Profile Details

Toggle Sidebar
Recent updates
  • Nick Howitt
    Nick Howitt replied to a discussion, Managed Switch

    I've heard managed switches can be noisy. It is also frustrating that 1 * 16-port switch costs considerably more than 2 * 8-port switches, but you do end up with 2 more usable ports.

  • Do you need to tryst the login drive/network location in Windows? I had terrible problems running files from shares until I did that, but note that I use simple filesharing and not a domain. For me I think the answer was in the Microsoft Trust Center but it seems to be an Office only thing so I am not sure.

  • What you want is something like in my attached shot - if it attaches.

    BTW, 192.168.0.0/24 and 192.168.1.0/24 are not brilliant to use.

    What is your ClearOS WAN IP?

    Another thing to check is if Windows is blocking you as it has detected a new network which you need to configure. I know the new network wizard does not always pop up.

    Try with the router wired LAN first. For wireless make sure there is no option to isolate the WLAN from the LAN selected.

  • wrote:If not you may need to set up a samba share outside the flexshare framework. I am worried about the authorizations angle particularly with flexshares, however unless somebody tries we will never know. Your input would be valued.
    Authorisation inside a flexshare or outside in a manual share is exactly the same - by user or group.

  • Nick Howitt
    Nick Howitt replied to a discussion, Managed Switch

    192.168.1.0/24 and 192.168.0.0/24 are both best avoided if you can! It is best to see if you can change the managed switch to another subnet as well.

    Anyway, the answer is to change ClearOS interface to whatever. The DHCP server should follow. If you're using a Windows PC, rebooting it should sort it. This is a bit drastic. You could alternatively open a command prompt (windows+r then cmd.exe or Start then type cmd) then in the command prompt type:
    If this does not work, go to the Control Panel > Network and Sharing Centre, then for your Network select Local Area Connection > Properties > Internet Protocol Version 4 (double click or properties) and temporarily select "Use the following IP address", IP address something like 192.168.0.10, subnet mask = 255.255.255.0, Default Gateway is whatever you set your ClearOS LAN NIC to. Once it is working set it back to Automatic. You may also need to set the DNS server to the ClearOS LAN IP address.

  • Can we check the NIC drivers? Please post the output to:

  • I guess that is pretty much normal. If those ports aren't open, there is no point in monitoring activity on them with IDS/IPS. The internet is a pretty hostile place. There are bots out there constantly probing port 22 (ssh) looking for password weaknesses, lots of probes to apache for old vulnerabilities and so on. On ADSL/dynamic IP's you may also get traffic destined for the previous user of that IP, especially p2p file sharing.

    It is hard for an ISP to block it all. 1433 and 3306 could be valid if you run an SQL server which is open to external access and so on.

  • The ClearOS LAN and WAN must be on different subnets and (unless you have a clever switch with VLANS) on a separate physical LAN. Because they are too common, it is best to avoid 192.168.0.0/24 and 192.168.1.0/24 as your LAN subnets.

  • I put mine in /etc/cron.monthly and you can call it what you want It can also go in cron.daily and cron.weekly but not /etc/cron. It has not changed since mid-May so monthly is probably fine. You need to make it executable and that is it.

  • Have a look at /etc/postfix/postgrey_whitelist_clients. If you can, update this regularly from http://postgrey.schweikert.ch/pub/postgrey_whitelist_clients - I've a small file in /etc/cron.monthly containing the lines:You can then build your own whitelist in /etc/postfix/postgrey_whitelist_clients.local where I, for example, have added 212.54.57.96/30 for Ebay's servers /^euk\d+\.eukhosting\.net/ as they don't seem to retry and a few others.

    Legit e-mails get blocked if they retry too quickly then stop, or, in some cases, don't retry.

    If you search the internet, you'll also find ways of automatically creating a whitelist of people you've sent to.