This is place to learn how to configure your network, hostname and DNS servers.
The ClearOS system can run in one of three different modes:
- Standalone Mode - No firewall - for a standalone server without a firewall (for example, a file server)
- Standalone Mode - for a standalone server with a firewall (for example, a public web server)
- Gateway - for connecting your LAN, DMZ, and/or HotLAN to the Internet
A hostname is the full name of your system. If you have your own domain, you can use a hostname like gateway.example.com, mail.example.com, etc. If you do not have your own domain then you can use one of the free dynamic DNS hostnames provided by the ClearSDN. Alternatively, you can also make one up: gateway.lan, mail.lan. The hostname does require at least one period (.)
On DHCP and DSL/PPPoE connections, the DNS servers will be configured automatically for your IP Settings. In these two types of connections there is no reason to set your DNS servers. Users with static IP addresses should use the DNS servers provided by your Internet Service Provider (ISP). If you are using Multi-WAN, please review the documentation on the topic of DNS servers.
When configuring a network interface, the first thing you need to consider is the network role in IP Settings. Will this network card be used to connect to the Internet, for a local network, for a network with just server systems? The following network roles in IP Settings are supported in ClearOS and are described in further detail in the next sections:
- External - network interface with direct or indirect access to the Internet
- LAN - local area network
- Hot LAN - local area network for untrusted systems
- DMZ - de-militarized zone for a public network
The external role provides a connection to the Internet. On a ClearOS system configured as a gateway, the external role is for your Internet connection. On a ClearOS system configured in standalone mode, the external role is for connecting to your local area network.
On ClearOS, you can have more than one external interface configured for load balancing and automatic failover. See the Multi-WAN section of the user guide for details.
The LAN (local area network) role provides network connectivity for your desktops, laptops and other network devices. LANs should be configured with an IP address range of 192.168.x.x or 10.x.x.x. For example, you can configure your ClearOS LAN interface with the following settings:
- IP: 192.168.1.1
- Netmask: 255.255.255.0
In this example, all systems on your LAN would have IP addresses in the range of 192.168.1.2 to 192.168.1.254.
Hot LAN (or “Hotspot Mode”) allows you to create a separate LAN network for untrusted systems. Typically, a Hot LAN is used for:
- Servers open to the Internet (web server, mail server)
- Guest networks
- Wireless networks
A Hot LAN is able to access the Internet, but is not able to access any systems on a LAN. As an example, a Hot LAN can be configured in an office meeting room used by non-employees. Users in the meeting room could access the Internet and each other, but not the LAN used by company employees.
The firewall port forwarding page in webconfig is used to forward ports to both LANs and Hot LANs.
In ClearOS, a DMZ interface is for managing a block of public Internet IP addresses. If you do not have a block of public IP addresses, then use the Hot LAN role of your IP Settings. A typical DMZ setup looks like:
- WAN: An IP addresses for connecting to the Internet
- LAN: A private network on 192.168.x.x
- DMZ: A block of Internet IPs (e.g from 184.108.40.206 to 220.127.116.11)
Webconfig has a DMZ firewall configuration page to manage firewall policies on the DMZ network.
ClearOS supports virtual IPs. To add a virtual IP address, click on the link to configure a virtual IP address and add specify the IP Address and Netmask. You will also need to create advanced firewall rules if the virtual IP is on the Internet.
In most installs, the network cards and IP settings will work straight out of the box. However, getting the network up the first time can be an exercise in frustration in some circumstances. Issues include;
- Network card compatibility
- Invalid networks settings (username, password, default gateway)
- Finicky cable/DSL modems that cache network card hardware information
Here are some helpful advanced tools and tips to diagnose a network issue from the command line: