Please help me !!!
I have installed clearos business edition and i activated firewall with Allowed Incoming Connections (http, https, imap, imaps, pop, pop3s, webconfig) but my web still blocked
I have installed clearos business edition and i activated firewall with Allowed Incoming Connections (http, https, imap, imaps, pop, pop3s, webconfig) but my web still blocked
In Firewall
Share this post:
Responses (9)
-
Accepted Answer
Edwin Saputra wrote:
I implementation that rule and standalone mode setting but still not access from anywhere my http (webserver), firewall setting with Allowed Incoming Connections (http, https, imap, imaps, pop, pop3s, webconfig)
I am lost now. What are you trying to do?
If ClearOS is on your LAN in standalone mode, try it first without a firewall. Have only one NIC configured as external and connect that NIC to your LAN. Check it gets an IP address Do not connect any other NIC. -
Accepted Answer
I think Nick was suggesting you go from standalone mode to gateway after implementing the custom firewall rule. I don’t understand why you would be trying to use the firewall in standalone mode. Either you’re using ClearOS as a gateway to route external traffic between a minimum of two nics, or you’re using it as a standalone server behind another separate firewall. -
Accepted Answer
Nick Howitt wrote:
Typically in Standalone mode you only use one NIC and it must be configured as External. Multiple NIC's *may* work if you install the MultiWAN app but you will not be able to route through ClearOS. The easist thing to do is configure one NIC as WAN and all the others as LAN (but you won't be able to usee them). Then, if you have opened incoming ports you should be able to use services in ClearOS.
If you are testing this for a gateway deployment, it is probably easier to set up a custom firewall rule:
Then put the server into Gateway mode, connecting its WAN interface to your current LAN. Like this you can access the box from anywhere on your LAN. The, for fuller testing you connect a PC to one of the LAN ports and you should be able to do the normal throughput testing.$IPTABLES -I INPUT -s your_external_interface_LAN_subnet -j ACCEPT
I implementation that rule and standalone mode setting but still not access from anywhere my http (webserver), firewall setting with Allowed Incoming Connections (http, https, imap, imaps, pop, pop3s, webconfig) -
Accepted Answer
Typically in Standalone mode you only use one NIC and it must be configured as External. Multiple NIC's *may* work if you install the MultiWAN app but you will not be able to route through ClearOS. The easist thing to do is configure one NIC as WAN and all the others as LAN (but you won't be able to usee them). Then, if you have opened incoming ports you should be able to use services in ClearOS.
If you are testing this for a gateway deployment, it is probably easier to set up a custom firewall rule:
Then put the server into Gateway mode, connecting its WAN interface to your current LAN. Like this you can access the box from anywhere on your LAN. The, for fuller testing you connect a PC to one of the LAN ports and you should be able to do the normal throughput testing.$IPTABLES -I INPUT -s your_external_interface_LAN_subnet -j ACCEPT
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
I would think you installed the egress firewall when you initially installed ClearOS Business, but you can make sure in your Webconfig under Network > Firewall > Egress Firewall. If you don't see it, you can install it from the Marketplace. If you do already have it installed, make sure it's setup for "Allow all outgoing traffic - specify block destinations".
You can also make sure your firewall is running using the Putty app Nick suggested:
systemctl status firewall.service
-
Accepted Answer
-
Accepted Answer
Welcome to ClearOS. Please note that, as a new poster, your first couple of posts get moderated before they appear on the forums.
Is ClearOS in Gateway mode or Standalone?
You should only need to open incoming ports if you are providing those services in ClearOS. It will make no difference to accessing those services from behind ClearOS to the Web.
If you don't know this already, I suggest you gat hold of a copy of PuTTy and WinSCP to help you administer ClearOS. PuTTy provides a remote terminal. You can copy from it just by selecting text and paste to it by right-clicking. WinSCP provides a graphical file manager and text editor.
Please can you give the output to:
Please expand your console before running the iptables command as the output wraps. Also please put the results between "code" tags (the piece of paper icon with a <> on it)cat /etc/clearos/network.conf
ifconfig | grep '^e' -A 1
lspci -k | grep "Eth" -A 3
iptables -nvL
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »