How to configure nethserver with 2 NICs


I would like to configure Nethserver for a lan network with 2 NICs: eth0 (, for the lan (green) and eth1( for the internet (red).

The clients receive their ips (reservation) and I want that my server can download the blacklist of Toulouse by cron (I’m french).

Also, I want that an unknown client, without reservation, obtain an ip (ok with the dhcp’s range to but also that he can’t go to the web. That’s OK if I block the traffic to internet (red interface).

When I ping or, from the server, I’ve this error: icmq_seq=1 Destination Host Unreachable. I come from Zentyal and I did not have this problem…
What must I add or change to allow the server to ping or my dongle3G ( whithout creating rules to accept any every where.
ping is ok with this rules:

I joined some additionnal screenshots to show you my configuration.

Thanks a lot

Hi @cyberfrk

just a question: could you post list of modules/features that you have installed from Software center section or take a screnshot of it?

I would like to help you but I need this additional information.

@sitz, I installed:
backup, bandwith, monitor, basic firewall, dns and DHCP server, file server, intrusion prevention system, web filter and web proxy (with nethserver-lightsquid).


Hi @cyberfrk

modules you have installed are right.
When you try to ping an external host such as the ping is from NethServer or from a LAN client?
Are you able to connect a client (PC or Notebook) with an hub/swicth in the red zone and assign to it an IP in the class eg. then try to ping from this client?

What you are experiencing is an anomalous behavior.

Try to remove gateway on Green Lan (eth0) and re-try ping to


When you try to ping an external host such as the ping is from NethServer or from a LAN client?
=> with Firewall rules|configure|Traffic to internet Blocked and the rule any/any disabled, the ping or results Destination Host Unreachable.
If I change Traffic to internet to “Allowed” or I enable the rule, the ping and are OK (no packet lost).

Are you able to connect…
=> No problem if I remove the Nethserver and connect the dongle3G (red zone) and the client ( to the switch. Ping is OK…!
I’m agree with you, this is strange… :frowning:

I removed the gateway on Green Lan (eth0), ping is OK if I allow or enable the rule (any/any). Same result as above (unreachable) if I block the traffic or disable the rule…

Where is the problem ?!
Do you want some logs?

Then, if someone wants spend (or lose) time for me, I’ll format and reinstall my config. What are the steps, the order, what do I plug in, what do I inquire for eth0 , eth1 etc …?

What I want (who is probably easy for you but obviously not for me…) :frowning:
Configure Nethserver for a lan network. I want that an unknown client, without reservation, obtain an ip but also that he can’t go to the web whithout authorization (firewall’rules).

My hardware:
2 NICs (1 for lan and 1 for the dongle3G (only to test before deploying), 1 switch, and 1 client…

Thks a lot!

Hi @cyberfrk I want to spend (not to lose) time with you! :wink:

You don’t need firewall rules just install firewall module and proxy web modules.
Within Proxy Web configuration you can block traffic for clients on your LAN.

Check this


I’ve followed your advice
After many changes and tests, here is my configuration where “all” is ok. The client with no reservation obtain an @ip in the DHCP and my server can install nethserver’s packages and update the blacklist:
Remplace the gateway by
Create an “IP ranges” in Firewall objects who’s the same as the range of DHCP server. And 2 rules:
rule 1 drop from rangeDHCP to interface red, any service
rule 2 accept from any host to interface red, service any service

The server is “Primary Domain Controller”, my client as joined the domaine without problem.
Now, I would like to filter, allow and deny the web surfing for the users depending several filter (strict, permissive and others) but with no really success. I think the only the default (filter) is used…

I will create a new post.
Thks for all