ClearFoundation

Hello

Very happy with the Clear, but I have a little problem.
Use eth0, eth1, eth0 It is an external ip route and the eth1 is a class of its own ip (a total of 64 ip)
Unfortunately the Internet go through eth1 is necessary to keep the firewall turned off (Standalone Mode - No Firewall), How do I start the firewall, no internet going through eth1.
What can I do

Hi vrtro,

First of all let me see if I understand what you currently have and were you want to go ...
You are running ClearOS in stand alone mode with no firewall.
eth0 = Internet and eth1 = LAN
What you want is to change to gateway mode with firewall..
eth1 = Internet ... so eth0 must become LAN
I don't understand why you want to change the roles of eth0 and eth1.
For as far as I know it does not matter what eth# you use for LAN, Internet or otherwise.

Please confirm or deny if this is what you want to achieve and if not, please clarify.

Greetings,

John

Install the firewall module and block outgoing port 80. Better yet, install the advanced firewall module and you can block outgoing port 80 on the mac address for eth1. You may get better results if you follow John's advice and use the machine in gateway mode. It would be less confusing all around also.

So at this time eth0 is external and eth1 is LAN. Behind the chain, are another 4 dedicated servers.
The problem is that when you pick up the firewall, LAN servers no longer visible on the internet.

Take a look at DMZ and NAT in the user guide.

Peter

vrtro wrote:
So at this time eth0 is external and eth1 is LAN. Behind the chain, are another 4 dedicated servers.
The problem is that when you pick up the firewall, LAN servers no longer visible on the internet.
Hi vrtro,

When you want servers behind your ClearOS to be visible on the Internet, you will have to port forward the required ports to them when using the firewall.

Greetings,

John

You could optionally block all incoming (and/or outgoing) ports in the firewall configuration and then add advanced incoming firewall rules (using the advanced firewall module) having the servers' ip addresses and port(s) as the destination addresses and/or outgoing rules with the same information as the source.

Hi all
Mostly will apologize, not really understood. My problem is that if you raise the router firewall, servers do not go back on the internet. 4 servers on the back, running CentOS, and are host for the games.
How to raise firewall, servers are no longer visible.
If you could please give me more details to be made.
Thank you

Hi vrtro,

You will need to do some researching yourself if you want to solve this issue.
Personally I think that in your setup with several servers behind your ClearOS box, you took a huge security risk by not using a firewall
Whatever solution you chose, it's important to activate your firewall a.s.a.p. and if this means that the services will not be available until this is done, is of secondary concern.
Network -> Firewall - Port Forwarding
User Guide
Here you can find the ports you will need to forward for the specific on-line services / games that you provide:
www.portforward.com/cports.htm
To confirm that the specified server ports are connecting to the Internet:
www.grc.com

Here is how to:
#6196
Good luck,

John

Don't quite understand how you're able to get multiple servers up and running and not understand setting up the firewall, but multiple comments in this thread have suggested different things to try, so try them. If you installed ClearOS then you are also able to access the Webconfig gui via yourclearosserveripaddress:81 and login as root and the root password. Sounds like you've been able to do this since you were able to enable and disable the firewall. Obviously without opening some ports associated with the ip addresses of your different servers they are going to be blocked off from the outside world when enabling the firewall, so you either need to use port forwarding like John keeps talking about or you need to implement some advanced firewall configurations to do that, like I posted previously. Once direct lines are made in your firewall between the outside world and your servers you should be good to go. If you can mess with the firewall configuration in your Webconfig you can do this other stuff.