In a previous tutorial we have successfully installed ClearOS on QEMU VM in a gateway mode. At the end of the tutorial we have installed several apps from ClearOS marketplace. These apps enhance gateway functionality, however we have not tested them yet. Therefore, this tutorial goes further and we are going to test some services offered by ClearOS apps. In order to do it, we will connect ClearOS QEMU appliance into a GNS3 topology.
Our ClearOS QEMU instance is configured with two guest network cards (Picture 1). The first guest interface ens3 has assigned the LAN role and it is configured with the IP address 192.168.1.254/24. This is the IP address a web server is listening on, the port 81. The entire ClearOS management will be done via web browser using the url https://192.168.1.254:81.
Picture 1 - Network Interfaces Configuration During ClearOS Installation
The second guest interface ens4 has assigned External role and its IP address is assigned from DHCP server. DHCP server is running on SOHO router with the IP address 172.17.100.1/16 (Picture 2).
Picture 2 - Network Topology
GNS3 itself connects the second guest interface ens4 of ClearOS gateway into the LAN network (172.16.0.0/16) using the GNS3 cloud. The cloud bridges the interface ens4 with the host interface enp4s0f2 (Picture 3). As a result, ClearOS appliance is connected to the SOHO router which represents a gateway to the public Internet. The working Internet connection is required and checked during ClearOS installation when DNS lookup is done. Apps are also downloaded from the Internet during installation from ClearOS web interface.
Picture 3 - Connecting ClearOS to GNS3 Cloud
They are two Linux hosts connected to ClearOS gateway using the switch (Picture 2). Their connection to the Internet works out of the box when they are connected to the gateway. DHCP, DNS, NTP and NAT service running on the gateway take care of host configuration.
It is not possible to explore all features that ClearOS offers. As we have mentioned, ClearOS functionality is depended on installed apps available in ClearOS marketplace. The apps can be downloaded and installed anytime according to your needs. Just connect to the system via web interface, navigate to Marketplace. Then select the app from Category and click Download and Install button. Afterwards, update the Navigation menu located in the left part of web interface clicking the button Update Navigation Menu. Your new enhancement will be added to the menu and you can start to configure it.
1. Restricting Access to Social Media
Let's say that we need to block access to certain social media such as Facebook or Twitter from hosts connected to the switch vIOS-L3. It can be done just with few clicks with the Application Filter app. (Picture 4).
Picture 4 - Blocking Access to Social Media Using Application Filter
Navigate to Gateway-> Filtering-> Application Filtering and click Add button. The applications are ordered under the Categories. For instance, the Category File Sharing contains AppleiCloud, DropBox, and Microsoft OneDrive option. The category Social Media contains options Facebook, Instagram, Twitter etc. If you need find out more about the installed app or read documentation click the button Details (Picture 5).
Picture 5 - Finding Details about App Application Filter
2. Authenticate Users on Proxy
In case you want only authenticated users to access the Internet, configure our proxy server to Non-transparent + User authentication mode. By default, proxy is set to Transparent + No user authentication mode. First, check if app Users is installed. If yes, create a new user. Navigate to System-> Account-> User and select an option Web Proxy User (Picture 6).
Picture 6 - Creating a New User
Navigate to Gateway-> Content Filter-> Proxy-> Web Proxy Server and enable the option Non-transparent + User authentication (Picture 7).
Picture 7- Switching Proxy Server to Non-transparent + User authentication Mode
Configure your web browser to use your new proxy (Picture 8).
Picture 8 - Configuring Proxy Settings on Firefox
Next time you will try to access the Internet, the popup authentication window appear asking for entering valid user credentials (Picture 9).
Picture 9 - User Authentication Using Web Browser When Accessing the Internet
3. Network Monitoring
We can find out the actual bandwidth usage with Bandwidth Viewer app. (Picture 10). Navigate to Reports-> Performance and Resources-> Bandwidth Viewer.
Picture 10 - Checking actual Bandwidth Usage with Bandwidth Viewer App
The sudden traffic peaks can be found easily by Network Report app (Picture 11). Navigate to Reports-> Performance and Resources-> Network Report.
Picture 11 - Consumed Bandwidth by Network Report App
The Network Visualiser offers actual used bandwidth per host (Picture 12).
Picture 12 - Consumed Bandwidth per Host by Network Visualiser App
The host 192.168.1.164/16 is downloading a large file from the Internet with the download speed 12.3 Mbps .
End.