I would like to configure Nethserver for a lan network with 2 NICs: eth0 (192.168.2.253), for the lan (green) and eth1(10.1.50.1) for the internet (red).
The clients receive their ips (reservation) and I want that my server can download the blacklist of Toulouse by cron (Iām french).
Also, I want that an unknown client, without reservation, obtain an ip (ok with the dhcpās range 192.168.2.1 to 192.168.2.78) but also that he canāt go to the web. Thatās OK if I block the traffic to internet (red interface).
When I ping 8.8.8.8 or 10.1.50.50, from the server, Iāve this error: icmq_seq=1 Destination Host Unreachable. I come from Zentyal and I did not have this problemā¦
What must I add or change to allow the server to ping 8.8.8.8 or my dongle3G (10.1.50.50) whithout creating rules to accept any every where.
ping 10.1.50.50 is ok with this rules:
I joined some additionnal screenshots to show you my configuration.
@sitz, I installed:
backup, bandwith, monitor, basic firewall, dns and DHCP server, file server, intrusion prevention system, web filter and web proxy (with nethserver-lightsquid).
modules you have installed are right.
When you try to ping an external host such as 8.8.8.8 the ping is from NethServer or from a LAN client?
Are you able to connect a client (PC or Notebook) with an hub/swicth in the red zone and assign to it an IP in the class eg. 10.1.50.2/24 then try to ping 8.8.8.8 from this client?
What you are experiencing is an anomalous behavior.
@sitz,
When you try to ping an external host such as 8.8.8.8 the ping is from NethServer or from a LAN client?
=> with Firewall rules|configure|Traffic to internet Blocked and the rule any/any disabled, the ping 8.8.8.8 or 10.1.50.50 results Destination Host Unreachable.
If I change Traffic to internet to āAllowedā or I enable the rule, the ping 8.8.8.8 and 10.1.50.50 are OK (no packet lost).
Are you able to connectā¦
=> No problem if I remove the Nethserver and connect the dongle3G (red zone) and the client (10.1.50.2) to the switch. Ping 8.8.8.8 is OKā¦!
Iām agree with you, this is strangeā¦
@alefattorini,
I removed the gateway on Green Lan (eth0), ping 10.1.50.50 is OK if I allow or enable the rule (any/any). Same result as above (unreachable) if I block the traffic or disable the ruleā¦
Then, if someone wants spend (or lose) time for me, Iāll format and reinstall my config. What are the steps, the order, what do I plug in, what do I inquire for eth0 , eth1 etc ā¦?
What I want (who is probably easy for you but obviously not for meā¦)
Configure Nethserver for a lan network. I want that an unknown client, without reservation, obtain an ip but also that he canāt go to the web whithout authorization (firewallārules).
My hardware:
2 NICs (1 for lan and 1 for the dongle3G (only to test before deploying), 1 switch, and 1 clientā¦
Hi @cyberfrk I want to spend (not to lose) time with you!
You donāt need firewall rules just install firewall module and proxy web modules.
Within Proxy Web configuration you can block traffic for clients on your LAN.
Iāve followed your advice
After many changes and tests, here is my configuration where āallā is ok. The client with no reservation obtain an @ip in the DHCP and my server can install nethserverās packages and update the blacklist:
Remplace the gateway 10.1.50.1 by 192.168.2.253.
Create an āIP rangesā in Firewall objects whoās the same as the range of DHCP server. And 2 rules:
rule 1 drop from rangeDHCP to interface red, any service
rule 2 accept from any host to interface red, service any service
The server is āPrimary Domain Controllerā, my client as joined the domaine without problem.
Now, I would like to filter, allow and deny the web surfing for the users depending several filter (strict, permissive and others) but with no really success. I think the only the default (filter) is usedā¦
