I seem to have run into a little snag using ClearOS 7.x Community Edition.
I am able to access ANY service (I.E. site (web server service - httpd), ftp, etc. etc.) via it's IP Address (example use only) via 192.168.1.5:xxxx (ports 81, 23424, 8080, etc.) but as long it's via the IP, but if I try to access it via it's hostname regardless of service, I end up tearing my hair out as I don't understand why it's not allowing it. Hostname = proxy, proxy.workgroup, proxy.local, proxy.mshome, proxy.xxxxxxx - yes I realise that this *could* be the cause of it, but I highly doubt it, I also own about five domains, with which I have configured this to use proxy.example.com but it seems that my DNS system (TL-ER5120) isn't liking the 'correlation' for some reason, I am able to see all my other WINDOWS units without issues incl. my NAS, and on this I can also access any/all windows units via their hostnames, except for this Linux based box >.
Anyway,
Info about network:
1 x TP Link TL-ER5120,
1 x TP Link TL-ER6120 (VPN use),
1 x 2wire modem (Telstra Broadband),
1 x Netgear DGN1000 (Clubtelco Broadband - Dodo sub-contractor ISP),
1 x TP Link 16 port 1gb Ethernet hub (DMZ connections - from ER5120),
1 x TP Link 24 Port 1gb Ethernet hub (LAN connections - from ER5120),
6 x computers (laptops & desktops),
1 x ClearOS 7.x Community Edition box - setup with: Web Server, Web Proxy, Samba and various other units - Can't think off the top of my head at current ,
3 x Windows Servers = 2 x 2008 units & 1 x 2003 unit,
1 x PS3 - Home Environment ,
1 x Wii - again as above,
won't go further lol, too many to fully list in respect to lan/wan access etc. with the AP's I have as well, this list would end up being several more lines (5+ more or so).
Ok, Now down to the nitty gritty! .
As above, I am unable to access the http://proxy, http://proxy.x hostnames at all, UNLESS I use the Manual Proxy configuration - this is where I start to go cross eyed and loose my head as I just can't figure this part out! - If I configure my browser (regardless of what I use - I.E. Internet Explorer, Chrome, etc.) to use the 192.168.1.5:8080 as the proxy, it will allow me to access all the above services without any issue VIA hostname (though I haven't tested and will not at current - too tired to really be typing this - the hostname samba test > \\proxy), so this is where I get lost and extremely confused, I just can't figure out why it will not allow LAN computers to access the server via it's hostnameort config, I really am confused/lost but then again Linux has always lost me . All LAN units are configured via the ER5120 DHCP - NO OTHER DHCP SERVER/SERVICE IS IN ACTIVE CONDITION - this unit passes all IP's including DMZ (168.192.1.2 - 168.192.1.20) to their respective areas (I.E. LAN scope = 192.168.1.2 -> 192.168.1.100, DMZ scope = 168.192.1.2 -> 168.192.1.20) and it has been set so that I can access either side of the fence. I.E. Lan to DMZ and vice versa for various reasons this needed to be done (mainly due to fall back reasons - RDP and the like ).
Technically speaking I'm an IT guy (with a Cert 2 in IT) so when it comes down to networking and MS based products, I have a fair bit of knowledge, but when it comes to attempting to get something like Linux to play nicely in a MS dominated home space, the Linux/MS users would have a field day with me , and I'm sure the Linux users would shoot me for wanting to 'force' Linux to play nice with MS, same could be said for the MS users though , they'd shoot me for trying to 'force' MS products to play nicely with a single Linux unit, so I guess either case I could be shot lol, making light of the situation I face is my way of helping to escape the harsh reality that it may not work or may end up killing one of my other systems (no Linux or MS is not excused from the possible killers or murdered nor is the DHCP/DNS system either for that matter ), so in reality, the question is:
Q: Can someone help resolve the issue I am facing? I have tried to locate information about it via Google, via the forums and have even tried my hand at some CLI but to no avail, I had to end up killing my ClearOS install for the fifth time just to get it to function again to the point it is at now. Backups were hopeless unfortunately due to the system being so unstable due to the configurations and fun I had with it over the past four installs ;| that backups were not viable or not possible or were corrupted at some point.
Oh yes, I have SSH via Putty, I have the webconfig (IP only access ), etc. so if needed happy to do just about ANYTHING to get it working correctly, Incl. fresh re-installation!
I have also printed a 4 1/5 page list containing Linux 'base' commands (CLI commands), which some work fine but others just don't acknowledge then there are some that I am unable to figure out the 'usage information' on them, aside from this, I have tried to do as much as I can on my own, now it's time to stop pulling hair (and possibly would've been wires later ) and kindly ask the community for their thoughts/assistance, as I really have no clue where/what/how to look at any further.
Oh almost forgot, I'm using a HP Elite 8000 USDT Base Model (with Intel 802.11n Wireless card) as the ClearOS box (specs (from memory): Intel(R) Core(TM)2 Quad CPU Q9505 @ 2.83GHz, 4GB RAM, 80GB HDD (2.5" SATA), any further details please ask as I think I have given as much info as needed for the time. Though this might be useful/helpful as well.
Version > ClearOS release 7.1.0 (Final)
Kernel Version > 3.10.0-229.7.2.v7.x86_64
Cheers and TIA for your assistance.
After saying all this, the main reason for wanting the system to be usable via hostname is for the Samba, web, proxy and other services but the main is the web server (would like to play with proxy auto discovery - due to the content filter being enabled).
So to put in more specific terms: I want to be able to access the system via it's hostname(s)/alias' incl. the webconfig instead of having to constantly use the IP, even if proxy.workgroup can be configured as the PRIMARY hostname and it works, I don't care as long as I can use it via hostname and not via IP all the time as it is at current. I am willing to CHANGE any/all details on the system. I do NOT have a Domain Controller and will NOT set one up, though I have a few systems With PRO versions of MS installed, this is NOT an option.
Systems:
Windows 7 - Home premium, Pro, Starter & ONE ultimate,
Windows 8 - 8.1 Pro x 1 - currently down for repairs > = Toshiba Portege Z10T,
Windows Server 2008 x 1 - Mail & Web Server (domain server - Internet domain server ),
Windows Server 2008 x 1 - Multi server (used primarily for Spiceworks & Boinc),
Windows Server 2003 x 1 - Web Server (subdomain server - Internet subdomain server - Connected DIRECT to modem (2wire) via DMZ),
CLEAROS x 1 - Version 7.1.0 Community Version,
IOS x 3 or 4 - two Ipads & one or two Ipods,
MS Phone x 1 - Nokia Lumia 520 (mobile smartphone),
Android phone x 2 - Samsung Galaxy S5 and Samsung Galaxy S3 (x 2 - both broken and not connected/working),
Unsure what else to add to this list of systems but you get the basics .
Please note though: This IS a HOME environment NOT a business or Workplace environment, even though I do have three servers, these are NOT configured for any "business" related use, originally they were for "test subjects" so that I could LEARN the Server OS, but as time moved on, I gradually became attached to the way they were configured and left them as configured for use as they have been configured now.
Hope all this information helps bring about a resolution to my issue as I would love to play with the Proxy auto discovery feature (not paid though - due to severe case of money being tight) done by myself with help/support from the various systems I have in the house .
If more information is needed to help bring about a resolution, please let me know, and I will try to give you the details needed. I have checked logs and various other means and couldn't find anything relating to any errors that would be preventing access (thought I'd add this ).
Cheers and TIA again for your assistance, hopefully a resolution can be found fairly quickly for this type of issue I'm facing.
I am able to access ANY service (I.E. site (web server service - httpd), ftp, etc. etc.) via it's IP Address (example use only) via 192.168.1.5:xxxx (ports 81, 23424, 8080, etc.) but as long it's via the IP, but if I try to access it via it's hostname regardless of service, I end up tearing my hair out as I don't understand why it's not allowing it. Hostname = proxy, proxy.workgroup, proxy.local, proxy.mshome, proxy.xxxxxxx - yes I realise that this *could* be the cause of it, but I highly doubt it, I also own about five domains, with which I have configured this to use proxy.example.com but it seems that my DNS system (TL-ER5120) isn't liking the 'correlation' for some reason, I am able to see all my other WINDOWS units without issues incl. my NAS, and on this I can also access any/all windows units via their hostnames, except for this Linux based box >.
Anyway,
Info about network:
1 x TP Link TL-ER5120,
1 x TP Link TL-ER6120 (VPN use),
1 x 2wire modem (Telstra Broadband),
1 x Netgear DGN1000 (Clubtelco Broadband - Dodo sub-contractor ISP),
1 x TP Link 16 port 1gb Ethernet hub (DMZ connections - from ER5120),
1 x TP Link 24 Port 1gb Ethernet hub (LAN connections - from ER5120),
6 x computers (laptops & desktops),
1 x ClearOS 7.x Community Edition box - setup with: Web Server, Web Proxy, Samba and various other units - Can't think off the top of my head at current ,
3 x Windows Servers = 2 x 2008 units & 1 x 2003 unit,
1 x PS3 - Home Environment ,
1 x Wii - again as above,
won't go further lol, too many to fully list in respect to lan/wan access etc. with the AP's I have as well, this list would end up being several more lines (5+ more or so).
Ok, Now down to the nitty gritty! .
As above, I am unable to access the http://proxy, http://proxy.x hostnames at all, UNLESS I use the Manual Proxy configuration - this is where I start to go cross eyed and loose my head as I just can't figure this part out! - If I configure my browser (regardless of what I use - I.E. Internet Explorer, Chrome, etc.) to use the 192.168.1.5:8080 as the proxy, it will allow me to access all the above services without any issue VIA hostname (though I haven't tested and will not at current - too tired to really be typing this - the hostname samba test > \\proxy), so this is where I get lost and extremely confused, I just can't figure out why it will not allow LAN computers to access the server via it's hostnameort config, I really am confused/lost but then again Linux has always lost me . All LAN units are configured via the ER5120 DHCP - NO OTHER DHCP SERVER/SERVICE IS IN ACTIVE CONDITION - this unit passes all IP's including DMZ (168.192.1.2 - 168.192.1.20) to their respective areas (I.E. LAN scope = 192.168.1.2 -> 192.168.1.100, DMZ scope = 168.192.1.2 -> 168.192.1.20) and it has been set so that I can access either side of the fence. I.E. Lan to DMZ and vice versa for various reasons this needed to be done (mainly due to fall back reasons - RDP and the like ).
Technically speaking I'm an IT guy (with a Cert 2 in IT) so when it comes down to networking and MS based products, I have a fair bit of knowledge, but when it comes to attempting to get something like Linux to play nicely in a MS dominated home space, the Linux/MS users would have a field day with me , and I'm sure the Linux users would shoot me for wanting to 'force' Linux to play nice with MS, same could be said for the MS users though , they'd shoot me for trying to 'force' MS products to play nicely with a single Linux unit, so I guess either case I could be shot lol, making light of the situation I face is my way of helping to escape the harsh reality that it may not work or may end up killing one of my other systems (no Linux or MS is not excused from the possible killers or murdered nor is the DHCP/DNS system either for that matter ), so in reality, the question is:
Q: Can someone help resolve the issue I am facing? I have tried to locate information about it via Google, via the forums and have even tried my hand at some CLI but to no avail, I had to end up killing my ClearOS install for the fifth time just to get it to function again to the point it is at now. Backups were hopeless unfortunately due to the system being so unstable due to the configurations and fun I had with it over the past four installs ;| that backups were not viable or not possible or were corrupted at some point.
Oh yes, I have SSH via Putty, I have the webconfig (IP only access ), etc. so if needed happy to do just about ANYTHING to get it working correctly, Incl. fresh re-installation!
I have also printed a 4 1/5 page list containing Linux 'base' commands (CLI commands), which some work fine but others just don't acknowledge then there are some that I am unable to figure out the 'usage information' on them, aside from this, I have tried to do as much as I can on my own, now it's time to stop pulling hair (and possibly would've been wires later ) and kindly ask the community for their thoughts/assistance, as I really have no clue where/what/how to look at any further.
Oh almost forgot, I'm using a HP Elite 8000 USDT Base Model (with Intel 802.11n Wireless card) as the ClearOS box (specs (from memory): Intel(R) Core(TM)2 Quad CPU Q9505 @ 2.83GHz, 4GB RAM, 80GB HDD (2.5" SATA), any further details please ask as I think I have given as much info as needed for the time. Though this might be useful/helpful as well.
Version > ClearOS release 7.1.0 (Final)
Kernel Version > 3.10.0-229.7.2.v7.x86_64
Cheers and TIA for your assistance.
After saying all this, the main reason for wanting the system to be usable via hostname is for the Samba, web, proxy and other services but the main is the web server (would like to play with proxy auto discovery - due to the content filter being enabled).
So to put in more specific terms: I want to be able to access the system via it's hostname(s)/alias' incl. the webconfig instead of having to constantly use the IP, even if proxy.workgroup can be configured as the PRIMARY hostname and it works, I don't care as long as I can use it via hostname and not via IP all the time as it is at current. I am willing to CHANGE any/all details on the system. I do NOT have a Domain Controller and will NOT set one up, though I have a few systems With PRO versions of MS installed, this is NOT an option.
Systems:
Windows 7 - Home premium, Pro, Starter & ONE ultimate,
Windows 8 - 8.1 Pro x 1 - currently down for repairs > = Toshiba Portege Z10T,
Windows Server 2008 x 1 - Mail & Web Server (domain server - Internet domain server ),
Windows Server 2008 x 1 - Multi server (used primarily for Spiceworks & Boinc),
Windows Server 2003 x 1 - Web Server (subdomain server - Internet subdomain server - Connected DIRECT to modem (2wire) via DMZ),
CLEAROS x 1 - Version 7.1.0 Community Version,
IOS x 3 or 4 - two Ipads & one or two Ipods,
MS Phone x 1 - Nokia Lumia 520 (mobile smartphone),
Android phone x 2 - Samsung Galaxy S5 and Samsung Galaxy S3 (x 2 - both broken and not connected/working),
Unsure what else to add to this list of systems but you get the basics .
Please note though: This IS a HOME environment NOT a business or Workplace environment, even though I do have three servers, these are NOT configured for any "business" related use, originally they were for "test subjects" so that I could LEARN the Server OS, but as time moved on, I gradually became attached to the way they were configured and left them as configured for use as they have been configured now.
Hope all this information helps bring about a resolution to my issue as I would love to play with the Proxy auto discovery feature (not paid though - due to severe case of money being tight) done by myself with help/support from the various systems I have in the house .
If more information is needed to help bring about a resolution, please let me know, and I will try to give you the details needed. I have checked logs and various other means and couldn't find anything relating to any errors that would be preventing access (thought I'd add this ).
Cheers and TIA again for your assistance, hopefully a resolution can be found fairly quickly for this type of issue I'm facing.
In Web Server
Share this post:
Responses (25)
-
Accepted Answer
-
Accepted Answer
The 82576 used to have driver issues but I thought the later kernel updates fixed them. You could try downloading and installing the latest kmod driver I recently compiled here. If you download it you can install it with a "yum localinstall kmod-e1000e-3.1.0.2-2.clearos7.njh.x86_64.rpm --gpgcheck". You will then need to reboot. Note that I have no way of testing it. It installs in my VM but I don't have the right NIC. If it messes things up you can remove it with an "rpm -e kmod-e1000e" -
Accepted Answer
Nick,
Output of lspci -k | grep Eth -A 3:
lspci -k | grep Eth -A 3
00:19.0 Ethernet controller: Intel Corporation 82567LM-3 Gigabit Network Connection (rev 02)
Subsystem: Hewlett-Packard Company Device 3648
Kernel driver in use: e1000e
00:1a.0 USB controller: Intel Corporation 82801JD/DO (ICH10 Family) USB UHCI Controller #4 (rev 02)
Hope this helps.
Only have the Ethernet (gb type - connected direct to ER5120) connected, as the wireless isn't 'functional' due to the system not being in 'gateway mode' assumedly, but would prefer the Ethernet interface in any case for the obvious (speed wise & less connection issues ).
Cheers. -
Accepted Answer
-
Accepted Answer
Nick,
I have noticed, if I configure my laptop to use: 172.16.118.12 (originally DHCP > Static), sub: 255.255.0.0, Gate: 172.16.118.160 (using 33 - Proxy - doesn't work ) and DNS: 172.16.118.33, works like a charm. Able to access all sites, and also now able to access http://proxy.workgroup but not the other alias' that were configured, only thing I can think of here is that the system wasn't configured correctly for others , but that's all good, I'll change the configuration to wpad.workgroup later down the track but just for now, I'll leave the settings as they are .
Oh, using the tcpdump command suggested is showing what is/was needed , good memory there . I think all in all, everything is now working correctly, but will not change the DHCP config for a few days or so, so that I can confirm the system will continue to work correctly.
The reason I say that (continue to work correctly) is that the ClearOS box has a couple of times 'dropped out' for some reason. 'dropped out' means that the system has stopped responding to port 81 and a couple of other essential systems, and the only way to get the unit back to working is to console restart it.
I'll leave it here and hope all will be good , I'll set as answer once the system has been running with current config for a few days (most likely Friday when I decide if the system is fully complete, then change required hostname to wpad ).
Cheers. -
Accepted Answer
Nick,
Not sure if it is configured as Non-Transparent or Transparent, how would I find this? As I have been over all menu items, and don't recall seeing any such option anywhere. I'll give your suggestion a try - iptables ........... - and then try using the DNS system again.
On completion of testing I'll let you know the result(s).
Cheers. -
Accepted Answer
I am running out of ideas now.
Is the transparent proxy enabled in ClearOS? If so, can you try disabling it? If that works, can you try bypassing it for DNS. I think the iptables rules you need are:
The tcp rule is not so important.iptables -t nat -I PREROUTING -p tcp --dport 53 -d 172.16.118.33 -j ACCEPT
iptables -t nat -I PREROUTING -p udp --dport 53 -d 172.16.118.33 -j ACCEPT
Another idea is, for the external DNS in ClearOS, can you try making the first one 127.0.0.1, then 172.16.118.160 or GoogleDNS?
Another thing to do is sniff the packets with tcpdump to see if they are arriving and departing OK. You may need to google tcpdump as I don't know it very well. I think the command
should work for incoming requests. For return packets try tcpdump -i enp0s25 src 172.16.118.33 and udp and src port 53[/code]ctl-c should stop the monitoring.tcpdump -i enp0s25 dst 172.16.118.33 and udp and dst port 53
-
Accepted Answer
Nick,
Sorry just re-read your reply.
service dnsmasq status -l
Redirecting to /bin/systemctl status -l dnsmasq.service
dnsmasq.service - DNS caching server.
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled)
Active: active (running) since Sun 2015-12-06 01:11:07 AEST; 2h 33min ago
Main PID: 1521 (dnsmasq)
CGroup: /system.slice/dnsmasq.service
└─1521 /usr/sbin/dnsmasq -k
Dec 06 01:11:07 proxy.example.com systemd[1]: Starting DNS caching server....
Dec 06 01:11:07 proxy.example.com systemd[1]: Started DNS caching server..
Dec 06 01:11:07 proxy.example.com dnsmasq[1521]: started, version 2.72 cachesize 5000
Dec 06 01:11:07 proxy.example.com dnsmasq[1521]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect
Dec 06 01:11:07 proxy.example.com dnsmasq[1521]: reading /etc/resolv-peerdns.conf
Dec 06 01:11:07 proxy.example.com dnsmasq[1521]: using nameserver 172.16.118.160#53
Dec 06 01:11:07 proxy.example.com dnsmasq[1521]: read /etc/hosts - 4 addresses
Please note proxy.example.com is NOT the actual domain, but I am not willing to risk my site(s) by placing the actual domain name , hope you understand - I have another two (.net & .info) using the same, but the .info has been under attack for ages and recently the .net & .com has had one or two attacks since I got them) which are hosted at my home using ADSL2+ connections, so I can't really risk 'leaking' them, as for one, one of the subdomains (server 03 system) has been under constant attack (DOS, DDOS, FTP hacking, site hacking, etc.) and the rest (subs and primary i.e. x.domain.com & www.domain.com|domain.com) have also been under attack, so don't really want to risk additional exposure, though none of the sites are "listed" as such.
Cheers,
Hopes this helps. I honestly can't really see where the error/issue is, even now. -
Accepted Answer
I forgot that detail - Google's DNS 8.8.4.4, I'll try again later on.
iptables -nvL - output
[root@proxy bin]# iptables -nvL
Chain INPUT (policy DROP 47789 packets, 11M bytes)
pkts bytes target prot opt in out source destination
289 21964 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
64 2992 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
50 2852 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP all -- enp0s25 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- enp0s25 * 169.254.0.0/16 0.0.0.0/0
7752 1016K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
143 4147 ACCEPT icmp -- enp0s25 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
29 3174 ACCEPT icmp -- enp0s25 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
95 4752 ACCEPT icmp -- enp0s25 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- enp0s25 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
23 7784 ACCEPT udp -- enp0s25 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- enp0s25 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 172.16.118.33 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:2121
12 516 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:2003
0 0 ACCEPT udp -- * * 0.0.0.0/0 172.16.118.33 udp dpt:123
3 234 ACCEPT udp -- * * 0.0.0.0/0 172.16.118.33 udp dpts:137:138
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:32400
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:8000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:8080
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:6588
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:1080
4 172 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:139
4 172 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:445
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:23424
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:51413
1163 191K ACCEPT udp -- * * 0.0.0.0/0 172.16.118.33 udp dpt:51413
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:9091
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:3128
1678 158K ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:22
1665 1200K ACCEPT tcp -- * * 0.0.0.0/0 172.16.118.33 tcp dpt:81
281 41160 ACCEPT udp -- enp0s25 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
345 259K ACCEPT tcp -- enp0s25 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
7838 1021K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
238 8899 ACCEPT icmp -- * enp0s25 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * enp0s25 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * enp0s25 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:53
0 0 ACCEPT udp -- * enp0s25 172.16.118.33 0.0.0.0/0 udp spt:53
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:20
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:21
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:2121
6 276 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:80
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:2003
289 21964 ACCEPT udp -- * enp0s25 172.16.118.33 0.0.0.0/0 udp spt:123
37 8886 ACCEPT udp -- * enp0s25 172.16.118.33 0.0.0.0/0 udp spts:137:138
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:32400
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:8000
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:8080
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:6588
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:1080
3 132 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:139
3 132 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:445
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:23424
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:51413
1469 147K ACCEPT udp -- * enp0s25 172.16.118.33 0.0.0.0/0 udp spt:51413
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:9091
0 0 ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:3128
1709 496K ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:22
1363 798K ACCEPT tcp -- * enp0s25 172.16.118.33 0.0.0.0/0 tcp spt:81
6108 773K ACCEPT all -- * enp0s25 0.0.0.0/0 0.0.0.0/0
Chain DROP-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 -
Accepted Answer
The VPN issue is nothing to do with DNS. It is more that if the LAN local to the road warrior and your home LAN overlap or are the same, you risk being able to make the connection OK but traffic does not pass. The bigger your subnet, the more likely it is to happen.
From the symptoms it looks like ClearOS can resolve IP's both when configured to use the TP-Link and Google as a DSN supplier. The issue is that other machines cannot us ClearOS as a DNS cache. Is dnsmasq actually running ("service dnsmasq status")?
Also, from ClearOS, what is the output of:
- in code tags.iptables -nvL
[edit]
BTW, As far as I know, GoogleDNS is 8.8.8.8 and 8.8.4.4 and not 4.4.4.4.
[/edit] -
Accepted Answer
Nick,
The VPN unit uses IP's: Allocated from the 5120 172.16.118.14 (LAN) & 152.168.1.7 (DMZ), then it uses LAN DHCP 192.169.0.1:255.255.255.0 & the VPN uses 192.169.1.x:unknown for the VPN DHCP. Generally speaking to my knowledge all in all I haven't had any DNS related problems with this configuration or anything like that, so I'm unsure what is causing this sort of issue now.
Jon/Nick,
Would like to let you know that configuring a pc to use the ClearOS Gateway & DNS settings only, the pc failed even if I configured ClearOS with google's DNS server addresses (4.4.4.4 & 8.8.8.8), it seemed that the only site I could access then was google.com|.au, but couldn't access any other site. Do you guys have any other suggestions for me to give a try? I am at a loss as to why/what could be causing this issue, I don't think it's got anything to with my ER5120 or ER6120 configuration, but I think I may have an error on the ClearOS system.
Yes, it is in 'standalone mode w/firewall', and I have enabled port 53 UDP/TCP incoming.
List of Incoming Allowed connections:
DNS-TCP TCP 53
DNS-UDP UDP 53
FTP FTP TCP 20
FTP FTP TCP 21
FTP_Homes FTP Homes TCP 2121
HTTP HTTP TCP 80
Mailfilter TCP 2003
NetBIOS UDP 137:138
NTP NTP UDP 123
Plex_Media_Server Plex Media Server TCP 32400
Proxy_8000 Proxy/8000 TCP 8000
Proxy_8080 Proxy/8080 TCP 8080
Proxy_AnalogX Proxy/AnalogX TCP 6588
Proxy_SOCKS Proxy/SOCKS TCP 1080
Serviio TCP 23424
SMB SMB TCP 139
SMB_over_TCP SMB over TCP TCP 445
ssh_server SSH TCP 22
Transmission Transmission TCP 51413
Transmission Transmission UDP 51413
Transmission_Web Transmission Web TCP 9091
Unknown TCP 3128 (apparently used by Squid reference from a google search for "port 3128")
webconfig Webconfig TCP 81
Aside from these (I have these services operating and they seem to operate quite fine via IP only though) I am unsure if there is additional ports that should be opened or if these are all fine to be opened or if one or more is causing the issue. Completely unsure as this is pretty much the first time I've attempted to bring in a 'proxy' into my network and also the first time I've changed any DNS/DHCP settings (in general for my network) to get anything to operate correctly, usually connect a piece of equipment and 'just works' , aside from some minor alteration (when absolutely required) (I.E. PS3 needing port forwarding, etc. but these aren't really network wide changes as these are just via the 'switch' only, then it takes care of everything network related, haven't needed to change DNS, Gateway or DHCP settings since configuration when I got the unit), so I'm sure it's understandable that I haven't got a clue as to what/why/how this is happening. The subnet masks don't seem to be playing too much into it, the IP's don't seem to be either, so I'm at a complete loss as to what could be causing the ClearOS box not to function correctly. If I use it as the proxy server (in browser), I can still access all sites just like I was connected directly to the modem, so I can't understand why DNS or the gateway settings are not working correctly.
Though the only thing that sort of comes to mind is because it's in standalone mode w/firewall not in gateway mode, which I don't think is possible due to only having a single 'network' connection (aside from the Wireless card (intel branded) in it) in it or am I incorrect in my thoughts here? If the unit can be used via Wireless (WAN type connection) and use the network interface for the LAN connection, I could use another switch (a 16port gb hub) then connect a laptop directly to the 16port hub to do tests, and if all is successful (incl. the proxy file being handed out and the proxy working), then I'll connect the 'sections' that I would like "protected".
Cheers. -
Accepted Answer
172.16.118.x implies a subnet mask of 255.255.255.0 (/24) and not 255.255.0.0 (/16) which would be 172.16.x.x. A subnet of /16 allows you 65534 (2^16 - 2) possible IP addresses which I would have thought was huge in the domestic environment. If you ever want to use VPN's to access your system then you run a greater risk of a subnet clash. Anyway, that is up to you.
Have you by any chance set up ClearOS in Standalone mode (i.e. with firewall)? If you have, you'll need to open up incoming udp:53 and tcp:53 for DNS or switch to Standalone - No Firewall" -
Accepted Answer
Nick,
I should've just put forth IP's in the first place , 172.16.118.x is the actual range, and yes the DNS is set to the gateway (er5120 - 172.16.118.160) and yes the subnet mask is 255.255.0.0.
I didn't think to give it a try, usually I'd go looking for the information needed, though in my case, the forums was my only option for help on this matter, though, with regards to the ether file, I really didn't give too much thought to it, as I was extremely tired when I was typing so I think I may've made the post slightly 'double Dutch' in some places .
The modems IP's are: 2wire = 10.0.0.138 (original IP setting), Netgear DGN1000 = 192.168.1.1, the ER5120 has the IP of: 172.16.118.160:255.255.0.0 (DHCP, DNS), 10.0.0.1 (from 2Wire Modem - am able to 'manage' the modem internally via the standard IP (10.0.0.138) & 192.168.1.2 (from Netgear Modem - same as 2wire (able to manage)), 152.168.1.1:255.255.255.0 (DMZ connection), both 2008 servers are connected to both LAN & DMZ connections as these connections are *required* for both external and internal use.
I hope this has cleared up the misunderstandings and have also resolved some issues imposed by me , sorry about that, just didn't really think too much on the IP subject, I also completely forgot my network was protected by the TP-Link unit's firewall and various other devices (modems).
As for the code tags, I didn't think about them until you mentioned them (other is I didn't really know how to use them until I had a good look at the 'menu bar', I'll use them from now on).
Jon,
I'd prefer to do one computer first to ensure that it will work fully before I go ahead and change DNS settings on the whole, because if the DNS isn't working correctly via one PC then it'll be more than likely that it won't work with the rest of the network devices .
I'll give your suggestion a try and let you know what the outcome is.
Cheers. -
Accepted Answer
-
Accepted Answer
I've edited your post to use code tags. Please use them when giving output from the console or a formatted file. It makes the post so much easier to read.
One thing which jumps out is resolv-peerdns.conf. It looks like you have no DNS server specified for the NIC. If you've given ClearOS a static IP, have you forgotten to set the DNS server (probably to your router)? Having said that, I ma not sure why your host command would work but it did.
Are you really using a /16 network on your LAN (interface netmask = 255.255.0.0)? I've guessed this as you've hidden the other settings (which makes it hard to diagnose and does not give you any more security as you are already behind a router), but you show a broadcast address of 192.168.255.255 and you earlier gave a LAN IP of 192.168.1.5 (which you've now chosen to munge). The only way that is possible is with a /16 network. What is your router set to for its subnet mask?
I'd agree, don't change the DHCP server until the DNS server is working.
For the ethers file you'd have found out if you tried fixing one - even a mythical one - but here is a subset of mine:# see man ethers for syntax
00:1e:8f:4a:26:d2 172.17.2.3
00:1b:21:1c:65:9d 172.17.2.100
00:1c:c0:39:18:10 172.17.2.102 -
Accepted Answer
Contents of resolv-peerdns.conf:
; generated by /usr/sbin/dhclient-script
search WORKGROUP
nameserver DHCP/DNS gateway
nameserver 0.0.0.0
--------------------------------------
contents of dnsmasq.conf:
bogus-priv
cache-size=5000
conf-dir=/etc/dnsmasq.d
dhcp-authoritative
dhcp-lease-max=1000
domain-needed
domain=proxy.example.com
expand-hosts
no-negcache
port=53
resolv-file=/etc/resolv-peerdns.conf
strict-order
user=nobody
-------------------------------------------------
ifconfig details:
enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet IP-address netmask subnet-mask broadcast 192.168.255.255
inet6 fe80::1aa9:5ff:fef7:fcad prefixlen 64 scopeid 0x20<link>
ether 18:a9:05:f7:fc:ad txqueuelen 1000 (Ethernet)
RX packets 50248 bytes 33443632 (31.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22759 bytes 4563456 (4.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 19 memory 0xf0500000-f0520000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 3575 bytes 568739 (555.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3575 bytes 568739 (555.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wls1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:18:de:37:84:4d txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
----------------------------------------------------------------------------------------
Host command:
host google.com
google.com has address 216.58.220.142
google.com has IPv6 address 2404:6800:4006:800::200e
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
-------------------------------------------------------------------------------------------
All above commands were used via remote ssh (putty) via my laptop.
