I'm trying to install ClearOS on a PCEngines APU board - namely the apu2c4. Notice that this board does not have video out, but does have a serial port.
Installation over serial is fine, however I cannot for the life of me get through the webconfig.
I go through the OS install, connecting eth0 to my modem so that it will be the external interface, and eth1 to my LAN. eth0 picks up a DHCP address from my ISP no problem, and I can manually assign an IP address to eth1 once the system comes up.
At this point I can ping to/from the board with no problems. Then I try to access the webconfig. I can log in just fine, and can select to put the box in gateway mode. However, once I get to the next page, where NICs are assigned, all connectivity to the system drops.
By this I mean eth1 still has the same static IP address (and for the record eth0 still has the address from my ISP), but I can no longer ping from the system to anything else on the network, receiving a "ping: sendmsg: operation not permitted" error, nor can I ping it from anything else on the network (Destination Host Unreachable). Keep in mind I'm on a flat network at this point for the LAN. Just the ClearOS install and 3 other machines with static IPs in the same subnet that could all ping it before. Pinging an Internet address like Google works intermittently, it will either work just fine or I get the same operation not permitted error; I've not found a rhyme or reason to this.
This does not change when I try any or all of the following:
- Flushing all iptables rules
- Bring eth1 down and assigning the IP to eth2
- Assign a different IP in the same subnet to eth2
- Any amount of network services restarts
- Restarting the box
Why is it dropping connectivity like this when the webconfig gets to the NIC assignment page? For the record, it correctly detects the external/LAN NICs and their IP settings.
Why is there no CLI configuration tool for the initial setup? It damn near looks like ClearOS requires a GUI which makes absolutely no sense for a network device.
I desperately want to use ClearOS but it is being a major pain in the neck before it's even configured.
Installation over serial is fine, however I cannot for the life of me get through the webconfig.
I go through the OS install, connecting eth0 to my modem so that it will be the external interface, and eth1 to my LAN. eth0 picks up a DHCP address from my ISP no problem, and I can manually assign an IP address to eth1 once the system comes up.
At this point I can ping to/from the board with no problems. Then I try to access the webconfig. I can log in just fine, and can select to put the box in gateway mode. However, once I get to the next page, where NICs are assigned, all connectivity to the system drops.
By this I mean eth1 still has the same static IP address (and for the record eth0 still has the address from my ISP), but I can no longer ping from the system to anything else on the network, receiving a "ping: sendmsg: operation not permitted" error, nor can I ping it from anything else on the network (Destination Host Unreachable). Keep in mind I'm on a flat network at this point for the LAN. Just the ClearOS install and 3 other machines with static IPs in the same subnet that could all ping it before. Pinging an Internet address like Google works intermittently, it will either work just fine or I get the same operation not permitted error; I've not found a rhyme or reason to this.
This does not change when I try any or all of the following:
- Flushing all iptables rules
- Bring eth1 down and assigning the IP to eth2
- Assign a different IP in the same subnet to eth2
- Any amount of network services restarts
- Restarting the box
Why is it dropping connectivity like this when the webconfig gets to the NIC assignment page? For the record, it correctly detects the external/LAN NICs and their IP settings.
Why is there no CLI configuration tool for the initial setup? It damn near looks like ClearOS requires a GUI which makes absolutely no sense for a network device.
I desperately want to use ClearOS but it is being a major pain in the neck before it's even configured.
Share this post:
Responses (5)
-
Accepted Answer
Have you tried the latest 7.2 just released? It cleared up all my problems.
Also see Peter's request in https://sfj48-fkj200.heiksthsd.cf/clearfoundation/social/community/firewall-in-panic-mode-after-restart -
Accepted Answer
I wonder if you are falling foul of the same thing as I did...
This is from my freshly booted Version 7.2 system. (It did the same during install...)
[root@sandra ~]# netstat -nlp | grep 81
tcp6 0 0 :::81 :::* LISTEN 700/webconfig
unix 2 [ ACC ] STREAM LISTENING 18481 1468/master private/discard
[root@sandra ~]#
I don't have ipv6 - so how am I supposed to access webconfig?
Now if we do this :-
[root@sandra ~]# sysctl -w net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.all.disable_ipv6 = 1
[root@sandra ~]# sysctl -w net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6 = 1
[root@sandra ~]# netstat -nlp | grep 81
tcp6 0 0 :::81 :::* LISTEN 700/webconfig
unix 2 [ ACC ] STREAM LISTENING 18481 1468/master private/discard
[root@sandra ~]# service webconfig restart
Redirecting to /bin/systemctl restart webconfig.service
[root@sandra ~]# netstat -nlp | grep 81
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 6385/webconfig
unix 2 [ ACC ] STREAM LISTENING 18481 1468/master private/discard
[root@sandra ~]#
We now have access - absolutely stupid.... that and the confusion over naming of kernels and I have put my Version 7.2 test machine to bed. -
Accepted Answer
-
Accepted Answer
Tony Ellis wrote:
Have you tried the latest 7.2 just released? It cleared up all my problems.
Also see Peter's request in https://sfj48-fkj200.heiksthsd.cf/clearfoundation/social/community/firewall-in-panic-mode-after-restart
I tried both on 7.1 and 7.2, same result.
I then spent 5 minutes installing pfsense and everything is working. -
Accepted Answer
Jake - sorry it didn't work out for you...
I have run pfSense in the past. Really good firewall with lots of options and tuning knobs together with brilliant reports. I especially liked the way they implemented multiwan. I discontinued as I wanted to consolidate everything onto a single platform as much as possible - currently Redhat-based linux. I wasn't prepared to invest the time and self-education to investigate running a BSD based workstation for my daily needs.
EDIT: forgot to add... I also really like the ability to run from a live CD within minutes so you can test and not commit to disk.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »