Community Forum

Resolved
0 votes
im having difficulties getting clearOS to work for basic functionality.

I've got a box with 9 NIC cards ready to act as a router. ClearOS is installed. Curretnly set as a "Gateway". I configured the onboard NIC as an External-PPOE. The speedtest completes successfully so it seems to be working.

All NIC cards are detected. Im currently trying to get 1 card to work properly. Ive tried setting it to LAN-HDCP & also LAN-Static with an address of 192.168.3.1

My connecting computer Wont register the "Router" it keepks connecting with a self assigned IP. The "link" sucessfully shows what cards "plugged in"

Ive tried dozends of combinations. Nothing seems to work.

Any thoughts on what im doing wrong? Any thoughts would be greatly appreceated.
Thursday, September 28 2017, 07:46 PM
Share this post:
Responses (15)
  • Accepted Answer

    Saturday, October 07 2017, 12:30 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    As I said, it is years since I tried a bridge and the instructions I used were a bit different then (there was no mention of "BRIDGE_STP="yes"").

    One error which jumps out at me is that you have the same subnet on br0 and enp2s0. This will not work and is probably what the DHCP server is complaining about.

    I am also unconvinced about your /etc/sysconfig/network-scripts/ifcfg-wlp0s29u1u2 which is quite different from your other bridged interfaces. It does not reference br0 and the PEERDNS option looks odd.

    I'm afraid I don't see that I'll get time to try this out for a while as I am trying to document a 7.4 beta issue.


    Yep, I get that you're not my personal tech support hotline. I was just surprised to run into issues on what seemed like a fairly straightforward thing, on a mature linux. I will try changing the subnets.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, October 07 2017, 08:57 AM - #Permalink
    Resolved
    0 votes
    As I said, it is years since I tried a bridge and the instructions I used were a bit different then (there was no mention of "BRIDGE_STP="yes"").

    One error which jumps out at me is that you have the same subnet on br0 and enp2s0. This will not work and is probably what the DHCP server is complaining about.

    I am also unconvinced about your /etc/sysconfig/network-scripts/ifcfg-wlp0s29u1u2 which is quite different from your other bridged interfaces. It does not reference br0 and the PEERDNS option looks odd.

    I'm afraid I don't see that I'll get time to try this out for a while as I am trying to document a 7.4 beta issue.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, October 06 2017, 09:06 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Looking at your screen shot, you seem to have two interfaces on the same subnet, br0 and enp2s0. This is bad news and ClearOS (or any system) will get confused. Can you either add enp2s0 to the bridge so it and your wireless NIC are joined to the same subnet, or change the subnet used by either br0 or enp2s0?


    OK, I wanted to bridge br0 and enp2s0 anyway. When I changed enp2s0 to be bridged to br0 and rebooted, the system somehow failed to recognize the IP address assigned on br0, and there were no active IP addresses on the machine. The first sign of that is when you get to the text console on the screen of the machine, it tells you "Configuration URL: https://:81/";

    When I log in and choose graphics mode console, sure enough the IP Address column is blank.

    Yet I look at /etc/sysconfig/network-scripts/ifcfg-br0:
    DEVICE=br0
    TYPE="Bridge"
    ONBOOT="yes"
    USERCTL="no"
    BOOTPROTO="static"
    IPADDR="192.168.2.1"
    NETMASK="255.255.255.0"
    BRIDGE_STP="yes"


    The bridging instruction page clearly had it that when you bridge interfaces, the bridge is assigned the IP address and the NICs are not.

    DEVICE=enp2s0
    TYPE="Ethernet"
    IPV6INIT="no"
    ONBOOT="yes"
    USERCTL="no"
    BRIDGE=br0
    PROMISC="yes"


    When I change it back to this (by editing or using the graphic console), things work again:
    DEVICE=enp2s0
    TYPE="Ethernet"
    ONBOOT="yes"
    USERCTL="no"
    BOOTPROTO="static"
    IPADDR="192.168.2.1"
    NETMASK="255.255.255.0"



    Also, the wireless interface/access point has changed its behavior. Now when I try to use it it strangely insists the password is incorrect. The stored password that worked before returns an error, I've double-checked it in the config file and it's right.


    Here is /etc/sysconfig/network-scripts/ifcfg-wlp0s29u1u2:
    DEVICE=wlp0s29u1u2
    TYPE="Wireless"
    ONBOOT="yes"
    USERCTL="no"
    BOOTPROTO="dhcp"
    PEERDNS="yes"



    and hostapd.conf

    #
    # http://wireless.kernel.org/en/users/Documentation/hostapd
    #

    ctrl_interface=/var/run/hostapd
    ctrl_interface_group=wheel

    # General settings
    bridge=br0
    interface=wlp0s29u1u2
    driver=nl80211
    hw_mode=g
    channel=6
    auth_algs=1
    ssid=XXXX
    macaddr_acl=0
    ignore_broadcast_ssid=0
    ieee8021x=0

    # Wireless N
    # wme_enabled=1
    # ieee80211n=1
    # ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]

    # WPA
    wpa=3
    wpa_key_mgmt=WPA-PSK
    wpa_passphrase=XXXX
    wpa_pairwise=TKIP
    rsn_pairwise=CCMP
    wpa_group_rekey=300
    wpa_gmk_rekey=640


    Do those seem to be configured correctly?

    Under DHCP server, it says it's good for interface2 but for br0 it shows "invalid" in red. Also, over on the right, there is a "connection failure" warning in red, like:
    DHCP Server
    Vendor
    ClearFoundation
    Version
    2.3.22-1
    Additional Info
    Connection failure.




    Unless I've done something wrong, the directions as posted aren't working for me, an assigned IP address to the bridge doesn't work, the system will not recognize it on boot and it leaves the machine with no working IP addresses.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, October 01 2017, 03:42 PM - #Permalink
    Resolved
    0 votes
    Also, remember that the instructions for setting up the bridge do not include adding it to the DHCP server. You can use the interface to do that.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, October 01 2017, 11:39 AM - #Permalink
    Resolved
    0 votes
    Looking at your screen shot, you seem to have two interfaces on the same subnet, br0 and enp2s0. This is bad news and ClearOS (or any system) will get confused. Can you either add enp2s0 to the bridge so it and your wireless NIC are joined to the same subnet, or change the subnet used by either br0 or enp2s0?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, October 01 2017, 08:30 AM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Hi Greg,
    Does the Wireless NIC show up in the available interfaces and have you installed app-wireless?

    Yes and yes.


    Also does your NIC support master mode/AP mode?

    I saw that in the documentation, but don't know what it means--is it something specific to ClearOS or do you mean if it in general can be an AP? If it's the latter, yes, I've had it working as an AP under a Mint live CD and under PFSense. PFSense supports bridging with a few clicks of the mouse, but the driver for this wifi card is limited under BSD and so is the ability to scale CPU speed--the J1900 Celeron gets very hot.


    There is an old doc here for setting up wireless under 6.x and the configuration of hostapd should still be valid and note that it references br0.


    Ok, here is /etc/hostapd/hostapd.conf:

    [root@server hostapd]# vi hostapd.conf
    #
    # For more information, look here:
    #
    # http://wireless.kernel.org/en/users/Documentation/hostapd
    #

    ctrl_interface=/var/run/hostapd
    ctrl_interface_group=wheel

    # General settings
    bridge=br0
    interface=wlp0s29u1u2
    driver=nl80211
    hw_mode=g
    channel=6
    auth_algs=1
    ssid=XXXXXXXXX
    macaddr_acl=0
    ignore_broadcast_ssid=0
    ieee8021x=0

    # Wireless N
    # wme_enabled=1
    # ieee80211n=1
    # ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]

    # WPA
    wpa=3
    wpa_key_mgmt=WPA-PSK
    wpa_passphrase=XXXXXXXXXX
    wpa_pairwise=TKIP
    rsn_pairwise=CCMP
    wpa_group_rekey=300
    wpa_gmk_rekey=640



    And here is /etc/sysconfig/network-scripts/ifcfg-br0:

    DEVICE=br0
    TYPE="Bridge"
    ONBOOT="yes"
    USERCTL="no"
    BOOTPROTO="static"
    IPADDR="192.168.2.24"
    NETMASK="255.255.255.0"
    BRIDGE_STP="yes"


    And here is /etc/sysconfig/network-scripts/ifcfg-wlp0s29u1u2:
    DEVICE=wlp0s29u1u2
    TYPE="Wireless"
    ONBOOT="yes"
    USERCTL="no"
    BOOTPROTO="dhcp"
    PEERDNS="yes"


    Things are as instructed on those pages, but the wireless interface will not hand out IP addresses--when I try to connect with my phone, it gets stuck at "Obtaining IP address", then goes back to the connection on my router.
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, September 30 2017, 06:35 PM - #Permalink
    Resolved
    0 votes
    Hi Greg,
    Does the Wireless NIC show up in the available interfaces and have you installed app-wireless? Also does your NIC support master mode/AP mode?

    There is an old doc here for setting up wireless under 6.x and the configuration of hostapd should still be valid and note that it references br0.

    I did it in 6.x a long time ago but I can't remember the details. The edit to the ifcfg file is the same, but I suggest you get the wireless NIC going on its own before you bridge it.

    I gave up on it in the end as my server is not in a good position for WiFi coverage in the house, and my son's IPad had problems connecting but this is probably very NIC specific. I had a ZyXel 202 USB dongle with the zd1211rw driver. I still play with it occasionally but don't have it fully set up yet on my test box.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, September 30 2017, 03:51 PM - #Permalink
    Resolved
    0 votes
    Hi Nick,
    Thank you for your link to this:
    https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_adding_bridged_interfaces
    I am doing the same thing, installing ClearOS 7.3 as Community for a home mini-PC to use as a router.
    It has 4 wired NICs and a wifi interface.
    NIC 0 is WAN
    NIC 1 is LAN
    NIC 2 and 3 are unused
    WIFI is up and working, but when you try to connect it does not assign an IP address. I believe I have to bridge it. Ideally, I'd like to bridge NICs 2 and 3 and WIFI, all to the same IP address pool with DHCP as NIC1.
    The linked directions cover the wired NICs, but not wifi. I think the ifcfg has to be slightly different for wifi than the wired NIC, doesn't it?
    DEVICE=eth2
    TYPE="Ethernet"
    IPV6INIT="yes"
    ONBOOT="yes"
    USERCTL="no"
    BRIDGE=br0
    PROMISC="yes"

    Or do I literally just substitute the DEVICE name?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, September 30 2017, 08:37 AM - #Permalink
    Resolved
    0 votes
    Glad it is working now. Just a couple of points:
    1 - in network.conf you may be able to remove the old interfaces from "LANIF". In the old documentation you would remove itn but perhaps the ClearOS 7 interface is a bit different here. It is a long time since I tried out bridging.
    2 - There are two subnets I always recommend to avoid and they are 192.168.0.0/24 and 192.168.1.0/24 as too many routers have this as default. This can cause issues if you add one to act as a WAP and don't configure it properly. It can also give you problems with VPN's as the local and remote subnets should always be different and those subnets are too common. FWIW I'd also avoid 192.168.100.0/24 (my cable modem default), 192.168.2.0/24 (some routers like VirginMedia with a guest WiFi facility), 10.8.0.0/24 and 10.8.10.0/24 (ClearOS OpenVPN defaults but easily changed)
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, September 30 2017, 05:52 AM - #Permalink
    Resolved
    0 votes
    SOLVED

    I noticed that when I did a "service network restart" from the terminal it failed with a "Failed to start LSB: Bring up/down networking." error.

    I did a google search and found that under the ppo0 configuration should NOT be set to start automatically. So in ifcfg-ppp0 ONBOOT="no" instead of the default "yes" fixes this. Apparently, this does not need to "onboot" and if the network is not already configured it will fail.

    This was not causing any issues before. Apparently, the place in which it caused a failure was ok before, but the new bridge was initialized after the script error and caused it to be skipped.

    So thanks for your help and suggestions. They were a real lifesaver! You were able to point me in the right direction. I really appreciate it.

    Brendan
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, September 30 2017, 12:34 AM - #Permalink
    Resolved
    0 votes
    That was very helpful.

    I ended up figuring out that the system was only working with one LAN card. I had to connect by ethernet cable to that card and manually setup the ethernet connection to match. I could connect after that.

    I got the DHCP server working by reinstalling it.

    I can connect to other computers on the LAN by manually typing the addresses in but none of the computes are "discoverable" as none of them are on the same subnet.

    Bridging has not been successful. I've (presumably) added a bridge "device" with DHCP (it shows up in the DHCP & IP Settings panel) but have not been able to assign NIC cards to it. I'm presently trying to get 1 NIC on a bridge, then I will add the others. I presume I will see my computer that is plugged into the NIC I'm trying to bridge gets a DHCP lease when it's successfully configured.

    I tried adding br0 to LANIF but it didn't fix anything.

    My current config files look like this

    /etc/clearos/network.conf
    # Network mode
    MODE="gateway"

    # Network interface roles
    EXTIF="ppp0"
    LANIF="enp1s0f0 enp1s0f1 enp1s0f2 enp1s0f3 enp2s0f0 enp2s0f1 enp2s0f2 br0 enp2s0f3"
    DMZIF=""
    HOTIF=""

    # Domain and Internet Hostname
    DEFAULT_DOMAIN="drsassafras.me"
    INTERNET_HOSTNAME="gateway.drsassafras.me"

    # Extra LANS
    EXTRALANS=""

    # ISP Maximum Speeds
    PPP0_MAX_UPSTREAM=850
    PPP0_MAX_DOWNSTREAM=14690
    ENP6S0_MAX_DOWNSTREAM=100
    ENP6S0_MAX_UPSTREAM=100


    ifcfg-br0
    DEVICE=br0
    TYPE="Bridge"
    ONBOOT="yes"
    USERCTL="no"
    BOOTPROTO="static"
    IPADDR="192.168.1.1"
    NETMASK="255.255.255.0"
    BRIDGE_STP="yes"


    ifcfg-enp2s0f2
    DEVICE=enp2s0f2
    TYPE="Ethernet"
    IPV6INIT="yes"
    ONBOOT="yes"
    USERCTL="no"
    BRIDGE=br0
    PROMISC="yes"



    The rest of the network cards (aside from PPOE) look something like this (they are working but not bridged)
    DEVICE=enp2s0f1
    TYPE="Ethernet"
    ONBOOT="yes"
    USERCTL="no"
    BOOTPROTO="static"
    IPADDR="192.168.21.1"
    NETMASK="255.255.255.0"


    I think I followed the instructions https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_adding_bridged_interfaces closely, but without success.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, September 29 2017, 06:06 PM - #Permalink
    Resolved
    0 votes
    It looks like the DHCP server is either not configured or not running. If that is the case, in iOS you need to configure the mac with an IP address in the same subnet as your LAN NIC, perhaps with a .10 address, with a gateway of the ClearOS LAN IP. This will temporarily allow you to connect to port 81.

    Alternatively, if ClearOS is is a safe environmnent i.e its WAN is connected to your working LAN (so shielded from the internet), then it is pretty safe to disable the WAN firewall. This will allow you to connect to the WAN. To do this until the firewall restarts, from the console do an alt+f2 to get a console session and log in as root. Then issue the command:
    iptables -I INPUT -j ACCEPT
    Each time the firewall restarts you will lose this rule (and therefore connectivity) and when configuring NIC's it restarts quite frequently. It would be best to get one LAN NIC up and running with a functioning DHCP server then connect to that LAN. Then sort out the other LANs.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, September 29 2017, 04:51 PM - #Permalink
    Resolved
    0 votes
    Yes, I'm trying to configure it in a similar way to domestic routers.

    I tried placing all the LAN NICs on different subnets, but I'm still not able to get 1 LAN to work. Would opening the WAN port help right now, being unable to get 1 LAN to work? I did an internet search on how to do this on ClearOS but didn't find anything useful.

    I've attached a photo of what the Ethernet connection screen looks like on the mac I'm trying to connect. Normally the "router" and "netmask" should be filled out there on a working connection.

    Keep in mind that I only have access to the config screen on the ClearOS box. I presume there will be GUI config options after I can :81 in.

    I have basic knowledge of Unix commands, so that is not an issue. Knowing what config file options to change.... while that's another story.

    Thanks for your help.
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Friday, September 29 2017, 04:49 PM - #Permalink
    Resolved
    0 votes
    Yes, im trying to configure it in a similar way to domestic routers.

    I tried placing all the LAN NICs on different subnets, but I'm still not able to get 1 LAN to work. Would opening the WAN port help right now, being unable to get 1 LAN to work? I did a internet search on how to do this on ClearOS but didnt find anything useful.

    Ive attached a photo of what the Ethernet connection screen looks like on the mac I'm trying to connect. Normally the "router" and "netmask" should be filled out there on a working connection.

    Keep in mind that I only have access to the config screen on the ClearOS box. I presume there will be GUI config options after I can :81 in.

    I have basic knowledge of unix commands, so that is not an issue. Knowing what config file options to change.... while thats another story.

    Thanks for your help.
    Attachments:
    The reply is currently minimized Show
  • Accepted Answer

    Friday, September 29 2017, 01:18 PM - #Permalink
    Resolved
    0 votes
    Normally every NIC needs to be on a separate subnet and then ClearOS, for LAN NICs, will allow subnet traffic to pass freely between interfaces. It does not work with unicast/multicast. If you are trying to get ClearOS to work similar to a domestic router, with only one IP for all LAN interfaces, then you need to bridge the interfaces.

    If this is what you want, I would suggest starting by getting all interfaces working on separate subnets, then start by bridging a few of them on a new subnet. If/when this works, you can then add the other NIC's into the bridge.

    Especially if you go for the "big bang", or if you do not get the interfaces working properly beforehand, I would suggest that you get prepared to work from the console being familiar with the cd command to navigate directories and the nano or vi editor to edit files. Alternatively, if the box is on your LAN for testing, open its WAN port to anything from the LAN it is plugged into. The reason for this is that if you get it wrong using external access (WinSCP or something like that), then you still have reasonable access to the box to correct or reverse any changes.
    The reply is currently minimized Show
Your Reply