---------
When changing details on the systems, I change the DNS from the gateway to the ClearOS (primary) and to the Gateway (secondary), this works to a degree, but if I just use the ClearOS unit as the only DNS entry, I am unable to access anything (excluding internal uses - mainly via IP access but some I can access via hostname).
I haven't tried placing the ClearOS unit as Gateway+DNS+WINS as I haven't given it much thought, though I think I'd run into the same problem . But I can give it a try and let you know how I go if you'd like. Unsure what else to try or to give, wish the site would put the reply box closer to the top , I'll just have to start either printing the full pages or copy and paste 'sections needed' so that I can advise what each 'setting' is.
Nick, I hope I have answered what you need. If not let me know, I'm willing to go as far as setting the ClearOS as the gateway, DNS & Wins, but again don't want to remove DHCP YET, unless the unit will not work whatsoever without being the "lone wolf backer (in other words DHCP, DNS, gateway, etc.)" if I can get away with it, as I don't really want to screw too much with my configuration due to the amount of work, sweat and swearing that went into it , to get it to the point it's at now (working perfect, aside from the occasional hacking prick that tries to hack the web servers x2 (08 & 03 server) ftp and others >, aside from this, the system works pretty well, and I can't fault it. I've had the ER5120 for over 3 years now, and the 6120 for about 2 1/2, so don't really want to screw with them too much in case they 'break' .
In either case though, I am will to take them offline, though this will prove to be a very problematic situation as the 5120 does the load balancing between the two WAN connections + DHCP + DNS + port forwarding ++++, so taking it offline or changing too much will cause a network failure.
I also had a look at the /etc/ether section and there was nothing in there (no indication of HOW to enter the host:mac/mac:host etc. are you able to advise? The other on this thought is I assume the mac would be like 12:34:56 not 12-34-56, so these would need to be converted prior to importing.
These are the services:
Active Accounts Caching Server nscd boot
Active Accounts LDAP Connector nslcd boot
Active Content Filter Engine dansguardian-av boot
Active DNS Server dnsmasq boot
Active Events and Notifications clearsync boot
Active FTP Server proftpd boot
Active Greylisting postgrey boot
Active Intrusion Detection System snort boot
Active Intrusion Prevention System snortsam boot
Active Mail Filter Engine amavisd boot
Active MariaDB Database Server mariadb boot
Active Network Map arpwatch
Active NTP Server ntpd boot
Active OpenLDAP Server slapd boot
Active Plex Media Server plexmediaserver boot
Active Samba File Server smb boot
Active Samba NetBIOS Services nmb boot
Active Samba Winbind winbind boot
Active Serviio Media Server serviio boot
Active SMTP Server postfix boot
Active SSH Server sshd boot
Active Suva suva boot
Active System Database system-mariadb boot
Active System Logger rsyslog boot
Active Task Scheduler crond boot
Active Transmission BitTorrent Client transmission-daemon boot
Active Web Proxy Server squid boot
Active Web Server httpd boot
If you need additional information, let me know happy to provide - of course except passwords lol.
Cheers hope this helps find a resolution soon, getting closer to thinking the ClearOS system might be a 'waste of time' and decommissioning the system to install other OS'S or try my hand at another windows based proxy again failed last time, but seemed that DNS hostnames was working correctly. I think what it might be is that my windows systems don't want to play nice with the ClearOS Linux based box . I'll leave it there until I hear back.
Cheers. -
Accepted Answer
I've just skimmed through the user guide again and I can't see where you can add host names. Can you give me a page number?
First off, how is ClearOS configured? What is the contents of (hoping 6.x and 7.x are the same) /etc/resolv-peerdns.conf and /etc/dnsmasq.conf? resolv-peerdns.conf should point to the internet or your router.
Is the app running ("service dnsmasq status" will do but there should be a native systemd command as well).
Can ClearOS resolve host names e.g. what is the output of "host google.com"?
What is the output if "ifconfig"?
When you are changing the router DHCP server are you Just changing the DNS entries - not the gateway entry.
If DNS lookups work on ClearOS, ignoring the router, on a PC can you point its DNS entry to ClearOS only and see what happens?
Longer term, the TP-Link DHCP server looks weak. If you wanted to use the ClearOS DHCP server you may me able to populate your static leases very quickly. They can be put straight in /etc/ethers and you may be able to copy them out of the TP-link screen. If you use the ClearOS DHCP server you can get it to hand out the WINS server IP, WPAD file location and one or two other things.
Conceptually I think you should be able to use ClearOS as a proxy with only one NIC. If you want it as a transparent proxy you should be able to configure the router DHCP to hand you the ClearOS IP as the gateway then have ClearOS point to the router as its gateway. You'd also have to enable IP forwarding. I don't use the proxy so I don't know if ClearOS supports this configuration. However, the world is conspiring against transparent proxies as web sites switch to https instead of http. The proxy cannot intercept https traffic. Is should also work in a similar way as a non-transparent proxy but you may want to use the ClearOS DHCP server to hand out a WPAD file or you'll need to configure all LAN devices manually to use the proxy. In both cases you'll probably want to block all LAN -> WAN traffic at the router except from ClearOS. This will stop people bypassing the proxy. -
Accepted Answer
Nick,
The TL-ER5120 does have a configurable DNS section, though if I set a computer to use the ClearOS box only as the DNS server, it cannot access the internet and I don't know what to try next. I have almost tried all sorts of configurations but the only configuration that sort of worked is if I used both the ER5120 and ClearOS dns settings (ClearOS unit first then ER5120 as secondary) I could access the internet fine, so I really don't know what to do.
I can configure a temporary configuration with my computer(s) but would prefer one DNS entry only but if my systems aren't going to be able to access the internet using the ClearOS box being the DNS only server and the ER5120 as the DHCP server, then I don't really have much choice but to keep using the ER5120 as both DNS and DHCP and just manually configuring specific devices to use the other services that I want to be used via the ClearOS box.
Do you have any suggestions?
I have attached a Quick Installation Guide for reference relating to the ER5120 unit. Just a pity the site doesn't support multiple uploads - I would've uploaded the ER5120, ER6120 and the Netgear DGN1000. Though in some cases these manuals may not be too much use as they don't show enough information :|.
Cheers. -
Accepted Answer
I've had a quick look at your router manual and it does not appear to have a configurable DNS server so you will probably want to use ClearOS.
In the router, change the DHCP configuration you and out the ClearOS IP for the primary DNS and the router LAN IP as secondary (for backup).
In ClearOS, you can set the WAN DNS server to your router's IP address.
Now if you reboot a PC or release and renew its IP address, it should pickup ClearOS as its DNS server. You can then configure this as you want.
You can continue to use the router as your DHCP server -
Accepted Answer
All you have to do for a working DNS is adding the entries to your DNS server wich is now the ER5120 then it should work. To get Clearos to work as a transparant proxy it also have to be the gateway typical 2 network cards. If you draw a network map you wil see that you have to if you use a proxy. Or is it a reverse proxy server you want. -
Accepted Answer
Lex,
Yes I do have two WAN connections coming into the house, the ER5120 take care of the 'balancing act' for these, from here on Wan1 = Bigpond, Wan2 = Clubtelco. If Wan1 goes down, the system will automatically switch to Wan2, and vice versa, but also in saying this, the system doesn't have a fall over type setup, these connections are used 'together'. I.E. If a LAN pc does a 'whatismyip' it will come back as one or the other, sometimes if done twice (after a few minutes) the IP would've changed. So this is mainly the reason for the 5120 being fully responsible for everything (DHCP, DNS, etc.).
With regard to setting up the ClearOS box as the DNS server, I'd just need to configure the DHCP to send DNS requests via it or am I mistaken? I believe I have attempted this before, adding 192.168.1.1 (er5120) and 192.168.1.5 (clearos) in the DNS entries, clearos 2nd (if I remember correctly), but as I recall the system failed - I.E. would not allow me to access anything, though the clearos system was set so it's own internal DNS would go via 192.168.1.1, unless this is incorrect. But I don't think I have incorrectly set anything up, I'm pretty sure everything had been setup correctly.
cheers. -
Accepted Answer
I get the feeling that your entire network is failing by complexity and could be much more simply, but that's a feeling. If you can draw a network map with your devices and connections it will be much easier for use to help you out. Because from wath I read I think you have 2 wan connections for instance. But the first wich you have to do is fill your DNS server with the internal IP and hostnames. -
Accepted Answer
You can separate DHCP and DNS. There is no problem with running a DHCP server on a different box. I think (the post is to long for me to concentrate on for the moment) the key to this is to have entries in your DNS server pointing to the LAN IP's for your devices. This can be the ClearOS DNS server but does not have to be. -
Accepted Answer
Lex,
no the system isn't configured as Gateway. Configuring the DNS, DHCP on the ClearOS unit would be quite a pain as I have configured the ER5120 with DHCP, DNS and Firewall incl. MAC filtering, so configuring the ClearOS system would be quite a pain due to this fact, I have needed to add several MAC addresses and have also added DHCP 'preallocation'. Would there be a way to be able to 'copy' all these settings from the ER5120 > ClearOS without having to do it manually?
Manually adding these MAC's and configuring as required would be an extremely tedious task due to the complexity of my home network, and the shear amount of devices within it.
If I am going to use the ClearOS unit for DNS, DHCP and everything else, it would need to support a single connection (WLAN is secondary connection - LAN (ETH0) is primary) as using the WLAN wouldn't work well enough (due to all AP's being re-routed via the ER5120 DHCP = Conflict, regardless of if ClearOS is DHCP using both connections). I honestly do need to be able to use the network as is with the ClearOS unit being able to serve it's site internally without the need for it to be configured as the DHCP, DNS, etc. If at all possible that is.
I'll leave it here for the time being. Thank you for your advice Lex, I'll consider it only if unable to use the current network config with clearos.
Cheers. -
Accepted Answer
Wel you neef to configure THE dns server best thing to do kill the other dhcp server use clears dhcp server and configure the Dons server with the internal ip addresses that they can be resolved.
Really works perfect and you have got the control, did you also configure clears as gateway otherwise the proxy makes no sence.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »