FB Twitter YouTube LinkedIn GitHub G+
Dos 6.2b3 *require* an Internet connection?

Community Forum

georger
georger
Offline
Resolved
0 votes
Hi,
I just installed 6.2b3 (Community) on a VM and couldn't get past the post-install configuration wizard - I'm behind a non-transparent proxy server. Could this be because COS 6.2 *requires* an Internet connection?

With 5.2SP1, I can configure a working Samba domain in under 30 minutes, complete with CUPS and DHCP. It's completely self-contained. This is a feature in LANs that are isolated by design such as mine.

Unfortunately, changing the proxy configuration is not an option. I could try and hack as discussed in another thread, but even the most polished hack is still a hack, not a real solution.

It's in the wishlist, by the way.

Also, when I have a single NIC configured with a static IP address, why can't I set the default gateway?

Regards,

Georger
Thursday, March 01 2012, 01:19 AM
Share this post:
Responses (15)
  • Accepted Answer

    georger
    georger
    Offline
    Wednesday, March 14 2012, 05:27 PM - #Permalink
    Resolved
    0 votes
    Hi Peter,
    Peter Baldwin wrote:
    Thanks! I changed the default object size to 500 MB, that's sane given today's gear (even SSDs). As for the refresh patterns, it's a bit late in the beta to make that change. I have added the issue in the tracker:

    http://tracker.clearfoundation.com/view.php?id=485

    It's one of those things that's easy to implement (coding-wise), so it's really just a matter of making sure it works. This should probably be an option in the GUI (on/off) which gets tuned as Microsoft and others make changes. In other words, squid.conf will look like:

    # ClearOS updates tuning start
    refresh_pattern...
    # ClearOS updates tuning end

    For the 99% who don't touch squid.conf, that block of configuration might change on an upgrade (e.g. Windows 8 additions). For the 1%, there's always the option to disable the automagic.

    Nice! I'd just like to point out that the Squid wiki [1] advises that not only maximum_object_size should be changed, but also range_offset_limit and quick_abort_min as well.

    [1] Squid wiki

    Regards,

    Georger
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, March 14 2012, 04:32 PM - #Permalink
    Resolved
    0 votes
    Thanks! I changed the default object size to 500 MB, that's sane given today's gear (even SSDs). As for the refresh patterns, it's a bit late in the beta to make that change. I have added the issue in the tracker:

    http://tracker.clearfoundation.com/view.php?id=485

    It's one of those things that's easy to implement (coding-wise), so it's really just a matter of making sure it works. This should probably be an option in the GUI (on/off) which gets tuned as Microsoft and others make changes. In other words, squid.conf will look like:

    # ClearOS updates tuning start
    refresh_pattern...
    # ClearOS updates tuning end

    For the 99% who don't touch squid.conf, that block of configuration might change on an upgrade (e.g. Windows 8 additions). For the 1%, there's always the option to disable the automagic.
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Tuesday, March 13 2012, 01:43 AM - #Permalink
    Resolved
    0 votes
    Hi Peter,

    Peter Baldwin wrote:
    Hi georger,

    There are five types of groups in ClearOS:

    1) Built-in groups - there's just one right now: "allusers"
    2) User-defined groups
    3) Windows groups
    4) App groups (e.g. pptpd_plugin is a group that holds all the users permitted to use the PPTP server)
    5) System groups (stuff /etc/groups)

    Right now, only the first two types are shown in Flexshare, but all five types could be shown instead (well, I'm not 100% sure about system groups, but certainly the first four). Perhaps we should make this a tunable option?

    I have a use case where I create a Samba (flex)share that is owned by the Domain Admins group with RW permissions. If the Domain Admins group isn't available, I can't pull it off, at least not as easily as I can do in 5.2 SP1.
    I create the (flex)share, say appsrw, and then I add (hack) an include to /etc/samba/hack.conf in /etc/samba/smb.conf which defines a new appsro share. /etc/samba/hack.conf looks like this:

    [appsro]
    path = /var/flexshare/shares/appsrw
    comment = Apps - read only
    browseable = Yes
    guest ok = No
    directory mask = 775
    create mask = 664
    valid users = @"%D\domain_users", @"%D\domain_admins"
    veto files = /.flexshare*/

    This way, I can have a (flex)share which is RO for regular users, and RW for admin users (namely winadmin) - useful when I have to deploy a new version of a C/S app.
    Some Windows Update tweaks were added to squid.conf, but it looks like more could be done. Is it working for you?

    I just reviewed /etc/squid/squid.conf in 6.2b3 and I believe it is fine (I'm not running it in production, just on a VM at home), but the way it's configured now it just means that all clients have access to Windows Update and some (not all) of the files downloaded from WU will be cached - my config goes further.

    First, maximum_object_size at just 10 MB means Squid won't cache large update files, like .NET updates. I crank it all the way up to 500 MB so that Windows and Office updates, including Service Packs, will be cached.

    Second, the custom refresh_pattern (see here and here) lines tell Squid to keep Windows Update files for longer, so that they will always (mostly) be prompty available. When installing a new Windows machine, or simply updating one that was just (re)deployed, this makes a big difference, chiefly when the WAN link is slow. Antivirus updates also benefit from this - Symantec update files are HUGE. Same goes for files from other vendors.

    Keep the great work! Regards,

    Georger
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 08 2012, 12:39 AM - #Permalink
    Resolved
    0 votes
    Just an update. We updated the ISOs, so you should no longer see the "single NIC" issue.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, March 06 2012, 02:19 AM - #Permalink
    Resolved
    0 votes
    Well that's an ugly GUI bug. We'll see what we can do.
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Tuesday, March 06 2012, 12:10 AM - #Permalink
    Resolved
    0 votes
    Brian wrote:
    Came across this as well. I was in a vm so I just added 2nd NIC, which let me choose Role on original one, then removed 2nd NIC. Stays as external after that. Didn't have to assign role to 2nd nic at all. It's presence lets you change roles.

    On actual hardware this could be cumbersome or unfeasible.

    Regards,

    Georger
    The reply is currently minimized Show
  • Accepted Answer

    Brian
    Brian
    Offline
    Monday, March 05 2012, 07:30 PM - #Permalink
    Resolved
    0 votes
    Came across this as well. I was in a vm so I just added 2nd NIC, which let me choose Role on original one, then removed 2nd NIC. Stays as external after that. Didn't have to assign role to 2nd nic at all. It's presence lets you change roles.
    The reply is currently minimized Show
  • Accepted Answer

    DavidAdams
    DavidAdams
    Offline
    Monday, March 05 2012, 01:46 PM - #Permalink
    Resolved
    0 votes
    georger wrote:
    Peter Baldwin wrote:
    You need to specify your single NIC as an "External" role (as opposed to a "LAN"). That has always been a bit confusing in ClearOS. There used to be a big warning when this "single NIC / no external" configuration was detected -- I'll make sure that warning is shown in version 6 too!

    Hi Peter,
    I just installed 6.2b3 again on a VM with a single NIC. When adding/editing the NIC, it appears that the Role parameter can't be changed - its value is "LAN", and I can't change it (it is displayed as a text label rather than a combo box).

    Regards,

    Georger


    Same issue here which means I am unable to test it as a standalone web proxy. Also there is no where in the config to specify a default gateway.
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Friday, March 02 2012, 02:55 AM - #Permalink
    Resolved
    0 votes
    Peter Baldwin wrote:
    You need to specify your single NIC as an "External" role (as opposed to a "LAN"). That has always been a bit confusing in ClearOS. There used to be a big warning when this "single NIC / no external" configuration was detected -- I'll make sure that warning is shown in version 6 too!

    Hi Peter,
    I just installed 6.2b3 again on a VM with a single NIC. When adding/editing the NIC, it appears that the Role parameter can't be changed - its value is "LAN", and I can't change it (it is displayed as a text label rather than a combo box).

    Regards,

    Georger
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Thursday, March 01 2012, 11:31 PM - #Permalink
    Resolved
    0 votes
    Hi Peter,
    Great! I'm looking forward to seeing this happen!

    By the way, I've sent an email a few days ago offering to help on the pt_BR translation.

    Regards,

    Georger
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 01 2012, 10:26 PM - #Permalink
    Resolved
    0 votes
    georger wrote:
    Could you comment on the topic of having the COS box access the Internet through a separate proxy server?


    Added to the tracker :-) Please see my comment in the other thread.

    Congratulations on your 1000th post!


    Now on to # 1337
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Thursday, March 01 2012, 09:04 PM - #Permalink
    Resolved
    0 votes
    Hi Peter,
    Thanks for chiming in!

    The warning about the role of the NIC is certainly a nice touch.

    About the minimum requirements: in my understanding the Internet connection was only required when running in gateway mode, not in standalone mode. It is clear now.

    The rationale for not having apps selected at install time is pretty sensible. That said, I'll give the workaround a try.

    Could you comment on the topic of having the COS box access the Internet through a separate proxy server?

    Congratulations on your 1000th post!

    Regards,

    Georger
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 01 2012, 07:09 PM - #Permalink
    Resolved
    0 votes
    georger wrote:
    Also, it would be beneficial to be able to specify a default gateway when using a single NIC - otherwise, how could users at the other side of a WAN link access the web server on the COS box?


    You need to specify your single NIC as an "External" role (as opposed to a "LAN"). That has always been a bit confusing in ClearOS. There used to be a big warning when this "single NIC / no external" configuration was detected -- I'll make sure that warning is shown in version 6 too!

    Could this be because COS 6.2 *requires* an Internet connection?


    Yup. A high-speed connection to the Internet has been listed as a minimum system requirement for ... a very very long time (version 2?). In theory, you can install a ClearOS system and then remove Internet access. Things like dynamic DNS, software updates, content filter updates, etc. would fail, but the system would still run normally. We haven't given this type of server support much consideration though.

    We moved away from having apps selected at install time for a number of reasons:

    - One week after an ISO is released, some packages are already obsolete (bug fixes, security updates, etc.)

    - The install experience is the same whether you use a pre-built VM image, a pre-built Amazon image, a ClearBOX hardware appliance, or a do-it-yourself ISO install.

    - Flexibility. As more and more apps appear, putting them all on an ISO would become untenable.

    Workaround

    Having said all this, most of the free apps are available on the ISO image. If you can mount the ISO image, I think you can do a "yum localinstall app-XYZ"... not sure about that though.
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Thursday, March 01 2012, 04:51 PM - #Permalink
    Resolved
    0 votes
    Hi Tim,
    Thanks for replying.

    Yes, my host does have a DNS configuration; that said, I would like to see 6.2 offer the same functionality 5.2 already offers, that is, a standalone mode where the server can point the DNS to itself. It looks like standalone mode could be improved on 6.2.

    Also, it would be beneficial to be able to specify a default gateway when using a single NIC - otherwise, how could users at the other side of a WAN link access the web server on the COS box?

    Regards,

    Georger
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, March 01 2012, 01:07 PM - #Permalink
    Resolved
    0 votes
    ClearOS is known to require a working DNS server during boot and general operation. This may also extend to installation but i'm not sure... I'm assuming your have assigned a NIC to your VM, and your host has some form of DNS configuration?

    You can set the gateway on an interface defined as 'external'. In standalone mode with one NIC - it needs to be defined as 'external'.
    The reply is currently minimized Show
Your Reply