Profile Details

Toggle Sidebar
Recent updates
  • Dave Loper
    Dave Loper replied to a discussion, Question

    Nick is right, you should upgrade to to ClearOS 7 since ClearOS 5 will not have any updates.

    Within ClearOS 7 is a module called the Custom Firewall module. If you are using the Proxy and Content Filter, you can bypass the proxy and/or content filter with an example rule on this page:

    https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_custom_firewall_module_examples#bypass

  • Dave Loper
    Dave Loper replied to a discussion, FTP errors

    Richard,

    There are two types encrypted FTP....FTP/S and SFTP. ClearOS only has FTP/S and not SFTP. Repeatedly you are using SFTP to try and make a connection. That is largely your issue.

    If using Filezilla, make sure that this is setup this way:

    http://www.daveloper.net/tests/ftp-filezilla1.png
    http://www.daveloper.net/tests/ftp-filezilla2.png

    You need to specify the directory on the second image. The user must be a member of the group that has permissions to the flexshare.

    On the firewall, make sure to open up both FTP and Passive FTP services.

  • Dave Loper
    Dave Loper's reply was accepted as an answer

    Re: Multiple LANS bridged by default?

    The LANs aren't 'bridged' per se. Rather, they are routed and trusted. This is by design.

    The two networks that have 'NAT' through the gateway are called 'LAN' and 'HotLAN'. LAN trusts other LAN, LANs can also access HotLANs. HotLANs cannot access LANs but can access other HotLANs. This article talks about the differences:

    https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_network_types_-_external_lan_hotlan_dmz

    It sounds like what you need it a custom firewall partition between networks (Network >> Firewall >> Custom Firewall). This can be resolved with simple 'DROP' rules in the custom firewall. I'm not at a place where I can test it but here are some things to try...

    WARNING: ONLY TEST CUSTOM FIREWALL RULES IF YOU HAVE DIRECT ACCESS TO YOUR CONSOLE. BAD RULES CAN LOCK YOU OUT OF YOUR FIREWALL THROUGH REMOTE ACCESS.

    $IPTABLES -I FORWARD -i eno1 -o eno4 -j DROP
    $IPTABLES -I FORWARD -i eno4 -o eno1 -j DROP

    Again, I don't know what this will do to your network...use with caution. Let me know what works or doesn't here and I'll improve the articles.

  • Rufus is good. I've used Win32DiskImager as well.

  • HTTPS inspection has been a well known issue for some time. And yes, many solutions include while ClearOS doesn't. We feel we have leap-frogged the need for SSL inspection with Gateway.Management. Naturally, ClearOS is technically capable and there is nothing stopping someone from implementing this or even making an open source method, app in the marketplace, or patch that makes this easy on ClearOS. But before you go there, let me tell you why our governance team is opposed to this SSL intercept method of filtration.

    - We believe SSL interception works against the principles of safe Internet.
    - SSL interceptions requires that you de-validate the SSL certificate involved and requires that you force your users to accept a 'bogus' certificate not made by the content provider.
    - SSL intercept gateways are now prime targets for hacking due to their secondary objective now enabled by SSL intercept
    - In the case of compliance standards, SSL interception violates role-based access provisions and other exclusivity and logging requirements.
    - In some countries, SSL Interception is illegal under wire-tapping interpretations of the law.

    Imagine that you are a three-letter government agency and want to look at everyone's traffic on the internet in a decrypted way. You would be able to see their banking passwords in plain text as well as seeing their other online passwords. One way to do that is to get the user to accept a certificate that you have the key for. You can then cause the users to accept alternate software updates, alternate pages, you'd see all their traffic and content, and the client machines would be unable to know if or when their security layers were compromised:

    https://cdt.org/insight/is-breaking-web-encryption-legal/
    https://www.zdnet.com/article/how-the-nsa-and-your-boss-can-intercept-and-break-ssl/

    "Organizations should ultimately lean on legal counsel to provide reliable guidance on employee privacy policies, domestic and abroad. In-house counsel, however, cannot be expected to have up-to-date expertise on every privacy law in every province and country throughout the world. Outside counsel—typically large international law firms—can leverage attorneys with specific expertise in the country of interest. Legal referral services help organizations choose an appropriate law firm if in-house counsel is not available. Moving forward with an employee monitoring program without legal advice is certainly an option, though there is an inherit risk to this strategy if the organization is ever called in front of a court. The ethics of potentially violating the privacy rights of individuals in their country should hopefully be of moral concern, as well."

    We've spent a lot of time and resources to make DNS filtration a mature offering that works well and is easy to use.

    You can find out more about this leap frog in technology here:

    https://www.youtube.com/watch?v=ZOWpNPAdfLI

    ...and here:

    https://www.clearos.com/resources/documentation/clearos/content:en_us:7_ug_gateway_management_business

  • I have the same setup at home (4x4tb drives in a MicroServer Gen10). The only thing that I can think of is that you may have the BIOS level RAID turned on. The BIOS RAID (not true hardware RAID) is not compatible with any version of Linux. This includes ClearOS. So if it is on and configured, you won't see the drives.

    When you get to the setup where you can see the drives. I would suggest you create a RAID partition for the base OS (the / partition) of about 80 GB and have it RAID 1 across ALL the disks. That way, you can ALWAYS recover your OS and troubleshoot regardless of how many disks survive a problem. RAID 1 over all disks is pretty awesome when it comes to recovery. Do this with the /boot/ and swap partition as well. Because you cannot RAID FAT, you won't be able to mirror the /boot/efi partition but if you create a /boot/efi1, /boot/efi2/, and /boot/efi3 partition of the same or similar size on the other drives, you can manually copy or sync the data from time to time off of your /boot/efi partition.

    Lastly, create a big RAID for your main data volume. You can also create a RAID 10 here of a portion of your disks if you wanted or needed a 'fast' partition to put VMs, databases, caches, or other speedy things.

    Here is a video on how to set up RAID during the install:

    https://www.youtube.com/watch?v=SrDjWP4eFwE

    If you end up with unused space after the install (because you did a minimal install) and need a manual RAID build process from command line, this video will help:

    https://www.youtube.com/watch?v=JgJkfd8O-j8

    Lastly, because you have a Minebox. You probably qualify for free support here so feel free to send a ticket in ClearCARE through your ClearSDN portal. Or you can chat it out here in the community. Either way, you'll be able to get this going...never fear.

  • Dave Loper
    Dave Loper's reply was accepted as an answer

    Re: Force SafeSearch Engines not working in gateway.management (community version)

    Forced safe search is not a feature of the Community Edition (https://gateway.management/)

    Are you using a version that supports it?

  • Forced safe search is not a feature of the Community Edition (https://gateway.management/)

    Are you using a version that supports it?

  • Dave Loper
    Dave Loper replied to a discussion, Ooops! Folder not found

    You should restore your flexshares to /var/flexshares/shares. The API expects that to be the precise locations for flexshares. That folder should be owned by flexshare:flexshare.

    If you want a mounted drive, or drives to be the target for your flexshares, you should mount them normally and create folders underneath them and then bindmount them to either the entire flexshare or specific flexshares. Bind mounts are quite useful here and once you get the gist of it, you'll love it.

    https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_storage_manipulation_using_bindmounts

    For example, under my /store/data1 folder I bindmount out a large 12 TB RAID RAID 5 array. Under that bindmount I create the following folders:

    /store/data1/live
    /store/data1/backup
    /store/data1/sbin
    /store/data1/log

    In backup, I make backups of my OS and configuration files using a cronjob. I can also bindmount my BackupPC to use this as its storage.

    In sbin, I keep the scripts needed to backup this disk. If I decide to use this array somewhere else, my scripts I use in conjunction with this storage follow my storage. Also, since the scripts are here, I can't accidentally launch a script that will use this folder /store/data1 as a target unless is it mounted...neat.

    In log, I keep log files about my scripts and backup jobs

    In live, I create a folder for this server using its server name (server1). I also created a folder for another server that uses this server for its NFS mount

    In the /store/data1/live/server1 folder I create some folders like:

    /store/data1/live/server1/home
    /store/data1/live/server1/shares
    /store/data1/live/server1/squid-cache

    Then I move stopped the services related, moved the data and then created the bindmounts in /etc/fstab (consult the link above). From there, I can mount the folders and all is golden.

  • Do you have the link to the other forum article you are referencing?