ClearFoundation

Thank you very much, I did as John said and it worked.
I hope I have not upset anyone, speak English poorly and can not fully explain.

I think something was wrong. After activating the firewall, I try to get on https: / / domanin webconfig ..: 81, I send to an internal network IP. What was wrong?

You make it sound like you were trying to get on the Webconfig remotely, from outside your LAN. Is that the case? If so, you wouldn't be able to once the firewall was activated, without setting up some rules to do so, like enabling port 81 on your incoming rules, which I would not recommend. You could enable your pptp server and make a VPN connection, then access the webconfig. You want to keep it securer than just https if that's what you're trying to do.

Hi vrtro,

Congratulations, I am glad that you were able to enable your firewall.
Like Dirk already said, for remotely accessing your web configuration you will have to find a way to allow yourself to get past the firewall.

You could compare it to leaving the house with your keys, so you will be able to get back in again ...
Up to now, you did not even have a front door and no one knows who came in your house without your knowledge so ...

Tim Burgess wrote:
The worst offenders are blocked automatically...no need to take any other action, other than figure out what they were attempting to do to your server. Remember the Internet is full of Internet worms, bot-nets, compromised PC's, malicious scripts, and malicious individuals who take pride in breaking things. Some of which is automated, some is a motivated individual (take brute force attacks on FTP servers for example)#5964

Greetings,

John

We apologize again, I hope not that bad trouble.

We raised the firewall, everything is ok for lan.

The problem is that before I get to change the settings there, I had the port: 81 open, and I could connect, now I solved the problem with the chain, but I can not connect to webconfig.
But the lan-ip go to sign.
What I recommend you is to connect the webconfig, I use a VPN? is the best solution?

Unless you're using one of your servers as a secure web server (doesn't sound like you are) that's what I would do. OpenVPN and the PPTP server modules both work well for outside private party connections to your network.

hi all

For 2 days all trying to do something to connect with weconfig or ssh. unfortunately we did not. Needs help, I opened the ports needed for nothing.
I added a picture here.

Just a few things I can think of.

Are you behind a firewall at the remote location you're trying to access the Webconfig or ssh tunnel from? If so, you'll have to make sure the remote location's firewall has the necessary outgoing ports open for you (i.e. 81 and 22 respectively)?

How exactly are you entering the domain name in both instances; in your address bar for the webconfig and in the command line for ssh? Are you using your registered domain name for your server? What application are you trying to tunnel in with?

Using ClearOS' PPTP or OpenVPN servers works flawlessly for the most part in order to establish a secure private connection, which you can then tunnel in with. Study up on those options. I connect instantaneously using PPTP on a Windows 7 64-bit machine and have no problems accessing the Webconfig or ssh tunneling in with, with the LAN address for my server no less.

Post responses to the questions and we'll try to help you out some more.

God Bless,
Dirk

vrtro wrote:
For 2 days all trying to do something to connect with weconfig or ssh. unfortunately we did not. Needs help, I opened the ports needed for nothing.
I added a picture here.
Hi vrtro,

I am sorry, but I don't understand what you are trying to say.
Only open port 81, when you remotely access the web configuration.
Only open port 22, when you remotely access your ClearOS box with SSH.
The rest is irrelevant for the things you reported:
Do not open port 80, unless you run a web server on your ClearOS box.
Do not open port 443, unless you want to remotely access this web server with HTTPS.
webservice 1875 is open by default ... sorry, can't remember why
Greetings,

John

Port 1875 is used by suva so your machine can communicate with CC/Clear for things like registration, dns updates, remote backup etc