2 ISP’s, redirection on internal virtual servers failing

Home Page Forums Network Management Networking 2 ISP’s, redirection on internal virtual servers failing

This topic contains 1 reply, has 0 voices, and was last updated by  sierramike 9 months, 4 weeks ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #44926

    sierramike
    Member

    I have a Zeroshell 3.4.0 VM running in Hyper-V (the last version able to install in Hyper-V).

    It has 4 NICs connected to it (4 different physical NICs), setup as follows :

    ETH0 : IP 192.168.230.254/24 => for future guest LAN computers
    ETH1 : IP 192.168.2.1/24 => connected to ADSL ISP’s router which has IP 192.168.2.254, DMZ setup to 192.168.2.1
    ETH2 : IP 192.168.1.3/24 => connected to Fiber ISP’s router which has IP 192.168.1.254, DMZ setup to 192.168.1.3
    ETH3 : IP 192.168.241.254/24 => LAN

    NAT is enabled on ETH1 & ETH2.

    Firewall is setup as follows :

    Chain INPUT: (Policy DROP)
    1 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0
    2 * * ACCEPT all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
    3 ETH03 * ACCEPT all opt — in ETH03 out * 0.0.0.0/0 -> 0.0.0.0/0

    Chain FORWARD: (Policy DROP)

    1 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0
    2 ETH03 * ACCEPT all opt — in ETH03 out * 0.0.0.0/0 -> 0.0.0.0/0
    3 * * ACCEPT all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
    4 ETH01 ETH03 ACCEPT tcp opt — in ETH01 out ETH03 0.0.0.0/0 -> 192.168.241.24 tcp dpt:80
    5 ETH02 ETH03 ACCEPT tcp opt — in ETH02 out ETH03 0.0.0.0/0 -> 192.168.241.23 tcp dpt:80
    6 ETH01 ETH03 ACCEPT tcp opt — in ETH01 out ETH03 0.0.0.0/0 -> 192.168.241.90 tcp dpt:3389
    7 ETH02 ETH03 ACCEPT tcp opt — in ETH02 out ETH03 0.0.0.0/0 -> 192.168.241.90 tcp dpt:3389

    Chain OUTPUT: (Policy ACCEPT)
    Empty

    Default gateway is 192.168.1.154

    Virtual servers :
    ETH02 / ANY TCP 80 192.168.241.23:80
    ETH01 / ANY TCP 3390 192.168.241.90:3389
    ETH02 / ANY TCP 3390 192.168.241.90:3389
    ETH01 / ANY TCP 80 192.168.241.24:80

    Network connectivity between two LANs is OK. Network connectivity between each LAN and Internet is OK and using the Fiber ISP’s, which is the way expected in my setup.

    Next tests are done from the “outside world”:
    1) When connecting to public IP of the Fiber connection with a browser, I get the welcome page of the web server from 192.168.241.23, which is what I expect.
    2) When connecting to public IP of the ADSL connection with a browser, it fails.
    3) When RDP to the public IP of the Fiber connection, it works, to the public IP of the
    4) When RDP to the public IP of the ADSL connection, it fails.

    Now I put a computer in the 192.168.2.0 subnet, and set its IP to 192.168.2.151/24. This is the subnet where the ADSL ISP’s router lies.
    From this computer, I browse to 192.168.2.1 (IP of the Zeroshell box on this NIC), I get the welcome page of the webserver.

    I would deduce the issue is on port forwarding of the ADSL ISP’s router, but I know for sure this functionality worked smoothly until a few days ago, before I decided to put this Zeroshell box.

    Could it be a default gateway setup issue on the ZS box?

    My aim with the ZS box is :
    1) Internet access via Fiber connection, with failover to the ADSL connection.
    2) Use 2 public IPs to remotely access resources inside the 192.168.241.0/24 LAN subnet.

    What am I doing wrong?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.