My Community Dashboard

Toggle Sidebar
News Feed
  • Tested the iptables rule and it works for me, but if you have a look at the resulting rule in iptables with an:I noticed the times are all in UTC (or GMT). Once I corrected for this it worked. One disadvantage is you'll need to remember to redo the rules if you have some sort of daylight saving time.

  • Nick Howitt

    Are you using ClearOS as your mail server? It looks like you are from the components you have installed. If you are, please remove the mail forwarding. That is for you are passing e-mails through the ClearOS mail server to another server and just using ClearOS for spam filtering and AV. Also remove the Destination Domains. If you are using ClearOS just for spam filtering and AV, then the domain you are forwarding must not be the Mail Domain or a Destination Domain. Have a look at the docs from the link towards the top right of the SMTP server configuration screen.

    Also for mails to root, have you aliased them to a valid mailbox? The easiest way is to edit /etc/aliases and add an entry at the bottom. Mine is:Then issue the "newaliases" command from the command line.

  • Hello Peter

    Sorry, I may have misunderstood your problem. I was under the impression that your second VM was attempting to access your Gateway VM prior to it being operational.

    You may be running into hardware contention issues which in you case creating a racing situation? I have read that it is not recommended to run a Gateway as VM's, mostly because of clock issues but who knows what else? I am as culprit as you are, I also run my home gateway from a VM though I do not use Dropbox and Squid.

    You may have to experiment and delay the start of Squid? or maybe you can try this fix: Title This solution is for another problem and a bit of a shot in the dark but I recently discovered that I was having a conflict with the start of the firewall and fail2ban.

  • I tested the Web Access Control app and it didn't fulfill my requirements. Squid in transparent mode cannot control access to secured sites (https). And in non-transparent mode, it brings more problems than it solves!

    I hope for the iptables to work with time matching, as it's my last solution to implement time-controlled access. (My Asus router has parental control only in router mode and I'm currently operating it in access mode with cleaOS)

  • crontab may not be as easy as you think if you cover the edge case of the server restarting during a blocking period. I've been using a scripted solution, partly in crontab and partly in the firewall scripts. I was doing this before the Web Access Control module was created.

    If I get time later I'll try to look at time matching in iptables.

  • Fingers crossed - :)

    What speed is it rebuilding?

    What did you do to get the array started?

  • Leon
    Leon replied to a discussion, Changing non-raid drive, breaks Raid

    Hi Tony

    Yes, not ideal, but i had old P4 3GHz with 4Gig Ram and 2x SATA4000 SI 3114 SATA I 1.5 Gb/s as my previous server.
    It worked fine for what i need it to do.

    Server is busy rebuilding..... should be done in 38 Hours, so let's see.
    I either have data back or nothing....

  • By the way, I'm aware of the possibility to do parental control with iptables using crontab, but I want to minimize my access to the shell as much as possible. This is why I chose to use the Customer Fire app to do this task.

  • Matching Time in IPTables and ClearOS 7.3

    After giving up with squid and removing the Proxy app, I switched to iptables and have been trying to utilize the Customer Firewall app. My purpose is to control my kids' access to the Internet.

    I started with a simple rule, such as:
    , and it worked. So, I impeded the access for a certain period of time: , but this did not work!

    I searched the forum to know why it did not work. I found the following post saying the time matching was not supported in iptables for COS 5, but it came later in COS 6.1.
    https://www.clearos.com/clearfoundation/social/community/timed-outgoing-firewall-rules#reply-37699

    I'm wondering now if this feature was later removed from COS and is not longer supported?

    Thank you.

  • If you get another firewall panic, please can you restart the firewall in debug mode with the following command:If it then panics, please post the output.