Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 05:43:16 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  Installation Support
| | |-+  [SOLVED] Just one NIC on Green for HTTP Proxy - GUI unreachable
0 Members and 10 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: [SOLVED] Just one NIC on Green for HTTP Proxy - GUI unreachable  (Read 70359 times)
jzardo
Jr. Member
*
Offline Offline

Posts: 2


« on: Thursday 31 May 2012, 04:33:55 am »

Hello All,

I´m trying to use Endian 2.5.1 with one NIC just for a HTTP Proxy/Filter behind a firewall. Green address is 10.2.0.250/24 and gateway is 10.2.0.254/24.

Install finishs Ok and I can acess GUI and run wizard. In the wizard I choose GATEWAY mode:

Install DOCs says:

"If you require a configuration where you will not need a Red (WAN) interface, you can select Gateway as the connection type and this will allow you to deploy the Endian in a semi-transparent configuration. This option will allow you to deploy the Endian into a network using the Green (LAN) interface as your primary network connection and using an existing gateway that lives within the Green network"

After Wizard is finished and services is restarted, I lost GUI access. Browsers just timeout before asking for credentials.

If I login with SSH, network and default gateway is correct (route -n) and I can ping to/from the box for remote sub-networks wich tells me networking/routing is Ok.

I do not want to put 2nd NIC just for a fake RED uplink/gateway in another logical IP network as this will have a management overhead.

Anybody had this issue before? Is it resolved?

Thanks in advance.

Kind regards,

Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #1 on: Monday 04 June 2012, 05:32:42 pm »

Did you checked the forum ? You'll find your answer by searching keywords "gateway" or "NAT" or "zone"...

Quote
Anybody had this issue before? Is it resolved?

There is no issue with the gateway mode option...
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #2 on: Tuesday 05 June 2012, 03:11:50 am »

Check System access firewall settings. Maybe you lock out your firewall from your GREEN LAN.
Almost all configs are located in /var/efw. Check System access on /var/efw/xtaccess/config file
Edit to your needs and reboot.
If still you can't get to GUI, use https://FIREWALLIP:10443

Gateway uplinks works OK, it isn't a problem/known bug.
Logged
jzardo
Jr. Member
*
Offline Offline

Posts: 2


« Reply #3 on: Tuesday 05 June 2012, 11:13:07 pm »

Hi kashifmax and mrkroket

Thanks for helping. Yes I checked forum and a brazilian forum and found nothing.

I also looked into /var/efw/xtaccess/config and it is fine.

I found a workaround. Hope can help some one else:

In the wizard, affter install, if I put the same green IP as gateway IP system access works and then I can login. After that I go to network configuration again and change gateway to the correct IP address.

Kind regards,

JZardo
Logged
Milkwerm
Jr. Member
*
Offline Offline

Posts: 6


« Reply #4 on: Wednesday 04 July 2012, 06:51:47 am »

I'm getting the exact same problem trying to setup Endian2.5.1 with one NIC in VMware (ESXi)

the work-around mentioned doesnt seem to work for me..

I can open the console and ping out by IP address, but i get no name resolution and the green interface doesnt reply to ping from my desktop
Logged
j2mc
Jr. Member
*
Offline Offline

Posts: 1


« Reply #5 on: Sunday 22 July 2012, 10:55:42 am »

Same issue here, by putting in the same address for the gateway it does let me get into the web config again, but as soon as I change the gateway address to the correct one I lose access again.  I've disabled the outgoing and inter-zone firewalls and it didn't help.

Any other ideas?  Obviously this is a problem as a quick search finds several threads with the same problem and no answers.
Logged
zcbett
Jr. Member
*
Offline Offline

Posts: 1


« Reply #6 on: Friday 31 August 2012, 06:55:02 am »

Hi all,

Same issue here. When conf with just one NIC and the gw for RED zone is on the same network of GREEN zone i can't login into GUI.
Help !!!!
Logged
cricido
Jr. Member
*
Offline Offline

Posts: 4


« Reply #7 on: Thursday 18 October 2012, 02:26:59 am »

solved HuhHuh where is the solution?
Logged
office_oit
Jr. Member
*
Offline Offline

Posts: 7


« Reply #8 on: Saturday 23 February 2013, 01:37:53 am »

up!

i really NEED squash this bug! just hang up un a network with ip 192.168.2.x:
like other situations, after first configuration, set ip address of default gateway same as green ip and after set the correct one i lose green access!
Logged
blitzspear
Jr. Member
*
Offline Offline

Posts: 1


« Reply #9 on: Saturday 06 April 2013, 02:37:10 am »

I found on VMware creating a virtual machine and then having only one interface to use just the PROXY caused an issue where it couldn't be configured from anywhere UNLESS you were on the same subnet for the interface.

It appears that this is due to the DEFAULT GATEWAY not being set, so I worked out this way of always getting it to work.
Using VICLIENT to see the console and enter into the shell
Press 0 to get into the shell (press return after each command). After login it will ask for root password default is 'endian'

login
ifconfig br0 192.168.1.100/24
route add default gw 192.168.1.254
exit

CHANGE 192.168.1.100 and 192.168.1.254 to YOUR specific IP and GATEWAY
This will bring you back to the console screen in VICLIENT with the settings configured.
Due to not committing these changes if you reboot or restart it will go back to default 192.168.0.15.

Once you exit above use a web browser to configure and use GATEWAY mode on the RED interface.
All changes will be committed by using the web interface.

Hope this helps.
Blitzspear
Logged
lands.wilmoth
Jr. Member
*
Offline Offline

Posts: 1


« Reply #10 on: Thursday 02 May 2013, 08:43:43 am »

I am having this problem, I think. My setup is as follows:

Standard router
- WAN to cable modem
- LAN IP 192.168.1.1

Windows 2012 server (w/ single NIC)
- LAN IP static 192.168.1.7
- DHCP server (gateway = 192.168.1.1; DNSs 192.168.1.7)

Virtual machine w/ Endian Firewall Community 2.5.1
- LAN IP static 192.168.1.9 (green zone)
- Gateway mode

I experience the same "loss of GUI" symptom after I initially install the product, login to the GUI, and setup the green as above. I set the mode to gateway and point it to 192.168.1.1. After I confirm changes and reboot, I have no GUI access. But I can still ping to 192.168.1.9 (endian) from any other computer. I can also ping OUT from 192.168.1.9 to external servers like google.com.

My goal is to have endian as the "middle man," i.e. that my DHCP server (192.168.1.7) tells all the DHCP clients that endian (192.168.1.9) is the gateway. So they all go to that first. Then endian will relay traffic to the router (192.168.1.1) but only AFTER doing web filtering which is the hole purpose of using endian.

But losing GUI access kind of makes any further tweaking impossible with my limited knowledge. Any ideas or suggestions?

Thanks.
Logged
office_oit
Jr. Member
*
Offline Offline

Posts: 7


« Reply #11 on: Tuesday 09 July 2013, 07:49:18 pm »

this is the log after reconfiguration & relative gui FAIL

i regain temporarily gui adding ifconfig br0 192.168.0.10/24

i see ifplugd failed  but i don't know how to manage it


Jul 9 11:40:28 sudo nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ifplugstatus
Jul 9 11:40:47 sudo root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/monit status
Jul 9 11:40:49 sudo nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ifplugstatus
Jul 9 11:40:56 sudo nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ifplugstatus
Jul 9 11:41:06 sudo nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ifplugstatus
Jul 9 11:41:06 sudo nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ifplugstatus
Jul 9 11:41:19 sudo nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ifplugstatus
Jul 9 11:41:19 sudo nobody : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/etc/rc.d/rc.netwizard.reload
Jul 9 11:41:21 uplink[main] Stopping Uplink 'main'
Jul 9 11:41:21 uplink[main] Uplink 'main' status: 'OFFLINE'
Jul 9 11:41:21 uplink[main] Successfully shut down link 'main'
Jul 9 11:41:22 kernel [ 1866.426221] br0: port 1(eth0) entering disabled state
Jul 9 11:41:22 kernel [ 1866.430619] br0: port 1(eth0) entering disabled state
Jul 9 11:41:22 kernel [ 1866.976642] eth0: Using EEPROM-set media 100baseTx-FDX.
Jul 9 11:41:23 kernel [ 1867.255692] br0: port 1(eth0) entering learning state
Jul 9 11:41:24 ifplugd(br0)[12403] ifplugd 0.28 initializing.
Jul 9 11:41:24 ifplugd(br0)[12403] Using interface br0/00:15:5D:01:90:00 with driver  (version: 2.3)
Jul 9 11:41:24 ifplugd(br0)[12403] Using detection mode: SIOCETHTOOL
Jul 9 11:41:24 ifplugd(br0)[12403] Initialization complete, link beat detected.
Jul 9 11:41:24 ifplugd(br0)[12403] Executing '/etc/ifplugd/ifplugd.action br0 up'.
Jul 9 11:41:24 ntpd[4108] Listen normally on 15 br0 192.168.0.252 UDP 123
Jul 9 11:41:24 ntpd[4108] Deleting interface #14 br0, 192.168.0.10#123, interface stats: received=0, sent=0, dropped=0, active_time=847 secs
Jul 9 11:41:24 ntpd[4108] peers refreshed
Jul 9 11:41:24 ntpd[4108] new interface(s) found: waking up resolver
Jul 9 11:41:24 ifplugd(br0)[12403] client: Notify uplinks daemon: [FAILED]
Jul 9 11:41:24 ifplugd(br0)[12403] Program execution failed, return value is 1.
Jul 9 11:41:27 kernel [ 1871.255018] br0: port 1(eth0) entering forwarding state
Jul 9 11:41:30 dnsmasq[9840] no servers found in /etc/dnsmasq/resolv.conf, will retry
Jul 9 11:41:30 dnsmasq[9840] exiting on receipt of SIGTERM
Jul 9 11:41:31 dnsmasq[12923] started, version 2.47 cachesize 2048
Jul 9 11:41:31 dnsmasq[12923] compile time options: IPv6 GNU-getopt no-DBus no-I18N TFTP
Jul 9 11:41:31 dnsmasq[12923] no servers found in /etc/dnsmasq/resolv.conf, will retry
Jul 9 11:41:31 dnsmasq[12923] read /etc/hosts - 5 addresses
Jul 9 11:41:31 dnsmasq[12923] read /etc/openvpn/dnsmasq.hosts.conf - 0 addresses
Jul 9 11:41:34 uplink[main] Starting Uplink 'main'
Jul 9 11:41:34 uplink[main] Notify uplinks daemon about status change of uplink 'main'. Status id OK
Jul 9 11:41:34 uplink[main] Uplink 'main' status: ''
Jul 9 11:41:34 syslog-ng[10163] Termination requested via signal, terminating; 
Jul 9 11:41:34 syslog-ng[10163] syslog-ng shutting down; version='2.0.10'
Jul 9 11:41:35 syslog-ng[13323] syslog-ng starting up; version='2.0.10'
Jul 9 11:41:44 dnsmasq[12923] read /etc/hosts - 5 addresses
Jul 9 11:41:44 dnsmasq[12923] overflow: 2 log entries lost
Jul 9 11:41:44 dnsmasq[12923] using nameserver 8.8.8.8#53
Jul 9 11:41:44 dnsmasq[12923] using nameserver 192.168.0.50#53
Jul 9 11:41:46 ntpd[4108] Listen normally on 16 br0 192.168.0.10 UDP 123
Jul 9 11:41:46 ntpd[4108] Deleting interface #15 br0, 192.168.0.252#123, interface stats: received=0, sent=0, dropped=0, active_time=22 secs
Jul 9 11:41:46 ntpd[4108] peers refreshed
Jul 9 11:41:46 ntpd[4108] new interface(s) found: waking up resolve

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.156 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com