ClearFoundation Site Syndication http://www.clearfoundation.com/ Sat, 11 Feb 2012 15:31:58 -0500 ClearFoundation 1.5.11 http://www.clearfoundation.com/components/com_kunena/template/clearfoundation/images/english/emoticons/rss.gif http://www.clearfoundation.com/ ClearFoundation Site Syndication http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37505/#37515 Tim Burgess wrote: Fixed the typo! Thanks You're welcome. Sat, 11 Feb 2012 11:17:52 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37505/#37514 Not about flexshares but samba related. I've installed the samba-app today via: [code] yum --enablerepo=clearos-updates-testing install app-samba [/code] I used simple filesharing and for some reason i can't access the home folder. Anyone having the same problems? Sat, 11 Feb 2012 10:32:18 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37513/#37513 Hi, I installed OpenVPN Access Server 1.8.3. on clearOS 5.2 on a Hyper-V virtual machine. It works fine until I restart the machine. After restart it doesn’t start and I see the following in the log: Server agent initialization failed: missing local user account for 'openvpn_as' user: 'getpwnam(): name not found: openvpn_as': sagent/svcset:147,sagent/svcset:567,sagent/svcset:529,sagent/svcset:387,auth/access:92,auth/access:90 (exceptions.KeyError) If I make the settings with ovpn-init after restart then it works fine until the next restart. If I restart only the OpenVPNas there’s no problem. After the following commands it works again: useradd -r openvpn_as /etc/init.d/openvpnas start useradd -r openvpn Why does it always forget the user? Can anyone help me to resolve the issue? Thanks in advance Sat, 11 Feb 2012 06:45:40 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37505/#37512 Fixed the typo! Thanks Sat, 11 Feb 2012 03:01:58 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,35586/limit,10/limitstart,10/#37511 Hopefully the last entry from me on this topic. For the first time I have eth1 and eth2 clearly marked as bonded links. I have restarted the box a few times now and it seems to come up fine each time. http://www.clearfoundation.com/images/fbfiles/images/Bonded.jpg Sat, 11 Feb 2012 00:43:07 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,35586/#37510 Back again. It doesn't look good. I find that my ifcfg files (ifcfg-eth1, 2 and ifcfg-bond0) are being modified or deleted by the system. At one point eth2 didn't exist and bond0 was not a MASTER. I have reset them in accordance with the howto AND made them all read only chmod 444 /etc/sysconfig etwork-scripts-ifcfg-eth1 etc. Trouble is that I will have to remember to make it writable if I want to make any more changes. I'll see how that goes and report back if things don't get better. Fri, 10 Feb 2012 20:18:48 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37505/#37509 Typo yum --enablerep e =clearos-updates-testing install app-flexshare should be: yum --enablerep o =clearos-updates-testing install app-flexshare After that, it installed fine. Thanks for the notice. Fri, 10 Feb 2012 19:53:28 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37470/#37508 I ended up installing ClearOS 5.2 in a VirtualBox virtual machine and configuring the same (directory, etc.) as my "production" server. I then installed the antispam modules and copied the api.conf file form it to my "production" server. Amavisd is now filtering the emails properly. -SilkBC Fri, 10 Feb 2012 19:00:49 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37505/#37507 Great! many thanks :) Fri, 10 Feb 2012 16:50:06 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37198/limit,10/limitstart,10/#37506 Peter Baldwin wrote: ...you will be able to upgrade to Beta 3 with the following command: yum --enablerepo=clearos-updates-testing upgrade After updating to beta 3 there isn't any place to register under Market, it simply says "System Not Registered". Going to "System, System Registration" allows you to register. After entering in current log in info, the registration hangs at "Loading registration information." I left it alone, opened a new tab on my browser and went to the Market and was able to install apps, so registration worked but there was no confirmation. (after ten minutes it's still showing "Loading registration information".) BTW, I've been using ClearOS since it was Clarkconnect and love it! Thanks for all the hard work. Fri, 10 Feb 2012 16:03:03 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37505/#37505 Hi everyone, Flexshare is available via the command line. First, you need to upgrade to the beta 3 preview: [code]yum --enablerepo=clearos-updates-testing upgrade[/code] You can then install flexshare: [code]yum --enablerepo=clearos-updates-testing install app-flexshare[/code] We're still working on spinning out the two editions. ETA is about a week, but no firm date has been set. Fri, 10 Feb 2012 15:33:35 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,33/func,view/id,16447/limit,10/limitstart,150/#37504 Kevin, Thanks for your quick reply. Not good news, I 'm afraid. Could you let me know where this bug was reported? Paul Fri, 10 Feb 2012 11:47:15 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,37503/#37503 Hi All, After recently creating a new new initrd to solve one problem i created another. I was having a issue with a server that would not bring up my WAN adapter after a restart or via 'service network restart' i decided it was a issue with the realtek network card, i found a few guides talking about rebuilding the initrd, well that was not the issue and left me with a broken system, kernel panic after the chroot point (remount sysvol) . This happened on all initrd's accross the raid. After my panic died down (after all it's a production box, the network WOULD come back if you unplugged eth WAN, restart network) i looked into it. I had membered the client asking for raid and the client supplied the box, the system had a fake raid, some bios trick that crashed HDD's, we had already suffered twice with the H/W failing the raid we went to software, well the clearos installer fail's with software raid, i had found a guide to do software raid in a manual form. here is the gist of it. 1. install clearos, normally onto one hdd 2. change partition tabletype to be raid 3. mount via clearos cd, you have to run rescue, then load existing install (it will likley fail due to the change above) if it does fail, then manually 'chroot into' the /mnt/sysimage folder the link below is a guide, i can say that most of it can be skipped, the important part is you mount your jail enviroment correct, eg /proc mount to /mnt/sysimage/proc and /dev/sda1 to /mnt/sysimage/boot (/dev /tmp ) Now the rest of the guide went onto the important part, why is my running system (raid) now not working? well it turns out a file in the initrd tries to mount the sysroot to /sysroot, but due to our funky(software) raid setup and that of some LVM systems it mounts elsewhere. The culprit is in the initrd file of your system, normally located in /boot, mine is /boot/inird-2.6.18-194.8.1.v5.img initrd location (/boot) actually is a mount, /dev/sda1 (1st partition boot-files grub etc, 2nd swap, third is /sysroot or rest of filesystem) Open Say's Me right lets make a initrd ( in case of loss or damage) and then correct the mount location. YOU may need some dev files and kernel sources to create these, but AFAIK I built them using clearos cd 5.2. first create a working directory, I used /boot/recovery mkdir recovery mkinitrd initrd-`uname -r`.img `uname -r` the ` symbol used above it not ' or the one on the right of keyboard, I am using the ` near 1 or ~ , using `uname -r` returns kernel revision and inserts it into the filename, hence you end up with initrd-2.6.18-194.8.1.v5.img now we still have to get into the .img file, it's compressed image and CPIO'ed Here for more info on that. http://www.ibm.com/developerworks/linux/library/l-initrd/index.html Right into the file, first create another directory, then we unzip & un-cpio. Mkdir initrd cd initrd gunzip -c ../initrd-`uname -r`.img | cpio -idmv your should be left with the following structure drwxr-xr-x 9 root root 1.0K Feb 10 17:22 . drwxr-xr-x 3 root root 1.0K Feb 10 17:21 .. drwx------ 2 root root 1.0K Feb 10 17:22 bin drwx------ 3 root root 1.0K Feb 10 17:22 dev drwx------ 2 root root 1.0K Feb 10 17:21 etc -rwx------ 1 root root 2.3K Feb 10 17:21 init drwx------ 3 root root 1.0K Feb 10 17:22 lib drwx------ 2 root root 1.0K Feb 10 17:21 proc lrwxrwxrwx 1 root root 3 Feb 10 17:22 sbin -> bin drwx------ 2 root root 1.0K Feb 10 17:21 sys drwx------ 2 root root 1.0K Feb 10 17:21 sysroot the file init is what we will edit nano init now in nano press ctrl+w , then type sysroot you will find only one normally echo Mounting root filesystem. mount /sysroot now for the software raid we have to change the mount to mount -o defaults –ro -t ext3 /dev/md1 /sysroot (for LVM I think it's mount -o defaults --ro -t ext3 /dev/VolGroup00/LogVol00 /sysroot ) then press ctrl+o to save ctrl+x to exit now recreate the cpio'ed&gzipped file find . | cpio -o -H newc | gzip -9 > ../initrd-`uname -r`.img.new we now have the file initrd-2.6.18-194.8.1.v5.img.new in /boot/recovery/ now we cd .. cp initrd-2.6.18-194.8.1.v5.img.new /boot thats it for file making. Now to test your new backup version of initrd , reboot when you have the green boot screen press any key to goto boot selection , press e to edit, then highlight the initrd line, e to edit again and add .new to the end of the cmd line your can now boot your test/backup initrd to fill some other blanks in my raid setup was Personalities : [raid1] md0 : active raid1 sdb1[0] sda1[1] 80192 blocks [2/2] [UU] md1 : active raid1 sdb3[0] sda3[1] 974559040 blocks [2/2] [UU] this is found by using cat /proc/mdstat my drives are 2 x 1tb partition on both as follws (default clear install) /dev/sda1 * 1 10 80293+ 83 Linux /dev/sda2 11 141 1052257+ 82 Linux swap / Solaris /dev/sda3 142 30401 243063450 83 Linux but under the software raid I changed the partition id's after the install to the following Device Boot Start End Blocks Id System /dev/sda1 * 1 10 80293+ fd Linux raid autodetect /dev/sda2 11 274 2120580 82 Linux swap / Solaris /dev/sda3 275 121601 974559127+ fd Linux raid autodetect not , def = 83 /82/83 and after it's fd/82/fd, this is due to me only using raid for /boot and root / which is sda1/sdb1 for /boot and sda3/sdb3 for / which the system see's as /dev/md0 for /boot and md1 for / so once you have installed, created initrd backup/test, change partition id's , booted into new system you can then copy all the data to the second drive (mounted into system but not into raid array yet) then convert second drive's id's to FD , mount into raid array. Further Reading http://wiki.centos.org/HowTos/SoftwareRAIDonCentOS5 http://pbraun.nethence.com/doc/sysutils_linux/mdadm.html http://wiki.openvz.org/Modifying_initrd_image Attached is a unfinished script that does most of the work, it fails at the sed section and i never got round to finishing it. if anyone else can and repost, go ahead. Hope this helps Regards Colin Oh, the original problem with the wan, traced to ifp-eth located in /etc/sysconfig etwork-scripts When it's called via service network restart or ifup it does a arping command that checks to see if the static ip is used, the ISP recenlty changed radio brand and the new radio messes with it and so the system thinks the HOST IP ADDRESS ALREADY IN USE, the fix was to edit ifup-eth file, find the line that does the arping and hash out the exit 1 command as below original :- if ! arping -q -c 2 -w 3 -D -I $ $ ; then echo $"Error, some other host already uses address $." exit 1 fi Modded version if ! arping -q -c 2 -w 3 -D -I $ $ ; then echo $"Error, some other host already uses address $." # exit 1 fi the hash skips the exit and my server's wan starts up. Dirty fix I know but it worked :-) Fri, 10 Feb 2012 11:00:54 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,33/func,view/id,16447/limit,10/limitstart,140/#37502 Yes, we have that too. It appears to be a bug in TB 3.X. The later releases do not seem to have it. We are desparately waiting to 10.0 and SOGo 2! Fri, 10 Feb 2012 10:59:24 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,33/func,view/id,16447/limit,10/limitstart,140/#37501 Hi all, We're still testing on a production server with a few accounts activated for sogo-use. When using a mailaddress that's not in the Clearos LDAP adressbook, Thunderbird often skips some of the characters being typed in. Quite annoying. Does anyone experience the same problem? Or any hint on what can be causing this? Would it be related to thunderbird or to sogo? Also when typing in some users that are part of the ldap book, I see that their mailaddress always is being marked red, as if it's a new address. There are no typo's in this case grz, paul Fri, 10 Feb 2012 10:35:01 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,19/func,view/id,37489/#37500 All, I had a problem with the 2nd link hence the issues when the line switched. All seems to be working well :) Regards Chris Fri, 10 Feb 2012 07:53:36 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,27897/limit,10/limitstart,10/#37499 What problem are you having? Thu, 09 Feb 2012 15:46:02 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,27897/#37498 hi please explain What did the work " change the content in base.repo file add DNS in my WAN configuration " i dont know , what is that ~! Thu, 09 Feb 2012 15:16:53 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,36005/#37497 Amiga tengo unas dudas podrias ayudarme porfavor? Thu, 09 Feb 2012 14:28:49 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,37477/#37496 1 clue. my logs are messed up( code not working ??) I see a lot of "Feb 5 12:04:17 gateway smbd[16607]: desktop-frank|192.168.100.62|stat|fail (No such file or directory)|*path to file* " since 29 january til 5 february at least, but it's all still loading i grabbed one of the lot of private files, so i had to censor the path :) Feb 5 13:26:35 gateway smbd[16607]: desktop-frank|192.168.100.62|chmod_acl|fail (No data available)|W7-Frank/Mijn documenten/Mijn afbeeldingen/Fotografie/Vakantie Normandië/2008_0820/DSCF0130.JPG|664 same here also a lot of "stat" fails, or "real path" fails [code] Feb 9 19:35:15 gateway nmbd[5355]: Samba name server SVR-FRANK is now a local master browser for workgroup FBIT on subnet 192.168.2.2 Feb 9 19:35:15 gateway nmbd[5355]: Feb 9 19:35:15 gateway nmbd[5355]: ***** Feb 9 19:35:15 gateway nmbd[5355]: [2012/02/09 19:35:15.517346, 0] nmbd mbd_become_lmb.c:395(become_local_master_stage2) Feb 9 19:35:15 gateway nmbd[5355]: ***** Feb 9 19:35:15 gateway nmbd[5355]: Feb 9 19:35:15 gateway nmbd[5355]: Samba name server SVR-FRANK is now a local master browser for workgroup FBIT on subnet 192.168.2.250 [/code] thatseems to be the issue.. samba is working on the outside network.. not the internal Thu, 09 Feb 2012 13:20:57 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,37478/#37495 OK, thanks, we'll have an big initialisation process but after updates will be with batch of 100 of users... We'll be able to spread the load on the whole day. 200K user will be renewed each year within 2 months September and October. Thu, 09 Feb 2012 12:09:15 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,20/#37494 Ah, basically its just weird rules... http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,8/func,view/id,27675/ Thu, 09 Feb 2012 12:01:34 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,20/#37493 FYI - the Flexshare app was indeed pushed to the build system last night. An upgrade for Samba and ProFTPd were also done. I'll start a new thread when the packages are available in updates-testing. Thu, 09 Feb 2012 11:57:24 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,20/#37492 Im not quite sure what to make of these... related to local requests going out? Feb 9 08:24:57 system snort[10041]: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK[Priority: 3]: 76.14.193.52:52705 -> 67.215.67.14:80 208.67.216.136:80 204.236.131.45:80 76.14.199.49:161 Feb 9 07:27:29 system snort[10044]: [1:1411:10] SNMP public access udp [Classification: Attempted Information Leak] [Priority: 2]: 76.14.199.105:1147 -> 76.14.199.49:161 76.14.199.105 is not one of my IP's, I would assume this is one of my IPS's IP's? using geobytes, it resolves to a city about 15 miles away. Thank you very much for all of your assistance. I am trying to learn all of this. Its just taking me some time. Thu, 09 Feb 2012 11:53:48 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,37478/#37491 BENSIALI wrote: I was unable to find at ClearCenter the custom import tools you've talked about. I think it's because they are not public ? It's an internal ClearCenter tool that we customize on a case-by-case basis. In ClearOS 6, the LDAP directory can be extended with plugins and extensions. When a new user is added (for example), the system will go through each plugin/extension to handle the "add" event. For example, the "Google Apps Extension" will create an extra password field when a user is added, while the "Samba Extension" will add a whole bunch of Windows/Samba details. As you can imagine, that's a slow process when we're talking about 100,000 users. The normal import tool can do about 4,000 users an hour. However, the recent addition of a feature (memberOf support (http://tracker.clearfoundation.com/view.php?id=133)) dropped that by almost an order of magnitude :-O Thu, 09 Feb 2012 09:44:53 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,37478/#37490 Tim Burgess wrote: 100,000 wow. :-O Do you make use of the nscd service to give reliable performance? I have seen instances with Samba configurations where this service causes problems with winbind etc. Hey Tim. You have to ask David about performance in the field... I don't really know! Thu, 09 Feb 2012 09:30:53 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,19/func,view/id,37489/#37489 Hi, I'm pretty new to ClearOS but am struggling with the NIC Bonding. I have two WAN links which have the same public IP as arranged with my ISP. I am now trying to bond these so that if one fails, it will automatically switch to the second link. I have tried various modes but can't seem to get it to failover to eth3 ifcfg-bond0 is set as DEVICE=bond0 BOOTPROTO=none IPADDR="My ISP IP Address" NETMASK="My Netmask" GATEWAY="My Gateway" DNS1="DNS Server 1" DNS2="DNS Server 2" ONBOOT=yes BONDING_OPTS="mode=1 miimon=80" I then have an internal NIC DEVICE=eth0 TYPE="Ethernet" ONBOOT="yes" USERCTL="no" HWADDR="00:07:32:1c:15:2d" BOOTPROTO="static" IPADDR="192.168.0.1" NETMASK="255.255.255.0" And then the two bonded NIC's DEVICE=eth2 ONBOOT="yes" USERCTL="no" HWADDR="00:07:32:1C:15:2F" BOOTPROTO="static" SLAVE=yes Master=bond0 DEVICE=eth3 ONBOOT="yes" USERCTL="no" HWADDR="00:07:32:1C:15:30" BOOTPROTO="static" SLAVE=yes MASTER=bond0 When I run cat /proc et/bonding/bond0, it can see that the link is lost (if I do ifdown eth2) but can't bring up the WAN link on eth3 even though it says it's the active slave. I've added the following to modprobe.conf alias bond0 bonding And the following to the firewall EXTIF="bond0 eth2 eth3" LANIF="eth0" Any ideas why this might not be working? Is ClearOS able to detect if the WAN link is down and not just the local interface link? If any futher info is needed then please let me know Thanks in advance Chris Thu, 09 Feb 2012 09:12:36 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37488/#37488 I have 2 clearos and would like to know how to do to migrate all users, all emails, plus the current configuration and lift it clear of the other clear Thu, 09 Feb 2012 09:07:23 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,37478/#37487 Thanks for your quick answer. This will be fresh install so could be in 6.x if the release is stable. I was unable to find at ClearCenter the custom import tools you've talked about. I think it's because they are not public ? In our case (non profit sport organisation) we already have a application that contains all the person licensed (200K) and we'll have to "connect" this application to ClearOS to create a user for each licensed person in order to use ClearCenter LDAP to provide user authentication for all of our applications (Sites, Internal apps, ... ). May be this connection should be inspired from your import tools. Our site (http://fsgt.org/) Thu, 09 Feb 2012 09:03:50 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,37478/#37486 100,000 wow. :-O Do you make use of the nscd service to give reliable performance? I have seen instances with Samba configurations where this service causes problems with winbind etc. Thu, 09 Feb 2012 09:02:04 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,37477/#37485 Hmm is the LDAP server running? any clues in the logs (/var/log/secure or /var/log/messages) Thu, 09 Feb 2012 08:59:47 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37444/#37484 Peter Baldwin wrote: Just an FYI. The "Security Certificates" for OpenVPN pose a bit of a challenge in master/slave mode. That's what's holding it back right now (the OpenVPN server itself is pretty much ready to go). Oh so there will be way to set up a server to be a vpn slave too? That's great news! Were trying to think of some type of way of doing DFS for Linux so this looks like in a step in that direction if that's the case. Take your time I hope it can be resolved in the next coming weeks :) Thu, 09 Feb 2012 08:56:46 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,37478/#37483 Hello there. It's not possible in version 5.x, but version 6 can do it with a few tweaks. David Loper at ClearCenter is the team lead on this type of implementation and I know he's working on at least one large deployment at the moment. ClearCenter has custom import tools, custom configurations and the knowledge set for this type of deployment. From my developer perspective, I run tests with 100,000 users from time to time so I can see how well webconfig behaves in this type of scenario. - LDAP authentification (delay,...) - shouldn't be a problem, tuning required -User management interface in webconfig - the page load will be big (2 MB?), but search/filter functions are all client side and fast. - Certificate Authority - I don't suspect any issues here - User's change password - I don't suspect any issues here - User's Certificate download (delay) - this is now done on demand instead of when the user is created, so no problems in version 6 Thu, 09 Feb 2012 08:39:40 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,37477/#37482 tried to reset the password, didn't work out. but I cant connect, not even with new users always the same issue :( Thu, 09 Feb 2012 08:32:29 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37444/#37481 Just an FYI. The "Security Certificates" for OpenVPN pose a bit of a challenge in master/slave mode. That's what's holding it back right now (the OpenVPN server itself is pretty much ready to go). Thu, 09 Feb 2012 08:18:47 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,37477/#37480 Hi Frank. Your account may have become blocked (by LDAP password policy or failed attempts) If you reset your users password it should work OK? You can do this with your root / admin login, or get the users to login to the webconfig themselves. Thu, 09 Feb 2012 08:02:39 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,20/#37479 I would not worry in that you are not attacking yourself, but someone may be having a go. Look for snort messages in /var/log/secure and you should see the other IP. Thu, 09 Feb 2012 07:30:44 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,37478/#37478 Hi all, I'm looking for some person who has experienced using clear OS with a huge volume of user. I mean near 200K user. My question is about : LDAP authentification (delay,...) User management interface in webconfig Certificate Authority User's change password (delay) User's Certificate download (delay) Thanks in advance for your answer. PS: Feel free to tell me the amount of user managed by Clear OS and if you've got any trouble... Thu, 09 Feb 2012 06:14:20 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,37477/#37477 Hey all, since this morning, my flexshares are not accessible anymore, it keeps prompting for a password, while this was not needed before, but when I enter the passwords from all 3 users I created, it keeps saying "unknown username or password" it happens on 3 clients, so I think the error should be server-side Thu, 09 Feb 2012 05:25:53 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,25/func,view/id,37476/#37476 Is there any repo's for clearOS that have version 5.x of openssh server and a later version of openssl. One of our clients has to use the security matrix system on top of certificates being signed as MD5 being a problem (I saw the post above me about this issue) they need a newer version of openssh server. I would've thought clearos still being supported it would at least have version 5.x of openssh and openssl 1.x is there a repo where I can update these from or maybe a guide how to upgrade this via tar.gz without breaking clearOS ? Thu, 09 Feb 2012 05:24:10 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,33/func,view/id,37475/#37475 I have upgraded my life to using Zendesk.com's solution for Help Desk. They have an Extension that allows integration with SugarCRM (https://support.zendesk.com/entries/20098557). I attempted to install it using the intuitive installer under Addins and it failed. Steps to reproduce: 1. Click the down arrow to the right of Reports and select Addons. 2. Scroll to the bottom of the list and find SugarCRM, then click Install. 3. After a few moments, it will show install again. Scroll to the top of the list and you will find the following error: Status: error - Missing Dependency: elastix-framework >= 2.2.0-26 is needed by package elastix-sugarcrm-addon-5.2.0l-8.noarch (elastix-extras) ..... I went to the Packages section and ran a search which came up with this http://bitsmt.com/issues/scrm1.jpg Any recommendations? Thu, 09 Feb 2012 04:52:22 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,3940/limit,10/limitstart,10/#37474 Hi Tim, i did not understand what class you must add in /var/webconfig/api/User.class.php for eGroupware, please tell me how to do it! Thu, 09 Feb 2012 04:00:08 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,37473/#37473 Got running ClearOS 5.2 on a VMware ESXi 4.1 server. 1. Response time from the Webconfig is very slow 2. I have access to the Internet but loading pages just crawl 3. When I try to register ClearOS it gives me the following message: Restarting webconfig due to DNS server changes... please try again in 30 seconds 4. When selecting options from the menu, e.g. Gateway/Web Proxy it takes from a few seconds to a few minutes to load. I use also IPCOP 2.0.1 and it just flies @ 30Mbps download and 1.8 Mbps upload. Want to give a shot to ClearOS but so far speed or response time not very thrilled. Thu, 09 Feb 2012 02:51:21 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37401/#37472 hi nick i think i got the problem here.. im not define branch office network route on client.conf seems that the routing table not working for tun0 interface if it not define on the server configuration file ;) Thu, 09 Feb 2012 01:37:42 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,36631/#37471 Hi Duvon In the my config, VLANs 2,3 & 4 are all connected to separate routers that have individual access to the internet so although they are not technically gateways as such, they are independent routes to the net, eth0.2 being my own router. I'll try setting the routers up in "bridge" mode so the ClearOS box effectively has multiple public IPs and let you know on that one, but I can't see there would be a problem Since the last post, I've added eth0.5 which is another LAN interface with the DHCP server enabled on a different sub-net - it's been up just over a week without any problems so far ... A summary of the config is: eth0: Static IP, DHCP Server 10.0.0.x eth0.2: DHCP Client, Internet connected via a router eth0.3: DHCP Client, Internet connected via a wireless link & a router eth0.4: DHCP Client, Internet connected via a router eth0.5: Static IP, DHCP Server 10.0.1.x VLANS 2,3 &4 configured as a load-balanced multi-wan From looking at the webconfig code, much of it already supports VLANs but there has been some lazy coding for the HMI - and with relatively minor changes to webconfig scripts it all appears to work well with the 4+1 interfaces I have configured - I really can't see why ClearOS doesn't have this functionality included out of the box. I would guess that as the number of VLANs increases, there may be a problem with bandwidth due to the fact that they are all on a single physical interface - but in my case, it's a gigabit interface & switch, so it should handle multiple internet-speed connections without issues. The project (if you want to call it that, more like me playing) is for myself & a couple of friends to pool our bandwidth - although I'm not sure if this will be worth it in the long run as ultimately, we all connect to the same exchange Thu, 09 Feb 2012 00:47:35 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37470/#37470 Amavisd is having a problem starting. The error is: [code] Starting amavisd: Number found where operator expected at /etc/amavisd/api.conf line 2, near "Listen 10.215.1.1" (Do you need to predeclare Listen?) Semicolon seems to be missing at /etc/amavisd/api.conf line 2. Number found where operator expected at /etc/amavisd/api.conf line 3, near "Listen 127.0.0.1" (Do you need to predeclare Listen?) Error in config file "/etc/amavisd.conf": syntax error at /etc/amavisd/api.conf line 2, near "Listen 10.215.1.1" Compilation failed in require at /etc/amavisd.conf line 141. [/code] The contents of '/etc/amavisd/api.conf' is: [code] # Automatically generated by init script Listen 10.215.1.1:631 Listen 127.0.0.1:631 @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ [/code] I am not sure what the "@ @" are, exactly. If I remove them and just leave the first two lines I still get the same error. If I remove the "api.conf" file, amavisd starts, but the web config (port 81) gives an error that '/etc/amavisd/api.conf' does not exist. Is there a way to re-generate this file and/or can someone post the contents of their api.conf file for comparison/copying? Thanks! :-) -SilkBC Thu, 09 Feb 2012 00:24:04 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,5745/#37469 Adi you can add into your squid.conf with this lines just find this part, then add acl below acl CONNECT method CONNECT #http_access allow manager localhost acl yahoo_port port 5050 http_access allow CONNECT yahoo_port http_access deny blok_site /etc/sbin/squid -k reconfigure Try to connect and login into yahoo messanger with pidgin ... :) Wed, 08 Feb 2012 21:25:02 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37396/#37468 up Wed, 08 Feb 2012 18:41:41 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,20/#37467 Nick Howitt wrote: IDS is not as easy as that. Sometimes when there is an attack the IPS/IDS searches for the response to the attacker. An example of this is a brute force login attempt. Snort monitors for all the login failures returning to the attacker. In this case you are seen as the source and the attacker as the destination. This confuses the hell out of the graphics! I suspect really the webconfig needs recoding! So basically its nothing to worry about? Wed, 08 Feb 2012 17:44:10 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37466 IDS is not as easy as that. Sometimes when there is an attack the IPS/IDS searches for the response to the attacker. An example of this is a brute force login attempt. Snort monitors for all the login failures returning to the attacker. In this case you are seen as the source and the attacker as the destination. This confuses the hell out of the graphics! I suspect really the webconfig needs recoding! Wed, 08 Feb 2012 16:53:48 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37465/#37465 I am using ClearOS as a mail filter for Exchange. So the mail comes in, goes through the greylist, spam and antivirus scanning and the forwarded to the internal Exchange server. Is there a logging tool / parser in ClearOS or external that can show the logs alittle easier? Right now to debug things I need to ssh into the machine, grep the maillog to find a message. from there, I can look at the date/time to see what is going on. but today, I have a user complaining that they didn't receive a message. in ClearOS, starring at the logs, I can see the message come in, get scanned, amavix shows it passed clean and queued for delivery. but if exchange bounces the message, how can I find it? I would like a tool in a web interface to show the mail in a "from -> to" format for the day, that I could click on to see the details, like it being scanned, forwarded, bounced, whatever. does something like this exist? thanks Joe Wed, 08 Feb 2012 16:27:23 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37464 Nick Howitt wrote: Local queries should not go out into the internet. AFAIK mine are all blocked with the settings I gave. If it helps, this is my dnsmasq.conf:[code]# The "interface" parameter is set by the network policy (LAN/DMZ interfaces) bogus-priv bogus-priv conf-file=/etc/dnsmasq/dhcp.conf dhcp-authoritative dhcp-lease-max=1000 dhcp-leasefile=/var/lib/misc/dnsmasq.leases domain-needed domain=howitts.lan expand-hosts local=/howitts.lan/ localise-queries no-negcache strict-order user=nobody[/code]There may be one or two difference with what you have. The problem with OpenDNS is depending on your settings, a failed lookup will return an OpenDNS search. That is why you are getting a ping result. In my advanced settings I only have the Dynamic IP update checked. I also do not have the Guide Page, Block Page and Phishing Block Page selected. Try a combination of these. The only main differences between my dnsmasq.conf are .. This line dhcp-leasefile=/var/lib/misc/dnsmasq.leases and localise-queries I will look into it and see what the localise-queries does. I would assume this is probably what I am looking for... One more, hopefully the last issue.... In my IDS reports, I have my own IP addresses as attackers and victims. 76.14.193.52, and 74.14.198.49 are the addresses of my cable modems. IDS isnt blocking my IP's, but I would assume it is taking extra work to detect all of this activity. http://www.clearfoundation.com/images/fbfiles/images/COS_attack_victim.jpg Wed, 08 Feb 2012 16:25:31 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,36631/#37463 Hey Mark, Thanks for sharing this information with the group. tell me something have you tried using these VLANS AS Gateways to the internet? Or even as far as using them as DHCP servers? Wed, 08 Feb 2012 15:47:26 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37420/#37462 I finally sorted this out. Wed, 08 Feb 2012 15:29:45 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,32203/#37461 Que tal amigo yo tube ese problema revisa en informes mail reports alli aparece si estan siendo rechasados los correos visita esta pagina http://www.spamhaus.org/lookup.lasso y pon la ip que usas para en internet y te aparece si esta bloqueada si necesitas mas info me avisas Wed, 08 Feb 2012 15:13:00 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,6/func,view/id,37460/#37460 in ClarkConnect could limit the bandwidth to each user expected to be better or clearos also include that option Wed, 08 Feb 2012 13:32:44 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,10434/limit,10/limitstart,40/#37459 Wow...that would be great... thank you very much to Darryl Sokoloski (http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/func,fbprofile/userid,21492/) for the proof-of-concept monitor android app and Peter Baldwin (http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/func,fbprofile/userid,70/) and also all of the developer in this beautiful forum. Can't wait to see the source & be a part of this development... :D Greeting from ClearOS Indonesia (http://clearos-indonesia.com/) I love ClearOS B) Wed, 08 Feb 2012 13:17:01 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,8/func,view/id,36869/#37458 To disable a rule go to /etc/snort/scan.rules and look for the line with something like "sid: 2002995". Disable it by putting a # at the start of the line then restart snort. I've no idea about debugging snort itself. It may be a query for your e-mail client provider. Wed, 08 Feb 2012 13:08:45 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,8/func,view/id,36869/#37457 I was connected externally. All the dropped IPs was external too. How can I disable only the brute force attack detection. On the web front, I can only disable the whole group web-misc. Is it in that category ? It contains 511 rules. Is it possible to fine-grain the selection ? And I am in a production environnement, so I would like to clearly identify what happened before trying to reactivate IDS/IPS. How can I dig a bit more to find why snort think there is a bruteforce attack on mails services (POP3, IMAPS, POP3S) ? Is there's a debug mode for snort logging ? Thanks, Ben Wed, 08 Feb 2012 12:27:09 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,20/#37456 Good point Tim! Sorry about the Flexshare confusion in Marketplace. Assuming I don't get distracted by the usual whirlwind, I can push the Flexshare app out to the build system shortly. Dont suppose theres a 5.2 to 6.xx upgrade out there? Nope. The upgrade path will likely be available in a later version. The upstream vendor doesn't officially support upgrades, but we'll at least have an unofficial way to go about it. About half of the apps in 6 already have upgrade scripts in place, but nothing has been fully tested yet. Wed, 08 Feb 2012 10:40:12 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,20/#37455 Dont suppose theres a 5.2 to 6.xx upgrade out there? Gonna have to reformat and go all new? Im scared its not going to find my network cards again and then im down for a day or so Wed, 08 Feb 2012 10:26:38 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37451/#37454 Andrew Bostock-Lawton wrote: Hi.... I'm really sure this must be a stupid question however I just can't get my installation of 6.2 to register. When I attempt this I get the response "Warning.... invalid method". I've tried creating new accounts, I've wiped and reinstalled twice.... I had no difficulty registering version 5.2..... really would appreciate some advice. Cheers...... Andy I had a similar issue and found that that registration server seems to have been upgraded to expect Beta3, which isn't what I, and you, had downloaded and installed. The solution was to manually upgrade from the comand line and then it would register. [code]yum --enablerepo=clearos-updates-testing upgrade[/code] That said the first thing I had to do was upgrade the firewall module to even allow me to get to the web interface. A problem you have obviously managed to get past. [code]yum --enablerepo=clearos-current upgrade ap-firewall-core[/code] The above were both found somewhere in this forum I just can't find them now. Edit Ok found the upgrade thread http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37198/#37198 Wed, 08 Feb 2012 08:25:46 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,13828/#37453 Thank you Tim. I have my station set as "Standalone No Firewall" so i thought "rc.firewall.local" will be ignored by the OS. Wed, 08 Feb 2012 07:53:32 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37401/#37452 Which command did you use to add the route? I also wonder if you need to set up the route to go via 172.16.0.10 rather than tun0. Wed, 08 Feb 2012 07:32:58 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37451/#37451 Hi.... I'm really sure this must be a stupid question however I just can't get my installation of 6.2 to register. When I attempt this I get the response "Warning.... invalid method". I've tried creating new accounts, I've wiped and reinstalled twice.... I had no difficulty registering version 5.2..... really would appreciate some advice. Cheers...... Andy Wed, 08 Feb 2012 07:28:20 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,13828/#37450 To make the rule permanent, add it to the custom rules section of the firewall in the webconfig or add it directly to /etc/rc.d/rc.firewall.local. If you don't do this, any time the firewall restarts you ill lose your rule. Wed, 08 Feb 2012 07:17:40 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,13828/#37449 Tim Burgess wrote: If you want to make it permanent add it to /etc/rc.d/rc.firewall.local Wed, 08 Feb 2012 07:09:26 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,6/func,view/id,37443/#37448 Squid can't be used for this, but there's a package for "bandwith and QoS", found at "*yourserver*:81/admin/bandwith.php" if you use the interface at the local server: left menu>gateway>bandwith & QoS> bandwith make a new bandwith rule with the settings you want. if you need any example, I can't post pics right now, since I am at school, and not around my server. Wed, 08 Feb 2012 06:47:24 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,13828/#37446 iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 525 -j REDIRECT --to-ports 25 works great. but it seems like Clear forgets this setting every couple of hours and I'd need to rerun the code to work again. Wed, 08 Feb 2012 06:39:28 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37444/#37445 Jan wrote: Today I upgraded to the latest beta, the marketplace shows version 1.0.2-1. I'm still missing openvpn in the marketplace. Will this be added soon? Jan openvpn looks like it'll be in the RC of ClearOS 6: http://tracker.clearfoundation.com/roadmap_page.php Wed, 08 Feb 2012 04:54:02 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37444/#37444 Today I upgraded to the latest beta, the marketplace shows version 1.0.2-1. I'm still missing openvpn in the marketplace. Will this be added soon? Wed, 08 Feb 2012 04:20:39 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,6/func,view/id,37443/#37443 I want to ask! how to make the bandwidth limitation of the squid with a capacity of 2 mega beyte network .. to 10 client .. plese help me! :( Wed, 08 Feb 2012 03:54:36 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37401/#37442 i already try it i change my routing table like this one : but still nothing change.. [code] [root@pdc ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.0.0 172.16.0.1 255.255.255.255 UGH 0 0 0 tun0 172.16.0.10 172.16.0.1 255.255.255.255 UGH 0 0 0 tun0 172.16.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.88.0 172.16.0.1 255.255.255.0 UG 0 0 0 tun0 0.0.0.0 172.16.99.1 0.0.0.0 UG 0 0 0 eth0 [root@pdc ~]# ping 192.168.88.1 PING 192.168.88.1 (192.168.88.1) 56(84) bytes of data. --- 192.168.88.1 ping statistics --- 7 packets transmitted, 0 received, 100% packet loss, time 6018ms [/code] Tue, 07 Feb 2012 21:38:48 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,35586/#37441 Good point Nick. I was intending to check for that but the forum that covers and fixes the PPTP VPN issue I also had put something in rc.firewall.local. I was not sure if ClearOS had an rc.local Anyway, when I got home last night and turned it on again bond0 started from scratch. It really does look like one of those intermittant boot timing/sequence issues. Once it is going, it is stable and stays going. I'll add the bond0 lines to rc.local to make sure it kicks off and the PPTP line to rc.firewall.local to make sure it kicks off too. Next check is long term stability. I'll move the gateway to its final location and run it there for a while. If it spits the dummy, I'll be back to report. Taa Tue, 07 Feb 2012 20:05:56 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,12/func,view/id,35100/#37440 Hi Mihai, I have tried a few things on several virtual machines, but always ended up breaking up something. I have not found any documentation on this and I have not kept any info on my attempts. I honestly gave up on it hoping the new version of ClearOS would be out soon. At this point, i have no hopes of safely getting a newer mysql version on COS 5.2 If its sensitive, I would suggest you try to build a database server, maybe even a dedicated server. Keeping our data safe is far more important than gettting it all going on one single install. Rodrigo. Tue, 07 Feb 2012 18:13:57 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37303/#37439 Correction, not the whole system. You can configure users to only access certain functions of the Clear OS appliance, but the ANTISPAM settings are global, not per user or group based. So anything they change there impacts all users spam settings. Tue, 07 Feb 2012 17:34:46 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37303/#37438 Alright this ClearOS isnt what I am looking for I guess :( Tue, 07 Feb 2012 17:23:41 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37303/#37437 Not unless you want them to have admin access to the whole appliance. Tue, 07 Feb 2012 17:16:59 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,8/func,view/id,36869/#37436 Odd. I am not too sure about snort. Were you connected internally or externally when it thought it was being brute-forced? For the moment you could try disabling the Scan rules and see if it helps. Tue, 07 Feb 2012 16:51:26 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37303/#37435 Alright so can the customers login and manage there spam settings or not? Tue, 07 Feb 2012 16:47:21 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37303/#37434 Custom Step by Step How To: http://www.theraaymakers.net/index.php/technical-articles/100-configure-clearos-as-an-smtp-gateway-to-an-internal-messaging-server This is working for me. 2 years now. Inbound - Firewall vis port forward on 25>>>ClearOS >>>Exchange Outbound - Exchange>>>ClearOS>>>Internet No need to setup aliases on ClearOS box. Tue, 07 Feb 2012 16:38:30 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,12/func,view/id,35100/#37433 I would badly need even a line by line tutorial. I need to upgrade a very sensitive database from 5.0.77 to 5.1 and I cannot find any info on how to upgrade in ClearOS. Thanks in advance. Mihai Tue, 07 Feb 2012 16:18:56 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,37046/#37432 Hi Tim, I cannot seem to get it to bind using the 'cn=manager,cn=internal,dc=domain,dc=com' credentials as you suggested, the logfile indicates that the user does not exist. Also, when I use phpldapadmin, I cannot see an entry for 'cn=manager,cn=internal,dc=domain,dc=com' or 'cn=internal,dc=domain,dc=com' for that matter. Are the internal and external containers specific to ClearOS? I have read that article, used it in some way to get the access directives set up to work. It would make things a lot smoother if I could bind using the 'cn=manager,cn=internal,dc=domain,dc=com' credentials thus giving me access to the whole LDAP database. I'll keep plugging away at it, as I don't just want to get it working, but working the right way. Tue, 07 Feb 2012 16:12:44 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37431 Local queries should not go out into the internet. AFAIK mine are all blocked with the settings I gave. If it helps, this is my dnsmasq.conf:[code]# The "interface" parameter is set by the network policy (LAN/DMZ interfaces) bogus-priv bogus-priv conf-file=/etc/dnsmasq/dhcp.conf dhcp-authoritative dhcp-lease-max=1000 dhcp-leasefile=/var/lib/misc/dnsmasq.leases domain-needed domain=howitts.lan expand-hosts local=/howitts.lan/ localise-queries no-negcache strict-order user=nobody[/code]There may be one or two difference with what you have. The problem with OpenDNS is depending on your settings, a failed lookup will return an OpenDNS search. That is why you are getting a ping result. In my advanced settings I only have the Dynamic IP update checked. I also do not have the Guide Page, Block Page and Phishing Block Page selected. Try a combination of these. Tue, 07 Feb 2012 15:15:36 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,37430/#37430 Hello everyone, I need to migrate my ClearOS installation to another machine / completely different hardware so switching disks is not possible Currently, to avoid ip conflicts, the new machine is setup as a standalone machine with one internal ip address. When I look at the running (old) system, in the gui panel, under the System/Resources-Disk Usage there is quite a bit of data (3.3gb) but most of it, apart from the system, is probably cache stuff, which can be forgotten. Then there are some important things, like: - virtual interface definitions - gateway (1-1 nat) - openvpn keys (really important, the CA certificate and user keys) - blocked IPs that scan ports and do brute force attacks - blocked IPs manually entered by me - filter setups So will the System Backup/restore function do just that? Everything that has to be moved to make the new firewall functyion like the old one, will get moved? I guess SOME fine tuning will have to be done, because in the new hardware the network cards have different hardware mac addresses, so most probably they will get mapped to different eth0/eth1/eth2/eth3 ports, but that probably can get fixed manually at the console level. The question is, does everything else go through including the vpn keys and ca ? Marcin Tue, 07 Feb 2012 15:13:02 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37429 This is actually normal behaviour for Open DNS, it will automatically redirect unknown DNS requests back though their own search engine, rather than returning an unknown DNS response. The extra queries are normal lan behaviour, where clients will append the default search domain to any host name query, and its OS specific whether it will query Dns before other methods. That is why you see these odd requests leaving your LAN. There was a similar post on this quite a while ago, I'll see if I can dig it up. You can partially resolve these by adding entries to the local Clear OS DNS server so that the queries don't leave the LAN and make sure that your clients are properly configured Tue, 07 Feb 2012 15:06:42 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37399/#37428 Porteus developed from Slax and branched a bit over a year ago. They are the only distro's I know designed to run from a USB pen (which I am using to defeat my work laptop's restrictions - I can boot off USB and run a WiFi dongle in it so I can use it in hotels etc). I am not sure I would run it for a standard installation. Installing packages and tracking down dependencies can be a real pain. It took me all afternoon to get Ekiga installed and running and when it was failing it was not always obvious. Surely for OpenVPN on Fedora it is a question of installing OpenVPN, downloading all the config and cert files from ClearOS into a directory and starting OpenVPN from that directory? If it does not work (and I'd do it anyway), install kvpnc and use that to manage OpenVPN - import your ClearOS configuration file then start the connection. Tue, 07 Feb 2012 14:42:38 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,12/func,view/id,37427/#37427 I have a billing system with visual fox pro and mysql worked fine in the morning but by afternoon it gets very slow processing and always at the same time 3:30 PM always sorry if my English is not good thanks Tue, 07 Feb 2012 14:35:50 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37409/#37426 As well as. Input rules are for traffic directed to ClearOS. Forward rules are for traffic directed through ClearOS. The output rule should be unnecessary because you you have no input so you should get no output. If this does not work try removing the input rule as well. Tue, 07 Feb 2012 14:32:32 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37238/#37425 OK Greetings Tue, 07 Feb 2012 14:30:43 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37424/#37424 Hello and thanks in advance. I'm trying to figure out how to generate an email alert whenever a new PPTP tunnel is created to my ClearOS 5.2 box. Have any of you accomplished this? Tue, 07 Feb 2012 14:26:04 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37423 I still have DNS requests that are local getting out to opendns. They are as follows... xc-560-c67015??.portrait.lan This one is a printer I think it would be normal for these to go out to public DNS? There is the one entry that is just portrait.lan which seems kind of weird as that is what my "domain" name is. I dont actually have a domain setup. wpad.portrait.lan portrait.lan isatap.portrait.lan I also still have... image.clients.portraitexpress.com This one is not a site at all. When I ping it from the lan, it resolves to an opendns IP, when I ping using a site, it does not come back with anything. Any ideas? Tue, 07 Feb 2012 13:16:36 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,8/func,view/id,36869/#37422 Hi Nick, Thank you very much for your answer, and sorry for mine late ! Here's what I can find in the logs about snort : in /var/log/messages, 2 days before the full drop happens : [code]Jan 16 22:30:23 fw1 snort[4079]: S5: Session exceeded configured max bytes to queue 1048576 using 1048792 bytes (server queue). xxx.xxx.xxx.xxx 52369 --> xxx.xxx.xxx.xxx 80 : LWstate 0x f LWFlags 0x6007 Jan 16 22:30:24 fw1 snort[4079]: S5: Pruned session from cache that was using 1096408 bytes (closed normally). xxx.xxx.xxx.xxx 52369 --> xxx.xxx.xxx.xxx 80 : LWstate 0xf LWFlags 0x20e00 7[/code] In /var/log/secure, I see a lot of line (>500 in 10 hours) like that on POP3, IMAPS, POP3S. I think it's the problem, but don't know why snort think that. I can see my IP, and I what not bruteforcing this server ;) [code]Jan 18 11:51:52 fw1 snort[4815]: [1:2002995:6] ET SCAN Rapid IMAPS Connections - Possible Brute Force Attack [Classification: Misc activity] [Priority: 3]: xxx.xxx.xxx.xxx:34261 -> xxx.xxx.xxx.xxx:993[/code] /var/log/snortsam seems normal, no extra activity. I can't see my IP in, but I was blocked. What do you think ? Tell me if you need more information. Thanks a lot, Ben Tue, 07 Feb 2012 12:34:13 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37399/#37421 How long have you been using Porteus?? I just looked it up on Distowatch and it seems interesting. I don't know that I've used anything based off slackware before. Fedora does support OpenVPN, I am just not sure exactly how to configure the client side of things. I've found whenever I search for how to do this it always gives instructions as if I'm going from Fedora to Fedora or Ubuntu to Ubuntu. Never from one to the other. I have set this up in windows a bunch but never in Linux and am not really sure how to do it. I would like to use cl as much as possible for getting this going, just because I think there is more control there & just user preference. ~scenicatol Tue, 07 Feb 2012 12:19:55 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37420/#37420 Hello all, I have been attempting to do this for nearly 2 weeks now and I'm at the end of my tether. I have been trying to get the web proxy (Squid) and the Content filter (DansGuardian) to use use Windows Domain Log-in details with out asking for a user name/password. I have followed this guide Here (http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,25117/) but with no avail, the problem I don't understand exactly where to put the code in the squid.conf file so help with exactly where it goes would be amazing. What I would like to see at the end of this is that the web proxy useds the current loged in users details and checks it is in the "Internet Users" group and then logs any activity as normal but uses the Domain user name unter that access so the logs reflect this. I Have the whole system set up on a Hyper-V Box so I can completely wipe and start again to do this step by step as its just a VM. I have set the system up and the content filter works great and with out a log in and filters what I have set to be filtered and if I add a user through the webconfig and set it to ask for password details it asks and accept the log-on. I would really appreciate some guide, and a step by step would be the best as my experience with Linux is basic at best. Thank you for your time, Nigel Tatschner Tue, 07 Feb 2012 11:42:24 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,13345/#37419 I Think A Free Duplicate File Finder (http://www.ashisoft.com/) Would Be Much Good Choice For Removing Duplicates Without any Cost Tue, 07 Feb 2012 11:00:20 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,30195/limit,10/limitstart,290/#37418 Thanks, This worked great. Tue, 07 Feb 2012 10:36:52 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37396/#37417 are any body here !!! i need friends help about these questions Tue, 07 Feb 2012 08:48:16 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,35/func,view/id,37304/#37416 I'm getting somewhere, and I hope people are not too impatient with a slow old windows user; Half of my problem has been not knowing the correct search terms, resulting in convoluted and often useless results, once I learned a simple search like "site to site" I saved myself much trouble in basic understanding of this configuration. The 'server' I believe is mostly setup: Running ClearOS with OpenVPN server, eth0 to my LAN, wlan0 in Managed mode connected to the remote AP. I can connect with a windows machine to the PPTP and OpenVPN server and access machines on the LAN and have routing through the pfsense server to the net. I was a little worried the encryption and slow (800mhz) CPU would cause network troubles, but throughput seems fine while the connection holds, unfortunately the connection only holds for a while then drops and I am unable to immediately reconnect, possibly data errors are causing the link to fail? The second machine is not being so helpful, the RTL-8187 USB wifi card I have is detected, but once in Managed mode fails to receive an IP from the DHCP server, when manually assigned it still fails to respond, and will not show link as up. I suspect I may need an updated driver, but the driver from raltek is in a tar.gz, and I have no knowledge of the installation process, or if this will even help. Unfortunately need to use this USB for the moment as it's a high power (2000mW) unit and the 15+km link is not sustainable with my through Ethernet>wifi AP and antenna configuration. Finally I am unsure of a simple way to setup OpenVPN in client mode on this machine connecting to the OpenVPN server. Tue, 07 Feb 2012 08:45:16 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37409/#37415 Oops. eth4 was a typo. Should be eth3 ofcourse (and -o) I do want to block ALL traffic on eth3 except the forwarding rule, also LAN to LAN so your lines will be inserted. Should I put your 2 lines instead of my to DROP-rules or in addition? Tue, 07 Feb 2012 08:37:19 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37224/#37414 Temporarily remove the MAC address line from the ifcfg-eth1 then bring the interface up. Then run an "ifconfig" to get the correct MAC address and put it back into the file. Tue, 07 Feb 2012 08:31:04 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37409/#37413 I think your first two rules need to be eth3 and not eth4 and you want -o and not -0. Also if eth3 is defined as LAN it will still have full access to the other LAN's. Do you want to block that as well? If so you will want a couple of rules:[code]iptables -I FORWARD -i eth3 -o ! eth3 -j DROP iptables -I FORWARD -o eth3 -i ! eth3 -j DROP[/code]They will need to go above your last three rules. Tue, 07 Feb 2012 08:24:44 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,20/#37412 Tim Burgess wrote: It is a little odd that apps show up in the Market before they are actually available.. (just a small hint to the team ;) ) Yeah, don't tell me I can have a Solo if you don't have any Solo. (http://stores.xnicstore.com/catalog/CSL003.SODA.jpg) :-D Tue, 07 Feb 2012 08:14:07 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37224/#37411 I seem to be getting this error now after I have copied ifcfg-eth0 to ifcfg-eth1 & changed the mac address Bringing up interface eth1: Device eth1 has different MAC address than expected, ignoring Tue, 07 Feb 2012 08:12:57 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,33858/limit,10/limitstart,20/#37410 Peter, How can i view the first version of AD connector? Tue, 07 Feb 2012 08:08:38 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37409/#37409 Hi all. I have ClearOS running with: eth0 = WAN eth1 = LAN (10.10.1.1 eth2 = LAN (10.10.2.1) eth3 = LAN (10.10.3.1) eth3 has no other function than forwarding incoming UDP-traffic on port 12345 to eth2. If neccesary I can change eth3 in a WAN-interface I have advanced firewall running. Now I want to block all traffic (in and out) on one NIC (eth3) but forward all traffic for IP 10.10.3.30 port 12345 that comes in on eth3 to IP-adress 10.10.2.20 on the LAN connected to eth2. Can I put the blocking rule in rc.firewall.local as: [code]iptables -I INPUT -i eth4 -j DROP iptables -I OUTPUT -0 eth4 -j DROP[/code] and for the forwarding part: [code]iptables -t nat -I PREROUTING -p UDP --dport 12345 -s 0.0.0.0/0 -d 10.10.3.30 -j DNAT --to 10.10.2.20 iptables -t nat -I POSTROUTING -p UDP -d 10.10.3.30 -s 0.0.0.0/0 --dport 12345 --j SNAT --to 10.10.2.20 iptables -t filter -I FORWARD -i eth3 -o eth2 -p UDP -s 0.0.0.0/0 -d 10.10.2.20 --dport 12345 -j ACCEPT[/code] This forward-rule is (with other adresses and other ports ofcourse) already in rc.firewall.local and working All help is appriciated. Tue, 07 Feb 2012 08:03:19 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,20/#37408 It is a little odd that apps show up in the Market before they are actually available.. (just a small hint to the team ;) ) Tue, 07 Feb 2012 07:56:05 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37383/#37407 Hmm that shouldn't happen! If the firewall config fails then it should start in 'panic' mode so that you still have a working connection, but without all the extra stuff that's been customised. You can normally find clues in /var/log/system For future reference you can simply replace /etc/firewall with a clean copy and your firewall should revert to its original state (after running 'service firewall restart') Tue, 07 Feb 2012 07:45:44 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37401/#37406 ClearOS does not know where the 192.168.88.0/24 subnet is. You will need to add a route for it to route the whole subnet via your VPN. Try something like:[code]ip route add 192.168.88.0/24 dev tun0[/code]There is also the "route" command which can achieve the same sort of thing. Tue, 07 Feb 2012 07:39:03 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37399/#37405 I don't know fedora, but I'd go for OpenVPN. Can you not download the necessary packages in FC? I use OpenVPN in Porteus (a whacky distro) and for a GUI for it I use kvpnc. The only dependency I needed was iproute2 which is included in many distros. All I did to configure it was download the certificate and configuration files from ClearOS then import them into kvpnc. Put them all in one directory and the certificates are imported automatically when you import the .ovpn configuration file. In kvpnc I also modified the route option to keep my default route rather than replace it. I then start and stop OpenVPN through kvpnc. It can also be done from the command line but this was the easier solution for me. Tue, 07 Feb 2012 07:20:32 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,35586/#37404 Are you sure you want to add those lined to /etc/rc.d/rc.firewall.local? That file gets run every time the firewall is reloaded, e.g. when you change a firewall rule in the webconfig. If you want the line to just execute once on start up, add it to /etc/rc.d/rc.local. Tue, 07 Feb 2012 07:12:24 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,30195/limit,10/limitstart,290/#37403 We had this as well ... with 70 users and about 160GB database ... outlook worked fine, but it got slower and slower.. then realised that the more ipad and samsung users the slower it got .. webconfig logs showed that Maxclients needed raising solution seemed to be to tweak apache and raise maxclients / servers etc.. note: we discovered that you need to tweak /usr/webconfig/conf not the regular apache one This solved all our speed problems with webaccess: Timeout 300 KeepAlive On MaxKeepAliveRequests 1000 KeepAliveTimeout 15 MinSpareServers 5 MaxSpareServers 20 StartServers 8 MaxClients 256 MaxRequestsPerChild 4000 MaxKeepAliveRequests 100 KeepAliveTimeout 15 Listen 81 Listen 82 Tue, 07 Feb 2012 05:12:27 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37395/#37402 Thanks Peter! will have a look hopefully later today :) Tue, 07 Feb 2012 04:48:56 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37401/#37401 hii all i just trying to setup a site to site VPN with OpenVPN im using ClearOS as OpenVPN Server and i user Mikrotik RouterOS as Client and router i setup my clearos as standalone-nofirewall server the topology : [img]http://www.clearfoundation.com/images/fbfiles/images/ovpn.jpg the Openvpn connection handshake is successfully establish it need some modification in /etc/openvpn/client.conf 1. removing comp-lzo, coz mikrotik not support it 2. change proto from udp to tcp, coz mirkotik not support udp it too and adding this iptables iptables -A FORWARD -i tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -j MASQUERADE from mikrotik and client network, i can access remote network without any problem but when i try to access client network it not working from 172.16.99.10 i cant ping to 192.168.88.1 but i still can ping to openvpn server and client virtual ip 172.16.0.1 and 172.16.0.10 from ClearOS server i still stunk with this case and still trying to googling around to find the answer fyi here is my configuration a have another question why everytime i start the openvpn servis automaticaly tun0 was define ip 172.16.0.1 but in route only it define ip 172.16.0.2 ClearOS-client.conf [code] port 1194 proto tcp dev tun ca /etc/ssl/ca-cert.pem cert /etc/ssl/sys-0-cert.pem key /etc/ssl/private/sys-0-key.pem dh /etc/ssl/dh1024.pem auth-nocache server 172.16.0.0 255.255.255.0 keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun ifconfig-pool-persist /var/lib/openvpn/ipp.txt status /var/lib/openvpn/openvpn-status.log verb 3 plugin /usr/share/openvpn/plugin/lib/openvpn-auth-ldap.so /etc/openvpn/auth-ldap push "dhcp-option DNS 172.16.99.3" push "dhcp-option WINS 172.16.99.3" push "dhcp-option DOMAIN terminix.co.id" push "route 172.16.99.0 255.255.255.0" [/code] ClearOS-iptables [code] iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain drop-lan (0 references) target prot opt source destination DROP all -- anywhere anywhere [/code] ClearOS-Route [code] Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 172.16.0.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0 172.16.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 172.16.99.1 0.0.0.0 UG 0 0 0 eth0 [/code] ClearOS-ipp-txt [code] router01,172.16.0.8 [/code] ClearOS-ifconfig tun0 [code] ifconfig tun0 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:172.16.0.1 P-t-P:172.16.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:575 errors:0 dropped:0 overruns:0 frame:0 TX packets:685 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:54007 (52.7 KiB) TX bytes:82286 (80.3 KiB) [/code] Mikrotik OpenVPN client Configuration -- IPAddress -- [code] # ADDRESS NETWORK INTERFACE 0 192.168.88.1/24 192.168.88.0 bridge-local 1 D 182.4.252.25/32 10.112.112.130 ppp-out1 -- Dial Up Modem 2 D 172.16.0.10/32 172.16.0.1 ovpn-out2 -- interface OpenVpn client [/code] -- IP Route -- [code] # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADS 0.0.0.0/0 10.112.112.130 1 1 ADC 10.112.112.130/32 182.4.252.25 ppp-out1 0 2 ADC 172.16.0.1/32 172.16.0.10 ovpn-out2 0 3 A S 172.16.99.0/24 ovpn-out2 1 4 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0 [/code] Tue, 07 Feb 2012 03:40:23 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,33/func,view/id,16447/limit,10/limitstart,140/#37400 Just so you threadwatchers know. Tim has recompiled memcached to use libevent2. This removes the EPEL repo requirement and maintains compatibility with the other packages in the timb and timb-testing repos. just make sure you don't yum remove the packages as that will uninstall SOGo as well and that causes a lot of headaches. Tue, 07 Feb 2012 03:23:17 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37399/#37399 Hello everyone, I have another project I'm working on and need some help. I am trying to setup a basic HTPC for my new place and want to use fedora desktop (I am currently using 15) and I would like to be able to connect it to my two remote clearos servers that host some media.. music/videos etc. What is the best VPN for the job?? And how do I configure it?? I haven't found much luck on a solid way of installing all these VPN's every website seems to have a different way of accomplishing this. Any light anyone could shed on this would be awesome, thank you much for your help in advance! ~scenicatol Tue, 07 Feb 2012 03:12:21 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,14512/limit,10/limitstart,20/#37398 Typo fixed thanks! Tue, 07 Feb 2012 02:47:17 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,30195/limit,10/limitstart,290/#37397 Hi, Since I upgraded to the 7.x the web access is extremely slow. Any idea what is going on and how to fix it? Thanks Tue, 07 Feb 2012 00:41:21 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37396/#37396 hi i am configure clearos to my vps when i wanna open fisrt page i am write h t t p: / / ip address but i cannot see first page what should i do ? second question : i wanna set and configure sucks and https for proxy and i wanna ras it to my radius server do clearos any setting about ras it to my radius server ? thank you for your patience Mon, 06 Feb 2012 21:59:00 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37395/#37395 Hi all, For end users I added Tim's miniupnpd package to the build system and the RPM is ready for testing. To install and run it: [code] yum --enablerepo=clearos-test install miniupnpd service miniupnpd start [/code] I think that's it. Please report back here on how things are working. For hackers I bumped the version to the latest one available. The rest is all Tim's work. For those of you who plan on diving into the build system, you will need to upgrade the clearos-devel package to get the "mockbuild" step working (as described in one of the packaging docs (http://www.clearfoundation.com/docs/developer/packaging/building_an_rpm_-_build_system#mock_build)). You will also need to install the iptables-devel dependency if you want to build the RPM on your system: [code] yum --enablerepo=clearos-dev install iptables-devel clearos-devel [/code] For Tim and any others who would like to make changes, you can add patches, as well as update the config and init scripts in CVS. When you are ready to push it to the build system, just let me know. The documentation on the process is here (http://www.clearfoundation.com/docs/developer/packaging/contributing_and_patching_rpms), but it might need a few updates. Mon, 06 Feb 2012 21:25:11 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37383/#37394 ok, I reinstalled ClearOS. Now all is dandy. :( Mon, 06 Feb 2012 21:22:40 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,35586/#37393 I've had mine up for several days now so it looks stable enough. I think the trouble is that the bond is just not starting when it "should". I had to shut everything down today (they are putting new power poles up in the neighbourhood). I'm looking at adding a few lines to /etc/rc.d/rc.firewall.local to get pptp working. I'll see what happens when I add these two lines also: ifenslave bond0 eth1 eth2 ifup bond0 maybe with a bit of a wait in there too. Mon, 06 Feb 2012 21:00:48 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,10/#37392 That would do it. I assumed that it was pushed out into the market because they removed Beta 3 from the roadmap. Looks like I was mistaken. Mon, 06 Feb 2012 20:28:10 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36728/#37391 Peter Smith wrote: But no web server????? when please?????. In the next release (likely RC1). The web server virtual host folders use the Flexshare engine under the hood, so that needed to be done first. Mon, 06 Feb 2012 19:45:30 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36728/#37390 Tim I installed from the same cd as I used in my 1st post in this thread and before I did anything went to the command line and did an upgrade and most if not all of the beta 3 files downloaded, once this was completed I had what appeared to be a reasonably stable and functioning standalone system system. But no web server????? when please????? I had previously logged into the ClearSDN portal and found the system name I had used in the previous attempt was there but had never showed up in my registration attempts, I deleted the generic clearos system name and reused the other name. Perhaps I should have deleted both names and done a complete new registration. Mon, 06 Feb 2012 19:36:10 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,4427/limit,10/limitstart,190/#37389 Just so people are aware, the newly compiled memcached does appear to work. If your giving it a go remove the existing memcached and libevent with rpm -e --nodeps otherwise you need to do lots of faffing about if SOGo gets removed by accident. I've still got some issues but I think they're all because of that. To install you need to enable both timb and timb-testing. I've been testing using the official SOGo 1.3.11 repo Mon, 06 Feb 2012 19:09:02 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,10/#37388 Seth P wrote: Hey all, I just got 6.2 Beta 3 installed. Looks great! I am having a problem getting the Flexshare app installed via the market. I enabled web services in ClearSDN for the server that I'm testing out 6.3 Beta 3 on. I have gotten other apps like multiwan and intrusion protection installed without a hitch, but when I try to install the Flexshare app or the Print Server app the webconfig installer comes back with "Error, no packages selected for install." in the Details box. Any clues why this is happening? -Seth Seth, Both flexshare and print server aren't available yet they will be soon most likely as the roadmap has now removed beta 3 and on to working on RC1 Mon, 06 Feb 2012 18:55:21 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37383/#37387 I just yum removed app-firewall-advanced-5.2-10 and app-firewall-custom, rebooted, but still the same problem. AHHH! :) Mon, 06 Feb 2012 18:50:18 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,14512/limit,10/limitstart,20/#37386 I could not install using "yum --enablrepo=timb install app-network-scanning " I kept getting "Command line error: no such option: --enablrepo" I needed to add an "e" to enablErepo Mon, 06 Feb 2012 18:30:39 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37383/#37385 Wow, all clients lost internet connection, too..... This is not good. Mon, 06 Feb 2012 18:26:59 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37374/#37384 Created a new thread for that issue here: http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37383/ Mon, 06 Feb 2012 17:59:55 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37383/#37383 Hello! I installed the "Firewall - advanced module" and "Firewall - custom rules" to my relatively new 5.2 install. Immediately after installing these two modules, then rebooting the server, when I go into my Firewall settings in Webconfig, they're no longer showing. I know for sure that the rules I had in there are still active, they're simply not showing. Moreover, I just tried to enable OpenVPN for the first time. It told me that it was running but that the firewall was preventing access. Clicking the button to enable OpenVPN access through the firewall doesn't seem to work. After clicking it, the page refreshes and shows the same message. I can also not manually add any new firewall rules in the firewall section. Has anyone seen this happen before and know of a fix? Thanks! Tony Mon, 06 Feb 2012 17:59:19 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37374/#37382 That was interesting. I installed the advanced firewall module, rebooted, then when I looked at the Firewall settings, all of my rules and DMZ settings aren't showing. They're definitely still active, but I can't see them in webconfig any longer. Known issue?? Mon, 06 Feb 2012 17:32:19 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37374/#37381 Oh, well, then that would explain why I don't see an option like that in webconfig! I'll go install the Advanced Firewall Module, assuming I can post-ClearOS install. I'll read up on how to do that. Thank you!! Mon, 06 Feb 2012 17:23:36 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37353/#37380 I am surprised you need the "-m state" bit and without some more reading I am not sure it is correct. On the other hand if you block "new", you will never get an "established". I also so not see anything there to block outbound ssh as the destination in each rule is always your internal one. The "-m multiport" just stops you having to specify so many single port rules. One thing, if this is for you to administer your system when away from it in specified locations, had you thought of using a VPN straight into your network? This would bypass the need for these firewall rules. A VPN would be best if you had a laptop or fixed machines in those locations which you are allowed to administer yourself. Mon, 06 Feb 2012 17:09:14 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,10/#37379 Hey all, I just got 6.2 Beta 3 installed. Looks great! I am having a problem getting the Flexshare app installed via the market. I enabled web services in ClearSDN for the server that I'm testing out 6.3 Beta 3 on. I have gotten other apps like multiwan and intrusion protection installed without a hitch, but when I try to install the Flexshare app or the Print Server app the webconfig installer comes back with "Error, no packages selected for install." in the Details box. Any clues why this is happening? -Seth Mon, 06 Feb 2012 17:07:05 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37378 Nick Howitt wrote: Yes. Add forwarding blocks in iptables:[code]iptables -I FORWARD -p tcp --dport 53 -j DROP iptables -I FORWARD -p udp --dport 53 -j DROP[/code]This means only lookups originating from ClearOS will get out, possibly except if you use a non-transparant proxy. You will then have people crying out that they can't access the internet. Another possible way is to redirect their requests to ClearOS in the prerouting table with something like:[code]iptables -t nat -I PREROUTING -p tcp --dport 53 -d ! 192.168.0.75 -i eth1 -j DNAT --to-destination 192.168.0.75 iptables -t nat -I PREROUTING -p udp --dport 53 -d ! 192.168.0.75 -i eth1 -j DNAT --to-destination 192.168.0.75[/code]I've never tried this before but it may well work. It would have the advantage of being totally transparent to the user if it works. Nice, that seems to work. I tried the second method. I just wish opendns would hurry up with collecting stats so I can verify that my local dns queries are not going outside anymore. Mon, 06 Feb 2012 17:03:37 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37353/#37377 I might have this working. Had to add -m state --state NEW for the first drop rule. Mon, 06 Feb 2012 16:18:11 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37353/#37376 OK, so I added forward rules like you showed-- and for incoming connections, it's working just like I had hoped. COOL. But now, from the internal host, I can't ssh *out*. Mon, 06 Feb 2012 16:09:19 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37374/#37375 Use an Advanced Incoming Allow rule instead, assuming you have the advanced firewall module installed. Mon, 06 Feb 2012 16:06:44 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37374/#37374 Hello! I've tried figuring this out on my own by playing around, searching the forums and searching the user guides. I want port 81 (for webconfig) to be open only to the IP address at my work. Meaning, I want to be able to access webconfig on my home ClearOS box from work, but don't want anyone else to be able to see that port is open. Is there a way to do this? Currently, I have an Incoming Connections rule enabled for port 81, but I can't see anyway to limit it so that it's only from a specific IP. Thank you! Tony Mon, 06 Feb 2012 15:28:52 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37373 Yes. Add forwarding blocks in iptables:[code]iptables -I FORWARD -p tcp --dport 53 -j DROP iptables -I FORWARD -p udp --dport 53 -j DROP[/code]This means only lookups originating from ClearOS will get out, possibly except if you use a non-transparant proxy. You will then have people crying out that they can't access the internet. Another possible way is to redirect their requests to ClearOS in the prerouting table with something like:[code]iptables -t nat -I PREROUTING -p tcp --dport 53 -d ! 192.168.0.75 -i eth1 -j DNAT --to-destination 192.168.0.75 iptables -t nat -I PREROUTING -p udp --dport 53 -d ! 192.168.0.75 -i eth1 -j DNAT --to-destination 192.168.0.75[/code]I've never tried this before but it may well work. It would have the advantage of being totally transparent to the user if it works. Mon, 06 Feb 2012 15:28:31 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37353/#37372 I will try that--- I actually had FORWARD rules specified almost exactly as you showed, but I did not have the -m multiport in there. Stay tuned. Mon, 06 Feb 2012 15:23:15 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37353/#37371 I am a bit stuck here. I can limit the forwarding to multiple ports in one rule, but although the manual allows it, I cannot limit iptables to multiple addresses in one rule. This makes it much more cumbersome. It would mean duplicating the prerouting multiple times (or as I am doing, duplicating the forwarding rules) allowing each address then adding a block rule afterwards e.g: [code]iptables -I FORWARD -p tcp -d 192.168.1.10 -i eth0 -j DROP iptables -I FORWARD -p tcp -s 1.2.3.4 -d 192.168.1.10 -m multiport --dports 22,81,443 -j ACCEPT iptables -I FORWARD -p tcp -s 2.3.4.5 -d 192.168.1.10 -m multiport --dports 22,81,443 -j ACCEPT[/code] You will need another set for UDP. The order of entry is important. The drop rule must come before the accept rule in your list as it gets applied first (so ends up lower down the rule listing in iptables so gets executed after the accept rule. Alternatively just add a lot of advanced forwarding rules. That may be easier in the end for you to understand. Mon, 06 Feb 2012 15:09:27 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37370 I have another question for you Nick. I have openDNS set as my DNS servers on COS. I have alot of computers in the lan that are set as static IP's, and some of them dont necessarily have my COS box as the DNS server. Some of them may have a random dns server or have it set specifically as opendns servers. The problem is, opendns filtering/shortcuts arent forced on them. Is there a way to force all traffic going through the COS box to use the specified DNS servers? Mon, 06 Feb 2012 14:27:49 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37369 Yeah, I hate DSL. It is very frustrating, especially verizon. WinSCP worked out beautifully. I was able to edit those files no problem. I had been using putty, but its substantially easier to get around using winSCP and not having to do everything from CLI. For the benefit of the thread, here is what I did.. originally from Nicks thread (http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,33723/) The only way so far to stop the portrait.lan queries going out into the wild are to have the line "local=/portrait.lan/" in dnsmasq.conf and 127.0.0.1 in resolv.conf. I still cannot understand why there is even a request for image.clients.portraitexpress.com. It just defies logic. Thank you very much for all of your input Nick. You are exactly who I was hoping would chime in on this thread. Mon, 06 Feb 2012 14:16:41 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,33858/limit,10/limitstart,20/#37368 Hi DavidAdams and Arnold. The first version of the Active Directory Connector is available, but I would wait for the updated version that is coming out shortly (with the release of ClearOS Professional Beta 3). If you send a quick note to me (pbaldwin@clearcenter.com) with your ClearCenter account name, I'll make sure there's an evaluation subscription added to your account -- I'm not sure the self-serve evaluation will be available in Beta 3. Mon, 06 Feb 2012 13:05:57 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37353/#37367 This is what I have now: External addr is 141.106.224.101, internal is 192.168.1.10. I certainly wouldn't mind just setting up regular NAT, and then limiting via custom rules, but I've tried many things (including using rules in the forward chain), but it hasnt worked as I need. Basically, what I'm looking for is - once I have the NAT set up (which works fine), I want to LIMIT the connections incoming to that host not just by port-- but by port AND source IP. I don't know yet how many I will have, could be 2, could be a dozen. If I can get an example rule (or rules) (and how,where to add it) that would solve the following case, I would be all set: "deny everything else, but allow incoming SSH from hosts 1.2.3.4 and also 2.3.4.5". That would be SUPER heplful! I am not concerned about OUTBOUND access. In fact, having outbound wide open is fine. I just need to lock down inbound. Here;s what that command shows: Chain PREROUTING (policy ACCEPT 961 packets, 96649 bytes) pkts bytes target prot opt in out source destination 1 60 DNAT tcp -- * * 0.0.0.0/0 141.106.224.101 tcp dpt:22 to:192.168.1.10 Chain POSTROUTING (policy ACCEPT 78 packets, 5233 bytes) pkts bytes target prot opt in out source destination 7 475 SNAT all -- * * 192.168.1.10 0.0.0.0/0 to:141.106.224.101 0 0 SNAT tcp -- * * 192.168.1.0/24 192.168.1.10 tcp dpt:22 to:192.168.1.1 0 0 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 139 packets, 8655 bytes) pkts bytes target prot opt in out source destination Mon, 06 Feb 2012 12:49:26 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/limit,10/limitstart,10/#37366 OK you have a direct cable connection which makes your set up a bit easier. It would be bridged if it were ADSL. I don't know the terminology for cable (even though I have it as well). vi - yuck, especially if you have not used it before. If you want a Linux editor use nano which is in ClearOS. Even better is to use WinSCP on a Windoze machine which creates an SSH connection to your server. WinSCP (graphical file manager) and PuTTy (remote console) are essential tools to administer ClearOS from a Windoze PC. You are not seeing module names as there aren't any kmod modules for your cards. The three you have must all be pretty well established so the built in drivers should be OK. I would have to research it more to see if there were more up to date drivers than the ones you have. You could do that as easily. Do something like "modinfo via-rhine" to get the version number then google. I am not qualified to compare Smoothwall and ClearOS/iptables but as they are both Linux based I would expect them to be very similar, if not the same in terms of robustness. The difference may really only be the interface. Mon, 06 Feb 2012 12:13:47 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/#37365 Nick Howitt wrote: Out of interest are eth0 and eth2 configured as ethernet or PPPoE and are your WAN's ADSL or cable? They are ethernet on cable modems. My ethernet adapter receives my public IP address, so I believe that is called bridged? I have no control over it. Mon, 06 Feb 2012 11:48:50 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37269/#37364 Nick Howitt wrote: Chris Fournier wrote: Was the final post in that thread what I should go with for fixing the dns? Did you ever figure out why that was happening? Yes. That fixed it for me. Remember to restart dhcpd after doing the updates. I did not figure out why it was doing it. Note that none of this appeared to affect DNS performance. Ater I get a few cups of coffee in my I will give that a shot. I am fairly inexperienced with using linux. Is "vi" the editor I would want to use? With regards your current set up I am not sure what the issue is and I think it should work. It probably could be done differently with all three WAN's coming into ClearOS then have two LAN interfaces, one a DMZ and the other as a normal LAN. Attach the FTP and webserver to the DMZ and look at using 1-to-1 NAT to connect your external IP to the webserver. Normally the ClearOS firewall isolates the LAN from the DMZ but it is easy to make specific holes in the firewall to you can connect from LAN (or specific LAN machines) to DMZ and not the other way round. I am not familiar with 1-to-1 NAT but I believe it will do what you want. I have read that it causes complications with IIS, it would also be nice to not have two boxes in the closet basically doing the same thing. Would you say the firewall in COS is just as robust as smoothwall? Output of kmodscan [code] Using existing Elrepo.org DeviceIDs at /var/webconfig/tmp/DeviceIDs Scanning hardware information... You are running Kernel: 2.6.18-194.8.1.v5 notice: Undefined offset: 4 - /usr/local/sbin/kmodscan (159) Name (Location) [PCI ID ] [Hwconf Driver ] [Elrepo Driver ] [Type] Hwaddr Device Silicon Integrated Systems [SiS] SiS645DX Host & Memory & AGP Controller (00:00.0) [1039:0646] [ ] [ ] [Host bridge] Silicon Integrated Systems [SiS] Virtual PCI-to-PCI bridge (AGP) (00:01.0) [1039:0001] [ ] [ ] [PCI bridge] Silicon Integrated Systems [SiS] SiS961 [MuTIOL Media IO] (rev 10) (00:02.0) [1039:0961] [ ] [ ] [ISA bridge] Silicon Integrated Systems [SiS] USB 1.1 Controller (rev 07) (00:02.2) [1039:7001] [ohci-hcd ] [ ] [USB Controller] Silicon Integrated Systems [SiS] USB 1.1 Controller (rev 07) (00:02.3) [1039:7001] [ohci-hcd ] [ ] [USB Controller] Silicon Integrated Systems [SiS] 5513 [IDE] (rev d0) (00:02.5) [1039:5513] [pata_sis ] [kmod-pata ] [IDE interface] RPM installed : package kmod-pata is not installed Module loaded : /lib/modules/2.6.18-194.8.1.v5/kernel/drivers/ata/pata_sis.ko Module version: 0.5.2 Silicon Integrated Systems [SiS] SiS900 PCI Fast Ethernet (rev 90) (00:03.0) [1039:0900] [sis900 ] [ ] [Ethernet controller] 00:50:2c:04:70:d9 eth2 VIA Technologies, Inc. VT6105/VT6106S [Rhine-III] (rev 86) (00:09.0) [1106:3106] [via-rhine ] [ ] [Ethernet controller] 00:40:f4:89:4f:e5 eth0 Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10) (00:0b.0) [10ec:8139] [8139too ] [ ] [Ethernet controller] 00:50:bf:ea:23:22 eth1 ATI Technologies Inc Radeon RV200 QW [Radeon 7500] (01:00.0) [1002:5157] [radeonfb ] [ ] [VGA compatible controller][/code] It does not seem to show the names of the drivers. Is that a good or bad thing? Its a little redundant, but here is the output of the other commands you requested. Output of lspci -v | grep Eth [code]00:03.0 Ethernet controller: Silicon Integrated Systems [SiS] SiS900 PCI Fast Ethernet (rev 90) 00:09.0 Ethernet controller: VIA Technologies, Inc. VT6105/VT6106S [Rhine-III] (rev 86) 00:0b.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)[/code] Output of grep eth /etc/modprobe.conf [code]alias eth1 8139too alias eth2 sis900 alias eth0 via-rhine[/code] Output of uname -r [code]2.6.18-194.8.1.v5[/code] Mon, 06 Feb 2012 11:46:29 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,33858/limit,10/limitstart,20/#37363 Arnold wrote: I wanted to test the active directory connector, but i cant install it. not avaible? Same here, I click on the link in the web interface and it takes me to the marketplace with nothing available. Pity as we are in the process of a WAN based active directory config and the ability to have the same user base across all ClearOS locations would be good. Something else that would be nice and I can't seem to find a mention of if/when it is going to happen is Central Management. We have 15 systems scattered across Europe and the Far East and having to check for updates and patches one by one is time consuming and error prone. Mon, 06 Feb 2012 11:21:34 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,10/#37362 Hi Tim, In theory, the RADIUS app in version 6 should behave the exact same way. The version 5 release was converted over to the way things are done in 6, but the app has not been verified. Mon, 06 Feb 2012 11:06:49 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37353/#37361 Can you give the output of "iptables -t nat -L -n -v". Also how many from IP addresses do you want to allow? Mon, 06 Feb 2012 10:50:47 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,33858/limit,10/limitstart,20/#37360 I wanted to test the active directory connector, but i cant install it. not avaible? Mon, 06 Feb 2012 10:46:56 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,10/#37359 Just a router with RADIUS support :) e.g. I had my wireless router hooked up to ClearOS via a wired port, then configured the RADIUS support on the router, and added the router local IP to the ClearOS RADIUS config as a permitted station. Mon, 06 Feb 2012 10:36:35 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37279/#37358 ok, when run install or update app not RUN on dual application, one via webwin and one via putty Can Clearos make run together when install or update any app? On putty: [root@system ~]# yum update Loading "fastestmirror" plugin Loading "protect-packages" plugin Loading "kmod" plugin Existing lock /var/run/yum.pid: another copy is running as pid 19183. Another app is currently holding the yum lock; waiting for it to exit... Another app is currently holding the yum lock; waiting for it to exit... Another app is currently holding the yum lock; waiting for it to exit... Another app is currently holding the yum lock; waiting for it to exit... Another app is currently holding the yum lock; waiting for it to exit... Another app is currently holding the yum lock; waiting for it to exit... Another app is currently holding the yum lock; waiting for it to exit... Another app is currently holding the yum lock; waiting for it to exit... Another app is currently holding the yum lock; waiting for it to exit... Mon, 06 Feb 2012 10:35:20 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37279/#37357 hai tim, thanks for respon. so sorry, this is not about achive only but this is about how to make idea for dedicated to learning and many people can control system that server. plus poin my school where i'am work has CCTV for video streaming, and until today that project for CCTV online Via Public IP not realized. but, I sure that that project will realisation any time. now i will explorer Server ClearOS. "Where ther is will ther is way", that is my motto Mon, 06 Feb 2012 10:29:19 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36022/limit,10/limitstart,10/#37356 I had tried both Firefox and Opera. Firefox was version 8.0.1......as I was checking it under the About Tab, it updated itself to 10.0......I am downloading a copy of the 64 bit 6.2 right now to check if that was the issue. Opera is version 11.61. I will update you guys when I have results. Have a great morning! Sir Who Mon, 06 Feb 2012 10:28:58 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,10434/limit,10/limitstart,40/#37355 Hi Andri, I'll work with Darryl to get the latest source code out late this week. One of the goals is to provide a template/demo on what needs to get done on both ClearOS and Android. Copy, paste, run with it! I'll keep you posted. Mon, 06 Feb 2012 10:21:20 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36022/limit,10/limitstart,10/#37354 We're stumped on this one. We have looked through the logs and stats and the servers look fine. We haven't changed anything with our mirrors in the last couple of years (though we are rolling out new infrastructure right now), so we're looking for other potential causes: - An issue with our data center (note: the two reported IPs come out of two different data centers, but the same provider - SoftLayer) - A web browser change - Other If you don't mind me asking... what web browser are you using (if you were using a browser)? What version? Mon, 06 Feb 2012 10:01:40 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37353/#37353 Hi- New clearos user here. Looks cool! So, I'm about 90% of the way there. I have my clearos box protecting two servers. Each server is set up with 1-1 NAT, allowing only SSH access. So far, so good. Looks like this: eth0: WAN eth1: 192.168.1.1 (1-1-nat, ssh) eth2; 192.168.2.1 (1-1-nat, ssh). What I need however, is not just allowing SSH, but to allow ssh ONLY FROM CERTAIN IP addresses. I am pretty sure I need a "custom" firewall rule(s) here, but everything I've tried doesn't work, the ssh is always allowed in no matter what. Any input to my situation would be greatly appreciated..! Mon, 06 Feb 2012 10:00:27 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37224/#37352 THANK nICK THAT wORK Mon, 06 Feb 2012 09:40:05 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37321/#37351 If you are connected but can't access resources, is your new LAN subnet the same as your old? If it is not the same, are the subnets different at each end of the tunnel? Mon, 06 Feb 2012 08:57:51 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37321/#37350 Yes i did and server shows me connected i just cant access any network resources. I have 1 device i can reach which is a cisco ATA. I was able to connect to PBX GUI once, but it stopped working and all my static routes read inactive. Mon, 06 Feb 2012 08:38:38 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36022/limit,10/limitstart,10/#37349 Just point me in the direction you guys need me to go. I finally got a copy of 6.2 to make it all the way. Installed it and had issues naming items....I threw in the towel as I had an angry wife waiting to stream TV shows. I said "Self, let's make this painless and download 5.2. I had similar luck with downloading the image for 5.2. I had no luck with the torrent link that Tim had posted. I went over to TPB and got a good torrent for 5.2. I have that running currently on the new rig. Will help you guys any way I can. Appreciate the time, skill and patience that is put in to this fine product. Just have come to conclusion that no One Tree Hill for wife and no FTP for work makes for a grumpy Me! SIr Who Mon, 06 Feb 2012 08:07:11 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,10434/limit,10/limitstart,30/#37348 may I ask the source of ClearMonitor.apk ? I have an idea to build an Android app to monitor ClearOS. And it would be my project to graduate from my college. I hope some people here can help me and suggest me about how to develop a monitor app for ClearOS. Thanks. Mon, 06 Feb 2012 06:28:48 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,37160/limit,10/limitstart,10/#37347 Tim Burgess wrote: Hi Peter, I tested the radius implementation/howto doc for David on ClearOS 5.2 and it worked OK then! http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap It permits user based authentication across wireless access points - so you login to your wireless network using your user credentials stored in LDAP, rather than an obscure (and usually private) WEP or WPA2 shared key. I believe it also extends to other applications That sounds quite good Tim, does that mean the clearos would need to be the wireless server for this to work or do you need a router that has radius support for it to do this? Mon, 06 Feb 2012 05:18:58 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,18/func,view/id,31829/#37346 thanks Tim...... saw it in 'recent discussions' didn't notice the original post was old Mon, 06 Feb 2012 04:37:20 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,32204/limit,10/limitstart,10/#37345 *Update* This has now occured to my office server as well. I believe it was after a Windows 7 machine was connected. It may be that SP1 caused the problems. Shame, I would have liked to have cached Windows update but I can't justify the risk of losing all download quota. Mon, 06 Feb 2012 04:10:30 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37344/#37344 Hello everyone, I have a pool of public IP addresses frmo my provider at my disposal, so I have given the ClearOS box the first one, and then the others (when needed) are added as virtual interfaces to the plugged in eth0 interface (eth0:1, eth0:2 etc...) My question is - if I have a service (a server or even one particular service on that one of my servers) that I would want to use a different outgoing IP, is this possible to setup? I have a different server with smtp and I am having a few problems with the mx record pointing to a different incoming ip address, than the address that the smtp is using for outgoing traffic. So what I need to do is setup all outgoing traffic (to that server) to go through a different ip than the first one in the pool. Marcin Sun, 05 Feb 2012 17:09:58 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37294/#37343 ok, that makes good sense. Tim / again , thanks for the answer :) Sun, 05 Feb 2012 17:00:35 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,37300/#37342 I expected the group and permissions to be set by samba. The samba config should set teh create mask to 664, Seems to be not the case. [all] path = /var/flexshare/shares/all comment = Flexshare - browseable = Yes read only = No guest ok = No directory mask = 775 create mask = 664 valid users = @"%D\gebruikers" veto files = /.flexshare*/ recycle:repository = .trash/%U recycle:maxsize = 0 recycle:versions = Yes recycle:keeptree = Yes recycle:touch = No recycle:directory_mode = 0775 audit:prefix = %u audit:success = open opendir audit:failure = all I discovered that saving a file inside a program behaves different form copying or moving files. I have the impression that osx is setting the rights. Moving a file seems to keep the rights as they were before the copy. Sun, 05 Feb 2012 16:30:47 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37302/#37341 yeah, i kinda figured that out, and thought about it.. it was just too late to remove this question found a way to let the filter work the way i want it(sepparate files for different kinds of custom blocked content). gosh.. i feel stupid Sun, 05 Feb 2012 16:22:25 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37294/#37340 They both apply to the box only, but the antispam and antimailware scanning can be configured to scan mail passing through in a "transparent" mail server configuration. This assumes you use the ClearOS SMTP (postfix) service, mail is delivered to your ClearOS box, and you add a mail forward desintation in your SMTP config Sun, 05 Feb 2012 15:46:56 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37303/#37339 It would be setup as this: Spam Server On Separate Machine ----> Iredmail (Postfix/MysqlDovecot) On a Other Separate Machine. Sun, 05 Feb 2012 15:45:43 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37302/#37338 Hi Frank, custom content filter groups only work with the proxy when user authentication is turned on, not transparent mode. Otherwise the server isn't able to identify the traffic! Sun, 05 Feb 2012 15:40:27 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37303/#37337 I've seen it setup as a transparent spam filter for internal mail servers normally..not external I guess its possible? assuming the MX records for the domains all point to the right place. Will ClearOS be the final mail destination? or an intermdiate server before finising at Iredmail? Sun, 05 Feb 2012 15:37:52 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,18/func,view/id,31829/#37336 This thread is 5months old...i'm not sure this problem still exists! :) Sun, 05 Feb 2012 15:35:50 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36022/limit,10/limitstart,10/#37335 @Tim, I think that if you have a download failure and ping soon after, depending on the DNS cache expiry time you will get the same IP returned when you do the download and when you ping the server. Sun, 05 Feb 2012 15:34:20 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,6874/limit,10/limitstart,20/#37334 You can always add it to the Wish List (http://www.clearfoundation.com/Wishlist/ClearFoundation.html)! Sun, 05 Feb 2012 15:33:51 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36022/limit,10/limitstart,10/#37333 Tim, Hmm ping download.clearfoundation.com will simply return one of the numerous mirrors. As it changes it doesn't relate to the mirror you actually downloaded from? This also crossed my mind. A other user pinged download.clearfoundation.com and came up with this IP address: 66.98.128.134. He had troubles downloading the iso from this server. I've reported this with Peter. Sun, 05 Feb 2012 15:32:43 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,36/func,view/id,37293/#37332 Minor point but account queries and anything subscription related should really be sent to ClearCenter, not ClearFoundation - as they provide these services for the ClearFoundation Thanks Marcel for the link Sun, 05 Feb 2012 15:32:10 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37210/limit,10/limitstart,10/#37331 Hi Carl, in your exmaple above, you posted a successful local connection using port 2121. It also logs the successful passive connection (a second connection on a much higher port range) But then you appear to try to connect using the External IP but port 21? should it not be port 2121? Even if you manage to forward the port, i'm not convinced you will be able to configure the passive connection. (This is why your FreeNas needs to know your External IP, so that when the client requests the data connection it sends back the right IP. Some FTP clients like Filezilla can automatically compensate for this and substitute the WAN IP) See for example http://wiki.filezilla-project.org/Network_Configuration#Passive_mode_2 Sun, 05 Feb 2012 15:30:33 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36022/#37330 Hmm ping download.clearfoundation.com will simply return one of the numerous mirrors. As it changes it doesn't relate to the mirror you actually downloaded from? Can you confirm if this is the mirror you used for the download? [code][root@server ~]# dig download.clearfoundation.com ; DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 download.clearfoundation.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER Sun, 05 Feb 2012 15:23:04 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/func,view/id,37046/#37329 Hi Kenneth, is there a reason why your service can't bind using the 'cn=manager,cn=internal,dc=domain,dc=com' credentials? This would automatically give it access to the whole database without messing your LDAP config up I'm no LDAP ACL expert, but I know they are processed in order from top to bottom, and your additional rule will only match the rootDN for that customer/user. You'll need to broaden the dn if you want more global access, but your at risk of hosing your LDAP database Have you read? http://www.openldap.org/doc/admin24/access-control.html Sun, 05 Feb 2012 15:20:11 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36728/#37328 Hi Peter, I believe this cropped up for existing account holders in the early alphas. Thanks for the feedback, did you register a new system using existing ClearCenter credentials? or register a new account entirely? Sun, 05 Feb 2012 15:15:46 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37253/#37327 you can modify the SPAM threshold and quarantine levels via the webconfig. By default they are quite high, and let what I believe to be spam through. In this instance, you want to lower the values to block more spam Server > Antispam config, I use:- Discard, 10 Quarantine, 6 Spam, 3 Inspect the headers of your mail that has been passed to learn what spam score it was given. Outlook has its own inbuilt junk mail filter which is actually quite good, so it will tidy up the remaining few that pass through to the users inbox. Sun, 05 Feb 2012 15:09:26 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,37276/#37326 Hi Patrick, this is documented. Port 21 is for Home users folders, Port 2121 is the Flexshare FTP system AFAIK you can't hide folders which users do not have permission to access. There was a similar request on Samba shares just the other day... What FTP client are you using? not all are the same, and the permissions used in the root of the share can sometimes appear to restrictive - they effectively block some clients from getting a directory list. (For the gory details investigate how FTP clients discern what is a file and what's a directory) Sun, 05 Feb 2012 15:05:06 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37279/#37325 If you can access the webconfig via your mobile then in theory you can manage it. (Modern smart phones can do this fairly well) In reality ClearOS 5.2 is not designed with mobile web in mind. ClearOS 6.x however is! and the interface is inteded to be mobile compatible, i.e good on small screens. By the way not all the above features exist within ClearOS (yet?) so i'm not sure what your trying to achieve? Sun, 05 Feb 2012 15:02:43 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37321/#37324 Did you remember to re-open the firewall? Sun, 05 Feb 2012 15:02:22 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,26852/limit,10/limitstart,60/#37323 [code]yum install patch[/code]was all you needed :) Sun, 05 Feb 2012 14:59:20 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,37173/#37322 It can also be done if you know the source IP or the originating requests. Then create two rules (using the advanced firewall) for port 1194 but based on the Source IP for incoming traffic Sun, 05 Feb 2012 14:58:38 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,21/func,view/id,37321/#37321 I recently upgraded my clearbox from an old PIII PC to a newer P4 and restored my old settings. Now when I connect to PPTP VPN I can't access any of my devices on remote network. VPN shows active but when I try to login to my device it times out. No Remote Desktop access or web gui to my machines on remote network. Also all my static routes show not active all but one. Any idea what could be wrong? Sun, 05 Feb 2012 14:53:28 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,37300/#37320 I think the flexshare has to be the owner of the directory. Also your permissions are wrong... [code] -rw-r--r-- 1 pam allusers 18555 jun 22 2009 ReklameBoekjeSchool.odt [/code] The owner has read write access The group has read access Other has read access Allusers is the group. So you have to give the group also write access and if you want to execute the file you have to give these rights too. search for the chmod command... Sun, 05 Feb 2012 14:47:45 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36022/#37319 Hi Sir Who, This download server with this ip address gives you also trouble downloading the iso of ClearOS Enterprise? The reason why i ask this is because a other user reported problems with a other server. I will ping Peter. Sun, 05 Feb 2012 14:04:47 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37210/limit,10/limitstart,10/#37318 Nick Howitt wrote: Noooooooooooo. Please do not add an incoming rule. The port forward rule then cannot work. It is a port forward we are trying to achieve. I was just checking there was no conflicting incoming rule. Sorry Nick :-O Sun, 05 Feb 2012 13:52:11 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,36/func,view/id,37293/#37317 For other users the answer can be found here (http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,13353/limit,10/limitstart,10/#37315) Sun, 05 Feb 2012 13:50:07 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,13353/limit,10/limitstart,10/#37316 Thank you for sharing this information. Sun, 05 Feb 2012 13:47:15 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,13353/limit,10/limitstart,10/#37315 "A ClearOS subscription is required for each machine...our licensing is 'per server'. Volume discounts for more than 5 systems are available. In ClearOS 6, the managed VPN service will be available in the Marketplace separate to any other subscription...price is yet to be determined, but I would expect it to be less than $60/yr per server." Sounds like they are willing to talk if there are a significant number of systems. Sun, 05 Feb 2012 10:42:31 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,13353/limit,10/limitstart,10/#37314 Out of curiosity and so other people searching the forum can find out, what is the answer? Sun, 05 Feb 2012 09:29:24 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,13353/limit,10/limitstart,10/#37313 Sorry, the only reason is that I had emailed clear foundation (info@ I believe) almost 2 weeks ago, then emailed that again last week. Finally I emailed sales@, still no answer. So I have also been trying to find an answer by searching forums, posts, stackexchange, etc. I did finally receive an answer though, so thank you! Sun, 05 Feb 2012 09:23:16 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37210/limit,10/limitstart,10/#37312 This sound strange to me So the client knocks on the door to cleaos http://picasaweb.google.com/107997602221417938064/ClearOS#5705644855125946402 Then this is not working since my freenas is not handing out it IP? Saying that and while it is working from the inside I am puzzeld Sun, 05 Feb 2012 08:42:42 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37210/limit,10/limitstart,10/#37311 There is not mutch working for me at the moment. I am haveing difficulties event ta attach a file 2012-02-05 14:23:06 3760 3 Status: Connecting to 192.168.100.221:21... 2012-02-05 14:23:06 3760 3 Status: Connection established, waiting for welcome message... 2012-02-05 14:23:06 3760 3 Response: 220 ProFTPD 1.3.3e Server (freenas.local FTP Server) [::ffff:192.168.100.221] 2012-02-05 14:23:06 3760 3 Command: USER david 2012-02-05 14:23:06 3760 3 Response: 331 Password required for david 2012-02-05 14:23:06 3760 3 Command: PASS ******* 2012-02-05 14:23:06 3760 3 Response: 230-Welcome to FreeNAS FTP Server 2012-02-05 14:23:06 3760 3 Response: 230 User david logged in 2012-02-05 14:23:06 3760 3 Command: SYST 2012-02-05 14:23:06 3760 3 Response: 215 UNIX Type: L8 2012-02-05 14:23:06 3760 3 Command: FEAT 2012-02-05 14:23:06 3760 3 Response: 211-Features: 2012-02-05 14:23:06 3760 3 Response: MDTM 2012-02-05 14:23:06 3760 3 Response: MFMT 2012-02-05 14:23:06 3760 3 Response: TVFS 2012-02-05 14:23:06 3760 3 Response: UTF8 2012-02-05 14:23:06 3760 3 Response: MFF modify;UNIX.group;UNIX.mode; 2012-02-05 14:23:06 3760 3 Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*; 2012-02-05 14:23:06 3760 3 Response: LANG en-US* 2012-02-05 14:23:06 3760 3 Response: REST STREAM 2012-02-05 14:23:06 3760 3 Response: SIZE 2012-02-05 14:23:06 3760 3 Response: 211 End 2012-02-05 14:23:06 3760 3 Command: OPTS UTF8 ON 2012-02-05 14:23:06 3760 3 Response: 200 UTF8 set to on 2012-02-05 14:23:06 3760 3 Status: Connected 2012-02-05 14:23:06 3760 3 Status: Retrieving directory listing... 2012-02-05 14:23:06 3760 3 Command: PWD 2012-02-05 14:23:06 3760 3 Response: 257 "/" is the current directory 2012-02-05 14:23:06 3760 3 Command: TYPE I 2012-02-05 14:23:06 3760 3 Response: 200 Type set to I 2012-02-05 14:23:06 3760 3 Command: PASV 2012-02-05 14:23:06 3760 3 Response: 227 Entering Passive Mode (192,168,100,221,87,72). 2012-02-05 14:23:06 3760 3 Command: MLSD 2012-02-05 14:23:06 3760 3 Response: 150 Opening ASCII mode data connection for MLSD 2012-02-05 14:23:06 3760 3 Response: 226 Transfer complete 2012-02-05 14:23:06 3760 3 Status: Directory listing successful 2012-02-05 14:23:18 3760 3 Status: Disconnected from server 2012-02-05 14:23:18 3760 3 Status: Connecting to 31.13.15.47:21... 2012-02-05 14:23:38 3760 3 Error: Connection timed out 2012-02-05 14:23:38 3760 3 Error: Could not connect to server 2012-02-05 14:23:38 3760 3 Status: Waiting to retry... 2012-02-05 14:23:43 3760 3 Status: Connecting to 31.13.15.47:21.. Sun, 05 Feb 2012 08:29:24 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,13353/limit,10/limitstart,10/#37310 Scott wrote: What if I have 9 systems and want dynamicvpn on all, is that $80 each or $80 for the account? Scott, you're asking this question everywhere! Yesterday I sent an e-mail to accounts @ clearcenter.com suggesting they should reply to your e-mails. I also had another couple of questions and suggestions for them. Let us see if they reply. The forum is generally a self-help forum and the devs don't pop in there often. I don't even know if the devs have anything to do with their commercial team. Sun, 05 Feb 2012 08:28:26 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,7/func,view/id,37210/limit,10/limitstart,10/#37309 I have attached the filezilla log. I really do not not understand why this is not working. What am I doing wrong ? Sun, 05 Feb 2012 08:27:42 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,13353/limit,10/limitstart,10/#37308 What if I have 9 systems and want dynamicvpn on all, is that $80 each or $80 for the account? Sun, 05 Feb 2012 07:40:51 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,6874/limit,10/limitstart,10/#37307 hi Marcel van Leeuwen, How To ClearOS Report (Bandwith, Proxy and Control (shutdown, Etc), Etc) like Mikrotik via Mobilephone)?, any idea?, I has that idea. Sun, 05 Feb 2012 07:15:43 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,18/func,view/id,31829/#37306 Hi Mike a few questions: >Can you get other clients (i.e not XP) to connect ? >'tmpsrv' sounds like a server name- the domain name should be as under server>Windows Settings >is the server set up as a Primary Domain Controller ?, not simple file & print >how are you entering the user name- it should be in the format domain\winadmin I'm not sure where the logs go Andrew Sun, 05 Feb 2012 05:24:17 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,36022/#37305 Pinging download.clearfoundation.com [67.18.166.6] with 32 bytes of data: Reply from 67.18.166.6: bytes=32 time=527ms TTL=53 Reply from 67.18.166.6: bytes=32 time=408ms TTL=53 Reply from 67.18.166.6: bytes=32 time=355ms TTL=53 Reply from 67.18.166.6: bytes=32 time=283ms TTL=53 Ping statistics for 67.18.166.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 283ms, Maximum = 527ms, Average = 393ms Sun, 05 Feb 2012 00:04:50 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,35/func,view/id,37304/#37304 Hi everyone My Wireless ISP is closing down our local tower, and I have the choice of migrating to 3G, or nothing. Rather than moving to 3G or losing my net entirely I wanted to setup a long-range wifi link through a public open AP. I have two 800mhz, 512mb RAM, 4gb CF thin clients with Ethernet and PCI wifi cards and wanted to link these both to the open AP and run a VPN tunnel through the wireless link. On the side with net I wanted to install a download manager to be remotely controlled and shared on that LAN, on the other side I wanted to setup a transparent proxy, both of these are to minimize data throughput to the essential over the VPN. ClearOS appears to be a viable solution for this problem as both hardware constraints and a bittorrent client appear to be included transmission (http://www.clearfoundation.com/docs/howtos/transmission_bittorrent_client). (a remote controllable download manager for other files would also be nice, but not required if anyone can recommend) My first issue is with linking into the wifi network, clearOS does not appear to allow client mode on the wifi cards on either machine, the only post I could find (http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,25821/li) relating to client connection to an existing wifi network mentioned trouble with double NAT, but did not assist in establishing the aforementioned link. Does anyone have experience in a setup of this type either with ClearOS or another linux distribution that would likely satisfy the software and hardware constraints of my setup? Sat, 04 Feb 2012 23:35:17 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,37303/#37303 Hi Guys I am just wondering if clearos can just be a spam/anti virus gateway for my external mail server? Also if it can are my customers allowed to login to the clearos to manage there spam settings any chance? Because my mail server is on Iredmail basically based on postfix/mysql/dovecot. Thanks Tim Sat, 04 Feb 2012 22:44:43 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37302/#37302 hey all, the default content filter list is for all users, but i made a custom list, and i can't get that quiet right, i turned my proxy into transparent mode, but i gotta select users for custom lists? but i don't authenticate, so that is quiet worthless, and so is my custom made list ;( how can i make this list work for any user? although i am still new to this: - finally learned how to edit files - :) just don't go too fast with your technical english ;) Sat, 04 Feb 2012 18:21:24 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,37238/#37301 select/edit the list you want to remove, at the bottom of the page is says Extension/MIME Site Lists Phrase Lists Blacklists Users Use the SHIFT or CTRL key to select multiple users. under that list it has 2 buttons: update and delete hit delete, then confirm, and done :) Sat, 04 Feb 2012 18:16:45 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,13/func,view/id,37300/#37300 We need to have multiple users working on the same files. I created a new flexshare owned bij group all containing multiple users. All the other settings default (=permissions Read - Write) When one user copies files to the share the other users can see that file but they are in read only mode. When I verify the directory, I see the group used is allusers (a builtin one), not the one that is used to create the share and the group rights are read only. This is not what I expected. [root@cc all]# ls -all totaal 152 drwxrwxr-x 3 flexshare all 4096 feb 4 23:51 . drwxr-xr-x 5 root root 4096 feb 4 23:34 .. -rw-r--r-- 1 pam allusers 16531 apr 26 2009 DoopAbel.odt -rw-rw-r-- 1 pam allusers 12292 feb 4 23:51 .DS_Store -rw-r--r-- 1 pam allusers 18555 jun 22 2009 ReklameBoekjeSchool.odt -rw-r--r-- 1 bru allusers 4096 feb 4 23:51 ._Testfax.pages -rw-r--r-- 1 bru allusers 71378 mrt 12 2010 Testfax.pages drwxrwxr-x 4 pam allusers 4096 feb 4 23:51 .trash How do I get it to do what I want , everyone in the group read-write? it may be related to the way osx is setting the rights, above you see differences in the way the hidden files are made also. Sat, 04 Feb 2012 17:56:19 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,30915/limit,10/limitstart,10/#37299 Have been using this guide to get it running on Clearos 5.1. http://forums.plexapp.com/index.php/topic/29038-guide-plex-935-centos/ It runns, but needs some hardware to transcode. Have problem to get subtile to run. :-( Sat, 04 Feb 2012 16:47:07 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,40/func,view/id,25117/limit,10/limitstart,20/#37298 I did every thing in the instructions and im getting log in box still and I cant see the option in the webui for turning it on and off. Can someone help please? Sat, 04 Feb 2012 16:12:22 -0500 http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,37/func,view/id,7770/#37297 Thanks for this help. But I can't start nfs : [code][root@home etc]# service nfs restart Shutting down NFS mountd: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS quotas: [ OK ] Shutting down NFS services: [ OK ] Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] Starting RPC idmapd: Error: RPC MTAB does not exist. [/code] Any idea of RPC MTAB is or where it should be ? Created empty fle /etc/mtab provided a entry /etc/exports : [code]/home/my_test 10.0.0.193(rw,sync,no_root_squash)[/code] Sat, 04 Feb 2012 15:39:44 -0500