Profile Details

Toggle Sidebar
Recent updates
  • I am curious about your set up. Do you have two physical connections to your ISP or one connection but two IP's? If you have two physical connections, you'll probably need 2 NIC's for your WAN and third one for your LAN. You can then use the Multi-WAN module to do the load balancing. The documentation is a little out of date so I'll try updating it sometime.

    If you only have one WAN NIC there is a chance that you can get it to work if you have a VLAN capable switch but this is a more complex set up.

  • I am not sure if the apps will ever give you a per-IP control of your filtering. That will always require manual intervention. Can I suggest you give it a go - it will only cost your time? The bittorrent filter may not be working 100% but I understand it massively slows down the traffic.

  • The G10 Microserver can be bought directly from HP with ClearOS pre-installed. If HP didn't think it man-enough for the job they wouldn't sell it, so yes, it can run Community or Business and 25 users is not onerous. I have a G10 as a test box and have not had any issues with it yet.

    Not so sure about the application filter. Youtube is covered by it but it is all or nothing. For torrenting you want the protocol filter, but is is not working too well with Bittorrent and is hopefully going to get an update this summer. I believe both apps use the same underlying engine which needs the update.

    Both apps are all or nothing but use the mangle table in the firewall so it should be possible to craft custom firewall rules to bypass the filtering for some IP's. I've never tried.

  • Get the settings from the Ubiquity. If it is just using a PSK it should be easily possible but you'll probably need to tinker with the configs. If you're in luck the basic free settings will be good enough. Does either end or both have static IP's?

  • I think the closest you can get to it is the Network Visualiser report but It may not give you what you want. I've never really looked at that side of monitoring. I can't remember which utility it uses underneath. I'll post back if I remember. Perhaps it will have some command line reporting underneath.

  • The firewall should always be running, but it may be in failsafe mode which only allows restricted access. The bast place for firewall logs is /var/log/system. You can check if the firewall is running OK with a:Also check if you have a reasonable amount of rules present with:

  • Nick Howitt
    Nick Howitt replied to a discussion, Antispam / Antivirius problem

    Can you help me with your set up? From what you say it is a standalone server on your LAN.
    For it to provide anti-spam facilities you must configure the mail server in some way. Are you using ClearOS as a mail server or is it passing through to another mail server?
    How are the e-mails getting into ClearOS? Have you opened port 25 in ClearOS, forwarded it through your router to ClearOS and set a domain to point to your router or are you using the Mail Retrieval app (fetchmail)?
    For anti-virus are you just talking about checking e-mails or to scan the system or for web-browsing as well? If it is for web browsing, it is not good at that because, as a gateway type of device, it can't intercept https traffic, only http.

  • Nick Howitt

    If you follow your link you'll see that the changes proposed were adopted in the code in github, so I'd have thought it will probably now compile natively in both 32-bit and 64-bit. The problem with this approach is that it is effectively a min-in-the-middle attack on https which, conceptually, a lot of people are very anti.

    I am unlikely to implement anything like this again as it is a pain if it stops a website you want to visit from working. (Some) browser adblockers such as adblock plus and uBlock have a lot of diagnostics built in and, crucially they have a disable button. If you hit a problem on a device with Pixelserv you then have to manipulate it from the command line in ClearOS, and it can be hard to find the critical blocked link. pixelserv-tls looks like it has a logging facility which will help, but I don't think my wife would be too happy if I told her she had to wait until I got home before she could visit a particular site. I could be tempted to investigate PiHole as it seems to have a webconfig of its own and, hopefully, easier management facilities. I think they are also against mitm type blocking(/attacks), and only block http

  • Nick Howitt

    That is the https problem I was thinking about. Pixelserv cannot serve a valid certificate for Taking a leaf out of PiHole's blog, lets split the blocking into http and https and add a couple of rules for fun:
    This is only using pixelserv for normal http traffic. Google appear to be doing some fancy stuff with UDP. My reference for this which I bumped into today is here. You have to follow a link there for an explanation.

    Please try these at the command line first before making them permanent. In ClearOS 7.x, change "iptables" to "$IPTABLES" when applying them to the Custom Firewall. It will probably also work with "$IPTABLES" in 6.x but it is not so important.