Forums

Matthew C
Matthew C
Offline
Resolved
0 votes
Good afternoon everyone,

Have a bit of an odd situation in that I setup (first time user / eval) a new install of ClearOS Community for testing purposes, I managed to get a bridge setup between two NICs, I have full internet access for clients on the internal side of the bridge, I have access to the ClearOS machine for the purposes of admin... For some reason the ClearOS machine itself has no network access.??

I thought it might be DNS related however internal clients are fine, clients are picking up transitive DHCP.. SSH session to the ClearOS box results in "network is unreachable" regardless of ping by DNS or IP.

Any ideas of what to check??

Cheers and thanks in advance,

Matt.
Sunday, March 04 2018, 07:00 PM
Share this post:
Responses (6)
  • Accepted Answer

    Monday, March 05 2018, 04:53 PM - #Permalink
    Resolved
    0 votes
    There are problems with the app and protocol filter and I believe a more up-to-date release of netify is expected towards the summer. As an example, bittorrent blocking currently does not work. I've no idea if netify is supposed to work in the trustedgateway mode. The docs only reference the proxy/content filter.

    I've just tried bridging two LAN interfaces and found the docs missing a key step - editing /etc/clearos/network.conf - so I've fixed that.

    If you come across missing steps or other doc errors, can you let me know, as I have write access to them?
    The reply is currently minimized Show
  • Accepted Answer

    Matthew C
    Matthew C
    Offline
    Monday, March 05 2018, 03:33 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    You'll find that the trustedgateway mode is rarely used by anyone so it would be great if you could share any experience you gain. The more normal role is Gateway with the edge router just providing internet connectivity and is often put into some sort of bridge/modem only mode.


    Slowly getting there... This project likely won't get off the ground unless I can the L7 protocol inspection working properly... I installed Netifyd, and then started getting all sorts of statements in /var/log/messages about a duplicate interface "em2", so I had to search high and low where that might have been specified.. Found it in /etc/clearos/network, one of my interfaces was double declared.. e.g. "LANIF = "em2 em2""

    Took out the dupe, and the daemon started, though now it is tossing up errors about Unknown protocol #'s. Further it doesn't seem to be doing anything as all specified sites in both App filter and Protcol Filter are still allowed to pass unimpeded. Not sure if this is related? e.g. Netifyd miss matching protocol information?

    The rabbit hole is getting deeper it seems.. ;-)

    Matt
    The reply is currently minimized Show
  • Accepted Answer

    Monday, March 05 2018, 08:02 AM - #Permalink
    Resolved
    0 votes
    You'll find that the trustedgateway mode is rarely used by anyone so it would be great if you could share any experience you gain. The more normal role is Gateway with the edge router just providing internet connectivity and is often put into some sort of bridge/modem only mode.
    The reply is currently minimized Show
  • Accepted Answer

    Matthew C
    Matthew C
    Offline
    Sunday, March 04 2018, 10:43 PM - #Permalink
    Resolved
    0 votes
    The reply is currently minimized Show
  • Accepted Answer

    Matthew C
    Matthew C
    Offline
    Sunday, March 04 2018, 10:26 PM - #Permalink
    Resolved
    0 votes
    No. Not exactly...

    Though it seems after a walk to clear my head I think I answered it... My setup is transparent it's just a test with one client on the inside currently, but I have a router on the edge doing the basic routing..

    As it turns out the problem was that while the GATEWAY="xxx.xxx.xxx.xxx" was set correctly, the /etc/sysconfig/network GATEWAYDEV was still /somehow set to "en1".. So I assume other clients used the DF GW for the system but the system itself didn't know what interface to use to get to 0.0.0.0...

    Regardless I changed /etc/sysconfig/network to...

    NOZEROCONF="yes"
    GATEWAYDEV="br0"

    Internet is back...

    Thanks for the reply.. I am sure I will be humbly asking for help further on as I delve deeper.

    Cheers,

    Matt.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, March 04 2018, 09:28 PM - #Permalink
    Resolved
    0 votes
    Are you saying you've bridged your WAN and LAN? This is not a normal configuration but I believe can be made to work. Which documentation did you follow to do that?
    The reply is currently minimized Show
Your Reply