Hi Nick. Thanks for your reply, as always.
Unfortunately, this client of mine has old boxes and no even one Win 10. Only Win 7 and Win 8.1. Nevertheless, I think the workaround will use Putty. I'm also looking in google.
The dashboard has the option for shutting down and rebooting COS, but this VM only has the root user. That's why I was saying before, that I don't want ldap in this box, because I understand this is the only way to allow a user to do this from the webconfig.
I know there's an Administrators app for COS (or something like that) but I understand I would have to use LDAP in order to create new users. Of course, an option to reboot the VM in the COS Dashboard would be great, but I'm a little affraid of doing this. The VM is hosted onto an ESXi 6, perhaps, for this path I can find the workaround.
This is the context. A client of mine has this COS 7.5 VM gateway for 20 workstations, now with only one cable-modem ISP. It works good but sometimes this connection fails for a while. When it comes back, we can see the modem is ok, but devices in the lan can't reach Internet. We can restart the network service or reboot the VM, and it works well until the next "gap".
Because I visit this client once a week, they need a method to reboot COS VM when I'm not present and the connection is lost. This is where I ask for your suggestions, guys, to create some workaround to reboot the VM. There's also another VM in the host, therefore, when I'm not there, they just push the reset button, creating an ugly situation. There's no IT or advanced users, in order to log in by putty and do the thing. I'd like some kind of shortcut in the Win desktop, but any other simple variant for a basic user would be ok.
Thanks in advance for any comments.
I've figure out the https matter. In a quick search, I didn't find any download from a http site in order to try it.
I was reading a little and found that it's possible to create a certificate in COS in order to allow it to cache objects from https websites. It would be great because most of downloads come from https sites. The proxy is working in transparent mode and here, we don't have any directory, so, I'll have to install the cert in every workstation. About the directory thing, I'm a little "afraid" of using samba or ldap; never did that before and this is a production environment. Of course, I should test it in a lab environment, but I don't have the time for that right now. I know nothing about its stability or complexity.
Thanks for your responses.
Hi Nick. As always, thanks a lot for your response.
I'ts actually COS 7.5 acording to the release file. It was 7.2 at installation time.
After doing some changes at squid config, according the wiki, I see it remains the no-caching situation. I'm just testing with a little download (https://calibre-ebook.com/download_portable), but I see nothing happens. Of course, I'v restarted the squid service.
Now, I ask myself if it is only me (and perhaps Carlos), who are having this issue. Because now the ISPs offer a good service (I mean in speed), I guess nobody is focusing on this. I have to recognize that I've discovered this issue a lot of time ago, doing some search, but leaving the issue to be solved later.
Anyone willing to perform a little test to determine whether o not squid is caching?
Nick Howitt wrote:
What do you use the box for?
To be honest, without setting up users I am not sure how you can give another user restricted access. Perhaps the ClearOS Administrators app will accept non-root users. Why not set up a test box to find out? Have you set up any classic Unix users at all or is the box currently root access only?
The main purpose for this COS is to be a gateway, providing fault tolerance and balancing for 2 Internet connections. Now, it's working with only one ISP, but the idea is to have 2 (again) in a near future.
I have to find some hours to try what you have suggested. It will be nesessary to provide a basic user with a reboot tool because I'm an external supplier. If I'm not there and the one and only internet connection is down, besides some basic stuff that a user inside can try, I don't have a way to reboot it remotely. The only remaining option is to reset de host, thus, reseting also both VMs hosted there.
Many thanks for your comments.
Nick Howitt wrote:
If you want users, in a small office and don't have or want an AD server, go for OpenLDAP . You must have one of the three in order to set up users in the ClearOS model. Keep clear of Samba Directory as it is giving issues and is only a Beta product. Windows Networking (Samba) is fine but servers a completely different purpose - mainly file serving (flexshares) but also a bit of authentication.
In a small office, if you install Windows Networking, consider if you want a Domain or just simple file serving. It defaults to domain but I use simple file serving at home. No one has to log onto their PC's. If you want peole to log in, go down the domain route.
Also please go to Certificate Manager and initialise your server certificate.
I have to confess that I'm a little "afraid" of installing OpenLDAP in this box. Moreover, because they don't need it. I just need to provide my client an easy way to reboot COS sometimes. Is there another way to allow a basic user to reboot it?
This is a virtualized COS. In the begining, it was installed bare metal. One day, COS just stoped resolving dns queries. I never knew why. So, after a whole day of reading this forum and tampering the box, I decided to reinstall and virtualize it, because it was easier to restore to a previous state. I don't like to rollback the box to a previous snapshot, but sometimes, this is the best solution.
Nick Howitt wrote:
Doing a traceroute to either of your WAN IP's gives up after 30 hops. I can ping 188.8.131.52 but not 184.108.40.206 so I am not sure what is up with your internet connections. What sort are they?
I am also a bit confused about your port forwarding unless you are somehow using different WAN IP's. Ports 80 and 3389 seem to be forwarded to two different machines at the same time.
The 190... ip belongs to an old ISP that no longer exists, nevertheless, because it was an static public IP, the NIC config remains there.
The 220... ip belongs to the only online ISP right now. That's a dynamic IP. This is a cablemodem. No idea about why you can't traceroute it.
About the ports forwarding: that's correct. The incoming ports are different, pointing to different hosts.
If you try a ssh cilent, you'll get a time-out network error, even when the IF rule is set. The iptable rules show that the port 22 are properly open. This same config was working some days ago. I'm wondering if it is a matter of software updates.
Thank you Nick.
I just didn't know that app. I've already installed, but the menu option shows me a page asking for install OpenLDAP, SAMBA or AD connector. Is this mandatory? This is a small office, they don't have AD nor other directory. I've installed once SAMBA, but some options didn't work anymore, showing a text like "Ooooops .... You need a stronger auth....." (or something like that).
What do you suggest as the better choice?