Forums

Resolved
0 votes
Hello all,
Yesterday I set up a clearos box as a gateway, and I am wondering if there is any extra firewall setup or anything I need to do. I have it in between my wireless AP and modem running on an old i5 with dual nics. The reason I am asking is as I browse through the firewall section on the web portal, I have 4 different firewalls: 1to1 NAT, custom firewall, egress firewall, and incoming firewall ( I guess I went overboard in the marketplace). Anyway, as I click through them all, there is nothing in any of the tables for any of them, except for the incoming firewall wich allows the webconfig service for clearos. Is this correct, or did I mess up the setup somehow? I'm a bit of a newbie with this "advanced" networking stuff. Also, if this helps, I have only 1 informational event event on my dashboard page, and nothing else under events. Thanks for your help in advance,

Danny
Monday, July 31 2017, 12:01 AM
Share this post:
Responses (1)
  • Accepted Answer

    Monday, July 31 2017, 11:38 AM - #Permalink
    Resolved
    0 votes
    Hi and welcome aboard.

    Don't worry about the firewalls too much. All you have installed is a Webconfig to allow you to manipulate the non-default bits of the firewall. ClearOS comes with a pretty safe set of default rules which you can't see in the webconfig. You can do an
    iptables -nvL
    iptables -nvL -t nat
    to see what is already there.

    Importantly, if you connect ClearOS directly to the internet, make sure you have a very strong password. Better still is to remove the incoming Webconfig and SSH firewall rules. They are fine when setting the box up on your LAN but there is considerable risk leaving SSH open on the internet and it is best avoided. Webconfig is not so bad, but I'd avoid it as well.

    If you are just setting up and are free to change your LAN, can I suggest you do not use the 192.168.0.0/24 or 192.168.1.0/24 subnets on your LAN?

    Also, can you post the output to the following command:
    lspci -k | grep Eth -A 3
    I am just checking which NIC's and drivers you have as there is one common bad combination (RTL8111/8168 with r8169 driver) which is easily fixed.

    If you are not aware of them, there are two great utilities for Windows, PuTTy and WinSCP. PuTTy gives you a remote terminal where you can select to copy and right-click to paste. WinSCP gives you a graphical file manager and GUI text editor.
    The reply is currently minimized Show
Your Reply