Thanks for explaining. Unfortunately I’m a bit unfamiliar with the network configuration in NethServer. Last time I tried to modify it to deal with the red / green warnings, I lost access to the server and had to recover via console.
If you have a minute, can you look at the settings below and tell me if there is some issue? Is it a security problem to “connect red and green to the same switch/network”?
It’s a wrong configuration that leads to problems.
What do you want to achieve with connecting red and green to the same network?
Usually, when Nethserver acts as gateway it uses at least a red WAN interface and a green LAN one.
If you want to use Nethserver as server just use the green interface.
I wasn’t intending to do any special configuration. My goal is to just have my NethServer as a standalone server sitting on a VPS. I pretty much just went through the basic setup, and probably accidentally changed some things I should not have changed.
I just read that document page, and it makes me think there is potentially a pretty big security issue then. The green network is currently showing my WAN IP, other than this I only have a disabled blue network.
If I understand correctly, the risk shouldn’t be too big, that WAN is considered “green”, because my NethServer isn’t acting as a firewall or handling networks for any other servers.
However, it seems that it would be best to add a Green interface with a static local IP (like 127.0.0.1 ?) and then change the existing Green interface with my WAN IP to a Red interface. Am I understanding correctly, or will this totally break my server?
Thanks - I’ll separate the network issue into another task.
I tried the Shorewall config and I still get spam. I have also adjusted my main eth (with a WAN IP) to be red and added another green interface for LAN.
Thanks to @mrmarkuz for helping figure this one out. I’m doing my hosting on Hetzner, and it seems they do some customizations to the base CentOS image which can conflict with NethServer (more on that later).
The CentOS image on Hetzner makes a change to the standard Kernel logging settings which causes Shorewall messages to be put directly in the console, instead of in /var/log/messages where they belong.
To fix it, edit /etc/sysctl.conf and add this at the end: