I want to start using a Clearos gateway at our small business. We already contract a company to host a remote server for us that handles basic server needs, i.e. web, mail, ftp, etc. We use VeriSign as our domain registrar, but the domain is configured in our VeriSign account with the dns servers of the remote server of the company we contract. So company.com is registered with VeriSign, and the dns settings at VeriSign are ns1.hostsass.com and ns2.hostsass.com. There is also a CPanel login page on the remote server where I can set up different records to direct traffic, i.e. A, CName, Txt, etc.
I would love to use our company's domain name for the Clearos gateway while keeping the remote server we've had forever. That would mean two servers using the same domain name. I don't want to mess with the existing remote server short of adding records on it that would point to our clearos gateway based on its hostname, e.g. industry.company.com. I also want to be able to subscribe to the gateway services clearos provides, e.g. content filter, anti malware, etc. However, it would seem I have to allow Clearos to be the domain registrar to accomplish this, so the gateway points back to their dns services. If I do that, then it will mess up the remote server we've used forever that takes care of our email, ftp, etc. Am I understanding this right and if so, what would be a work around our options I could take?
I'm really looking forward to working with clearos again.
I would love to use our company's domain name for the Clearos gateway while keeping the remote server we've had forever. That would mean two servers using the same domain name. I don't want to mess with the existing remote server short of adding records on it that would point to our clearos gateway based on its hostname, e.g. industry.company.com. I also want to be able to subscribe to the gateway services clearos provides, e.g. content filter, anti malware, etc. However, it would seem I have to allow Clearos to be the domain registrar to accomplish this, so the gateway points back to their dns services. If I do that, then it will mess up the remote server we've used forever that takes care of our email, ftp, etc. Am I understanding this right and if so, what would be a work around our options I could take?
I'm really looking forward to working with clearos again.
In IP Settings
Share this post:
Accepted Answer
There is no requirement for ClearCenter to be the domain registrar but you will have to use subdomains. Does company.com resolve to your website or is it just www.company.com which resolves to your website? It is not that important.
If ClearOS is on a fixed IP, you can set up an A record for subdomain.company.com, which I assume will be industry.company.com, pointing to your WAN IP and your Internet Hostname should be set to subdomain.company.com.
If ClearOS is on a dynamic IP, you can set up a CNAME record for subdomain.company.com pointing to your poweredbyclear.com dynamic DNS name. This way subdomain.company.com will always follow your IP.
If you do either of the above, you can even run a web server on subdomain.company.com but it just has to use a different subdomain from your remote server.
You don't need any form of DNS registration at ClearCenter set up to subscribe to ClearCenter services as ClearOS looks after contacting the ClearCenter servers.
I see you mention Content Filter. These days it is only really effective if you use a non-transparent proxy as the transparent proxy only filters http traffic and not https. This is relatively intrusive as it means making proxy settings on every PC, or setting up Web Proxy Auto Discovery (WPAD). The app needs some love from a volunteer but there is a HowTo to do it manually and it is not too difficult to implement if you know how to write WPAD files (I don't). As an alternative there is the Gateway Management product which is easier to set up and much lighter on resources and is ClearCenter's preferred solution.
If ClearOS is on a fixed IP, you can set up an A record for subdomain.company.com, which I assume will be industry.company.com, pointing to your WAN IP and your Internet Hostname should be set to subdomain.company.com.
If ClearOS is on a dynamic IP, you can set up a CNAME record for subdomain.company.com pointing to your poweredbyclear.com dynamic DNS name. This way subdomain.company.com will always follow your IP.
If you do either of the above, you can even run a web server on subdomain.company.com but it just has to use a different subdomain from your remote server.
You don't need any form of DNS registration at ClearCenter set up to subscribe to ClearCenter services as ClearOS looks after contacting the ClearCenter servers.
I see you mention Content Filter. These days it is only really effective if you use a non-transparent proxy as the transparent proxy only filters http traffic and not https. This is relatively intrusive as it means making proxy settings on every PC, or setting up Web Proxy Auto Discovery (WPAD). The app needs some love from a volunteer but there is a HowTo to do it manually and it is not too difficult to implement if you know how to write WPAD files (I don't). As an alternative there is the Gateway Management product which is easier to set up and much lighter on resources and is ClearCenter's preferred solution.
Responses (14)
-
Accepted Answer
Awesome information! Thank you! So I'll create a cname of industry.company.com pointing to my company.poweredbyclear.com I have registered in clear center. Then on my clearos gateway ip settings, my internet hostname will be industry.company.com. Will my domain be the same, or just company.com in my ip settings? -
Accepted Answer
Yes, make your Internet Hostname industry.company.com although there is no particular need to unless you run a mail server from ClearOS, which you don't. For your Domain, it is up to you. It is how you want to your LAN machines to be known when using an FQDN. I use the same internal and external domain, but there is no requirement to do so. If you run an AD DC, best practices say to make you internal domain a subdomain of your internet domain -
Accepted Answer
Thanks for your insight Nick. I believe I got it working thanks to your advise. At least I can connect to the gateway remotely now. I have yet to put it in place at our business, but I plan on it this week. I did install the Gateway Management App and stopped the Content Filter daemon to try it out and it's pretty squeaky clean if you ask me. Thanks for that extra tidbit of advise. Prior to that, I noticed the Content Filter wasn't stopping https sites, like Facebook (just like you mentioned), so I implemented the Web Proxy App, which did the trick, but I'm not certain if that's a resource hog or if the Gateway Administration App is a better solution? I am looking forward to dabbling in a business environment with a ClearOS gateway, especially since it's my business and I'll appreciate it more. -
Accepted Answer
The Proxy/Content Filter takes a fair amount of disk space. If you have a fast internet connection you should disable the cache or it may struggle to keep up. It also needs you to set up every PC or sort out WPAD. Gateway Management leverages DNS so runs with no cache and is very light on resources. It also has some other nice features if you get the Business version giving you a lot of machine control. -
Accepted Answer
-
Accepted Answer
For Businesses, things like Don't Talk To Strangers which blocks direct access to an IP address without having done a DNS lookup. This is a way of killing torrents and some third party VPN's. It has different modes as well so you can block all but the allowed and you have whitelisting mechanism. If you like it, you get ad blocking. You can also enforce Safe Search from Google and Bing. Have a look at the comparison at https://gateway.management/. -
Accepted Answer
Man, I don't know what I'm doing wrong. I registered a domain with Clear Center, company.us. I did this to totally separate my new gateway server from our older remote server. Then I created an A record in my Clear Center portal, to point to my gateway server's static public IP address, because it winds up being static. So, company.us points to my static public IP. I know my external nic is setup properly because we have internet access. Then, in my IP settings my hostname is gateway.company.us, my internet hostname is company.us, and my default domain is company.us. But I cannot access the webconfig remotely, using https://company.us:81. -
Accepted Answer
-
Accepted Answer
Oh, and I used https://ipinfo.info/html/ip_checker.php to confirm that my public IP checks out for renncoautomation.us -
Accepted Answer
Port 81 is open. I just registered the domain this morning, so maybe it won't come through until tomorrow? I just tried from home, eight hours later and I still couldn't get in. I don't know if it's that anyway. I try my public IP and port 81 and I still can't see my gateway. I'm wondering if my AT&T U-Verse modem is setup as a router and might be blocking the incoming port, since it's open on my gateway. I'll have to get with them tomorrow and see how I can check the configuration of the modem. Thanks for sticking with my post, Nick. I really appreciate it. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »