I would like to configure Nethserver for a lan network with 2 NICs: eth0 (192.168.2.253), for the lan (green) and eth1(10.1.50.1) for the internet (red).
The clients receive their ips (reservation) and I want that my server can download the blacklist of Toulouse by cron (I’m french).
Also, I want that an unknown client, without reservation, obtain an ip (ok with the dhcp’s range 192.168.2.1 to 192.168.2.78) but also that he can’t go to the web. That’s OK if I block the traffic to internet (red interface).
When I ping 8.8.8.8 or 10.1.50.50, from the server, I’ve this error: icmq_seq=1 Destination Host Unreachable. I come from Zentyal and I did not have this problem…
What must I add or change to allow the server to ping 8.8.8.8 or my dongle3G (10.1.50.50) whithout creating rules to accept any every where.
ping 10.1.50.50 is ok with this rules:
I joined some additionnal screenshots to show you my configuration.
@sitz, I installed:
backup, bandwith, monitor, basic firewall, dns and DHCP server, file server, intrusion prevention system, web filter and web proxy (with nethserver-lightsquid).
modules you have installed are right.
When you try to ping an external host such as 8.8.8.8 the ping is from NethServer or from a LAN client?
Are you able to connect a client (PC or Notebook) with an hub/swicth in the red zone and assign to it an IP in the class eg. 10.1.50.2/24 then try to ping 8.8.8.8 from this client?
What you are experiencing is an anomalous behavior.
@sitz,
When you try to ping an external host such as 8.8.8.8 the ping is from NethServer or from a LAN client?
=> with Firewall rules|configure|Traffic to internet Blocked and the rule any/any disabled, the ping 8.8.8.8 or 10.1.50.50 results Destination Host Unreachable.
If I change Traffic to internet to “Allowed” or I enable the rule, the ping 8.8.8.8 and 10.1.50.50 are OK (no packet lost).
Are you able to connect…
=> No problem if I remove the Nethserver and connect the dongle3G (red zone) and the client (10.1.50.2) to the switch. Ping 8.8.8.8 is OK…!
I’m agree with you, this is strange…
@alefattorini,
I removed the gateway on Green Lan (eth0), ping 10.1.50.50 is OK if I allow or enable the rule (any/any). Same result as above (unreachable) if I block the traffic or disable the rule…
Then, if someone wants spend (or lose) time for me, I’ll format and reinstall my config. What are the steps, the order, what do I plug in, what do I inquire for eth0 , eth1 etc …?
What I want (who is probably easy for you but obviously not for me…)
Configure Nethserver for a lan network. I want that an unknown client, without reservation, obtain an ip but also that he can’t go to the web whithout authorization (firewall’rules).
My hardware:
2 NICs (1 for lan and 1 for the dongle3G (only to test before deploying), 1 switch, and 1 client…
Hi @cyberfrk I want to spend (not to lose) time with you!
You don’t need firewall rules just install firewall module and proxy web modules.
Within Proxy Web configuration you can block traffic for clients on your LAN.
I’ve followed your advice
After many changes and tests, here is my configuration where “all” is ok. The client with no reservation obtain an @ip in the DHCP and my server can install nethserver’s packages and update the blacklist:
Remplace the gateway 10.1.50.1 by 192.168.2.253.
Create an “IP ranges” in Firewall objects who’s the same as the range of DHCP server. And 2 rules:
rule 1 drop from rangeDHCP to interface red, any service
rule 2 accept from any host to interface red, service any service
The server is “Primary Domain Controller”, my client as joined the domaine without problem.
Now, I would like to filter, allow and deny the web surfing for the users depending several filter (strict, permissive and others) but with no really success. I think the only the default (filter) is used…
