed to get a bridge setup between two NICs, I have full internet access for clients on the internal side of the bridge, I have access to the ClearOS machine for the purposes of admin... For some reason the ClearOS machine itself has no network access.??
I thought it might be DNS related however internal clients are fine, clients are picking up transitive DHCP.. SSH session to the ClearOS box results in "network is unreachable" regardless of ping by DNS or IP.
Any ideas of what to check??
Cheers and thanks in advance,
Matt.
Have a bit of an odd situation in that I setup (first time user / eval) a new install of ClearOS Community for testing purposes, I managed to get a bridge setup between two NICs, I have full internet access for clients on the internal side of the bridge, I have access to the ClearOS machine for the purposes of admin... For some reason the ClearOS machine itself has no network access.??
I thought it might be DNS related however internal clients are fine, clients are picking up transitive DHCP.. SSH session to the ClearOS box results in "network is unreachable" regardless of ping by DNS or IP.
Any ideas of what to check??
Cheers and thanks in advance,
Matt.
In IP Settings
Share this post:
Responses (6)
-
Accepted Answer
There are problems with the app and protocol filter and I believe a more up-to-date release of netify is expected towards the summer. As an example, bittorrent blocking currently does not work. I've no idea if netify is supposed to work in the trustedgateway mode. The docs only reference the proxy/content filter.
I've just tried bridging two LAN interfaces and found the docs missing a key step - editing /etc/clearos/network.conf - so I've fixed that.
If you come across missing steps or other doc errors, can you let me know, as I have write access to them? -
Accepted Answer
Nick Howitt wrote:
You'll find that the trustedgateway mode is rarely used by anyone so it would be great if you could share any experience you gain. The more normal role is Gateway with the edge router just providing internet connectivity and is often put into some sort of bridge/modem only mode.
Slowly getting there... This project likely won't get off the ground unless I can the L7 protocol inspection working properly... I installed Netifyd, and then started getting all sorts of statements in /var/log/messages about a duplicate interface "em2", so I had to search high and low where that might have been specified.. Found it in /etc/clearos/network, one of my interfaces was double declared.. e.g. "LANIF = "em2 em2""
Took out the dupe, and the daemon started, though now it is tossing up errors about Unknown protocol #'s. Further it doesn't seem to be doing anything as all specified sites in both App filter and Protcol Filter are still allowed to pass unimpeded. Not sure if this is related? e.g. Netifyd miss matching protocol information?
The rabbit hole is getting deeper it seems.. ;-)
Matt -
Accepted Answer
-
Accepted Answer
Also forgot to mention... Followed the script here...
https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_clearbox_as_a_transparent_inline_bridge -
Accepted Answer
No. Not exactly...
Though it seems after a walk to clear my head I think I answered it... My setup is transparent it's just a test with one client on the inside currently, but I have a router on the edge doing the basic routing..
As it turns out the problem was that while the GATEWAY="xxx.xxx.xxx.xxx" was set correctly, the /etc/sysconfig/network GATEWAYDEV was still /somehow set to "en1".. So I assume other clients used the DF GW for the system but the system itself didn't know what interface to use to get to 0.0.0.0...
Regardless I changed /etc/sysconfig/network to...
NOZEROCONF="yes"
GATEWAYDEV="br0"
Internet is back...
Thanks for the reply.. I am sure I will be humbly asking for help further on as I delve deeper.
Cheers,
Matt. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »