ClearOS is an operating system based on CentOS for use in small and medium enterprises as a network gateway and network server with a web-based administration interface.
ClearOS in Gateway mode acts as a firewall, gateway and server on a local network. The tutorial provides installation and configuration steps for deployement of ClearOS on QEMU VM. We will later connect ClearOS QEMU VM into GNS3 network topology in order to test features such as application traffic filtering and transparent proxy with user authentication.
Software Used:
Host OS: Kubuntu Linux 18.04.1 LTS with Qemu 3.0.0 installed and kvm-intel module loaded
Guest OS: ClearOS 7.5.0 x86_64
1. Preparing Host Network Infrastructure
As we are going to install ClearOS guest QEMU VM in a gateway mode, your host should have two network adapters available. (Picture 1). In our case, the first ClearOS guest network interface ens3 will be defined as LAN type during ClearOS installation. The second guest interface ens4 will be defined as External and used for connection to SOHO network. We will bridge the interface ens4 with the host interface enp4s0f2 using iproute utility. But first, we need to create tap interfaces tap0 and tap1 with the script below.
Picture 1 - Host Connection
for interface in tap0 tap1 enp4s0f2; do
sudo ip tuntap add dev "$interface" mode tap user $(whoami);
sudo ip link set dev "$interface" up;
done
The host interface tap0 is bridged with the first guest interface (ens3) by Qemu emulator when ClearOS image is started. Similarly, the interface tap1 is bridged with the second guest interface (ens4). In order to let ClearOS to check availability of Google DNS servers during the configuration phase (Part 3), we must bridge the interface tap1 with the host Ethernet card enp4s0f2. In order to do it, we will create the bridge bridge0 and add the tap1 and enp4s0f2 interfaces to the bridge0. It ensures that we can do online registration of ClearOS system during the configuration phase and updates will be downloaded.
$ sudo ip link add dev bridge0 type bridge
$ sudo ip link set dev bridge0 up
$ sudo ip link set dev tap1 master bridge0
$ sudo ip link set dev enp4s0f2 master bridge0
Check if the interfaces tap1 and enp4s0f2 are attached to the bridge0.
$ brctl show bridge0
Picture 2 - Checking Bridge Interface bridge0
Note: In order to connect your host to the Internet, you have to configure the IP address for the interface bridge0. If DHCP is working in your network, just type the command:
$ sudo dhclient bridge0
2. ClearOS Installation
Download ClearOS ISO image.
$ wget http://mirror1-amsterdam.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso
Create a new empty Qemu disk.
$ /usr/local/bin/qemu-img create -f vmdk ClearOS.img 50G
Installation is pretty straightforward. Start a new blank image with the two guest interfaces attached to tap interfaces.
$ /usr/local/bin/qemu-system-x86_64 -m 2048M -enable-kvm \
-boot d -cdrom ClearOS-DVD-x86_64.iso ClearOS.img \
-netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
-device e1000,netdev=net0,mac=00:11:22:33:44:00 \
-netdev tap,id=net1,ifname=tap1,script=no,downscript=no \
-device e1000,netdev=net1,mac=00:11:22:33:44:01
Note: According to documentation, RAM 2GB and CPU 3GHZ can cover 50-250 users.
The installation process begins (Picture 3).
Picture 3 - First Installation Window
a) Select Install ClearOS
b) Select language that you want to use during installation - English (US)
c) Navigate to INSTALLATION DESTINATION and click the hard disk icon to select HDD.
d) Click Done button
e) Click Begin Installation
f) Set root password clicking Root Password: root/root
Once installation process is finished, shutdown your new virtual machine.
3. ClearOS Configuration
Firstly, assign the IP address to the interface tap0 that is going to be used for ClearOS VM management.
$ sudo ip address add 192.168.1.1/24 dev tap0
Start the installed ClearOS QEMU VM with the command below. You can check the boot progress in QEMU window. When the login window appears, login with your credential that you have set up during installation.
$ /usr/local/bin/qemu-system-x86_64 -m 2048M -enable-kvm ClearOS.img \
-netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
-device e1000,netdev=net0,mac=00:11:22:33:44:00 \
-netdev tap,id=net1,ifname=tap1,script=no,downscript=no \
-device e1000,netdev=net1,mac=00:11:22:33:44:01
You will be prompted to set the IP address for ClearOS image (Picture 4). Click the button Configure Network Now.
Picture 4 - Configuring Network Settings
Click Edit button and configure the Gateway mode and the interfaces ens3 and ens4 (Picture 5). Configure DNS servers as well.
Picture 5 - Configuring IP Address for Interfaces ens3 and ens4
Once we configure the static IP address for the interface ens3, we can ping the LAN interface of ClearOS (192.168.1.254) from Kubuntu Linux. Now, use your web browser to connect to the appliance using url https://192.168.1.254:81. Enter the login credentials we have entered during installation. When you log in, click the Next button in the upper right corner of the screen and the install wizard starts. You can change the Network mode, Network interfaces, DNS servers here. You must have a working connection to the Internet in order to successfully check DNS lookup (Picture 6).
Picture 6 - DNS Lookup Done by ClearOS using Web Interface
Click Next and select the community edition from the offer list (Picture 7). We will this edition because it is free.
Picture 7 - Selecting ClearOS Community Edition
To access Marketplace with the latest apps, system registration is required. Therefore, we need to register our gateway appliance (Picture 8). Click the button Register System.
Picture 8 - ClearOS System Registration
If you do not posses a valid account you have to create an account first and afterwards you can register your gateway. (Picture 9).
Picture 9 - Creating User Account
When the registration process is finished, system checks for available updates. Click the button Update All.
Picture 10 - System Updating
As the next step, enter the domain and host names and click the Next button (Picture 11).
Picture 11 - Configuring Domain and Host Names
The next step consists of Timoze and Time configuration. Change it and enable Automatic synchronization. Then click Update and the Next button. We are going to install apps that enehance gateway functionality (Picture 12).
Picture 12 - Selecting Marketplace by Categories
They are apps available in each Category (Picture 13).
Picture 13 - Application Categories
Some of the apps have been already installed, others are paid. As we focus mostly on networking and reporting we are going to install these free apps under the following Categories:
Gateway
- Application Filter
- Content Filter Engine
- Gateway Antivirues
- IDS
- IPS
- Protocol Filter
- Web access control
- Web proxy server
Network
- 1-to-1 one NAT
- Network Map
- NTP server
- OpenVPN
- Port Forwarding
- Static IPSec VPN for Home
- Radius Server
Server
- Windows Network (Samba)
System
-Users
Reports
- Bandwidth Viewer
- Disk Usage Report
- Filter and Proxy report
- Network Report
- Network Virtualizer
- System Report
Once selected, click Download and Install button. When the installation process is finished, click Update Navigation Menu button. You will be prompted to do menu update after each app installation. Remember, you can add your favorite app anytime. They are listed under each of the Categories, on the left part of the web interface screen (Picture 14).
Picture 14 - ClearOS Menu
End.