Edwin Saputra wrote:
I implementation that rule and standalone mode setting but still not access from anywhere my http (webserver), firewall setting with Allowed Incoming Connections (http, https, imap, imaps, pop, pop3s, webconfig)

I am lost now. What are you trying to do?
If ClearOS is on your LAN in standalone mode, try it first without a firewall. Have only one NIC configured as external and connect that NIC to your LAN. Check it gets an IP address Do not connect any other NIC.

I think Nick was suggesting you go from standalone mode to gateway after implementing the custom firewall rule. I don’t understand why you would be trying to use the firewall in standalone mode. Either you’re using ClearOS as a gateway to route external traffic between a minimum of two nics, or you’re using it as a standalone server behind another separate firewall.

Nick Howitt wrote:

Typically in Standalone mode you only use one NIC and it must be configured as External. Multiple NIC's *may* work if you install the MultiWAN app but you will not be able to route through ClearOS. The easist thing to do is configure one NIC as WAN and all the others as LAN (but you won't be able to usee them). Then, if you have opened incoming ports you should be able to use services in ClearOS.

If you are testing this for a gateway deployment, it is probably easier to set up a custom firewall rule:

$IPTABLES -I INPUT -s your_external_interface_LAN_subnet -j ACCEPT

Then put the server into Gateway mode, connecting its WAN interface to your current LAN. Like this you can access the box from anywhere on your LAN. The, for fuller testing you connect a PC to one of the LAN ports and you should be able to do the normal throughput testing.

I implementation that rule and standalone mode setting but still not access from anywhere my http (webserver), firewall setting with Allowed Incoming Connections (http, https, imap, imaps, pop, pop3s, webconfig)

Typically in Standalone mode you only use one NIC and it must be configured as External. Multiple NIC's *may* work if you install the MultiWAN app but you will not be able to route through ClearOS. The easist thing to do is configure one NIC as WAN and all the others as LAN (but you won't be able to usee them). Then, if you have opened incoming ports you should be able to use services in ClearOS.

If you are testing this for a gateway deployment, it is probably easier to set up a custom firewall rule:

$IPTABLES -I INPUT -s your_external_interface_LAN_subnet -j ACCEPT

Then put the server into Gateway mode, connecting its WAN interface to your current LAN. Like this you can access the box from anywhere on your LAN. The, for fuller testing you connect a PC to one of the LAN ports and you should be able to do the normal throughput testing.

standalone mode and i have (eno0 - eno1 - ens6f0 - ens6f1 - ens6f2 - ens6f3)

I think for normal use you don't need the Egress firewall. You just need a firewall for incoming traffic so you can block it. The standaard by default installed firewall is enough.

I would think you installed the egress firewall when you initially installed ClearOS Business, but you can make sure in your Webconfig under Network > Firewall > Egress Firewall. If you don't see it, you can install it from the Marketplace. If you do already have it installed, make sure it's setup for "Allow all outgoing traffic - specify block destinations".

You can also make sure your firewall is running using the Putty app Nick suggested:

systemctl status firewall.service

Yes, the first question indeed is if you have a ip address assigned. I follow your diagnostic skills Nick! Maybe I can learn something.

Welcome to ClearOS. Please note that, as a new poster, your first couple of posts get moderated before they appear on the forums.

Is ClearOS in Gateway mode or Standalone?

You should only need to open incoming ports if you are providing those services in ClearOS. It will make no difference to accessing those services from behind ClearOS to the Web.

If you don't know this already, I suggest you gat hold of a copy of PuTTy and WinSCP to help you administer ClearOS. PuTTy provides a remote terminal. You can copy from it just by selecting text and paste to it by right-clicking. WinSCP provides a graphical file manager and text editor.

Please can you give the output to:

cat /etc/clearos/network.conf

ifconfig | grep '^e' -A 1

lspci -k | grep "Eth" -A 3

iptables -nvL

Please expand your console before running the iptables command as the output wraps. Also please put the results between "code" tags (the piece of paper icon with a <> on it)