Help Remote Connections timing out

Home Page Forums Network Management Networking Help Remote Connections timing out

This topic contains 7 replies, has 0 voices, and was last updated by  bigfishinnet 6 years, 9 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #43447

    bigfishinnet
    Member

    Hi all, after some tweaking and reading I have Zeroshell working – or so i thought! I am getting timed out error when trying to connect to ssh on a server.

    Sometimes it works?

    I am using a bridge with 2 static public ip ETH01 and internal IP ETH04.

    Would really appreciate some help and guidance – http://en.wikipedia.org/wiki/Newbi

    Thanks

    Stephen

    Virtual server settings are also below.

    Port Forwarding and Source NAT (PAT)
    Chain PREROUTING (policy ACCEPT 112 packets, 6852 bytes)
    pkts bytes target prot opt in out source destination
    6 400 DNAT tcp — BRIDGE00 * 0.0.0.0/0 78.xxx.99.44 tcp dpt:22 to:10.20.10.25:22
    0 0 DNAT tcp — BRIDGE00 * 0.0.0.0/0 78.xxx.99.44 tcp dpt:993 to:10.20.10.25:993

    Chain POSTROUTING (policy ACCEPT 49 packets, 3248 bytes)
    pkts bytes target prot opt in out source destination
    130 9144 SNATVS all — * * 0.0.0.0/0 0.0.0.0/0
    81 5896 MASQUERADE all — * BRIDGE00 0.0.0.0/0 0.0.0.0/0

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination

    Below are my input, forward and output chains

    Chain INPUT (policy ACCEPT 8 packets, 256 bytes)
    pkts bytes target prot opt in out source destination
    1644 209K SYS_GUI all — * * 0.0.0.0/0 0.0.0.0/0
    1644 209K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    1061 167K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    0 0 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    4 982 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT tcp — BRIDGE00 * 78.xxx.99.44 10.20.10.25 tcp spt:22 dpt:22
    0 0 ACCEPT tcp — BRIDGE00 * 78.xxx.99.44 10.20.10.25 tcp spt:993 dpt:993

    Chain FORWARD (policy ACCEPT 18 packets, 744 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — * BRIDGE00 10.20.10.25 78.xxx.99.44 PHYSDEV match –physdev-in ETH04

    Chain OUTPUT (policy ACCEPT 303 packets, 185K bytes)
    pkts bytes target prot opt in out source destination
    1773 601K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0

    #52465

    bigfishinnet
    Member

    Hi all. OK after I bit more fiddling I can get thing to work but it doesn seemed to stick for some reason I f I am out of the admin console or gui for a number of hours my settings in the firewall and virtual servers make no difference and all access is lost. How can I mak ethese settings stick!!

    Any help or guidance would be very appreciated.

    Stephen

    #52466

    Alderon
    Participant

    Why do you use a bridge? NAT-ing is only possible on router. Can you tell us some more details about your network topology?

    #52467

    Alderon
    Participant

    Why do you use a bridge? NAT-ing is only possible on router. Can you tell us some more details about your network topology?

    #52468

    bigfishinnet
    Member

    Thanks.

    I have 4 static ip’s and I want to use 2 of these to offer public email and web hosting. The other 2 are already being used direct from the ADSL router (set up in pass through mode) so there is no issue with the router. The first two go direct onto another 2 linux gateways and are working without problems. So the other 2 I want to use through Zeroshell.

    The Zeroshell hardware has 5 nic’s. ETH00 is being used as an admin interface on 10.0.10.0 network. ETH01 and ETH02 are going to be used for the static ip addresses 78.xx.xx.44 and 45 subnet mask 255.255.248.0 and gateway 78.105.96.1. ETH03 is spare and ETH04 is running dhcp on 10.20.10.0 network. It is on this network that I want to host the virtual machines that I need Like my public email server and web hosting. As I need more servers I can additional static IP addresses. I am using Proxmox to virtualise.

    I have had some success but only when I use just one of the static ip addresses and the settings dont stick

    I want to route traffic on one static IP address directly through to the email server on 10.20.10.25 (well just 993, 443and 22) and on the other static IP address 443 and 80 to the web server on 10.20.10.30 and vice versa. In certain circumstance I will also want to block traffic between the virtual servers so they are only accessible from the outside and admin interface.

    At some point I also like to allow access from one static IP to a windows terminal server but force all port 80 and 443 traffic requests out through another IP address.

    That will probably confuse you as I have not explained it very well.

    HTH

    #52469

    bigfishinnet
    Member

    Hi All, Ok some more tweaking but there is something I cant fix? It is still timing out for some reason. If I do for instance a apt-get update / upgrade or apt-get install some app on my debian server sitting behind the zeroshell server I can access it EXTERNALLY but after maybe 10-15 minutes of inactivity on the internal server the external ports anf firewall prevent access?

    So Like I have explained the settings are not sticking or they are being effected by something else. Name resolution also seems slow ish.

    Please can anyone help?

    Thanks

    stephen

    #52470

    bigfishinnet
    Member

    Ok I think I am giving up at this stage. Just followed this useful document

    http://www.zeroshell.net/listing/1_1_NAT_in_ZeroShell.pdf

    An i still cant get it working. I think Pfsene it is 🙁

    S

    #52471

    hojendiz
    Member

    i’m sorry to read that you are giving up… for the past 2 days i’ve been trying to understand your Network configuration but i’v failed.. maybe a couple of days more…

    #52472

    bigfishinnet
    Member

    Ok I have it working – of a sort! As usual the issue was the chair to keyboard interface – in this case me!.

    I am using proxmox to host virtual servers behind the zeroshell box and the network card on the ZS was 10.20.10.1 and all virtual servers are going to be in this network however the internal server I was trying to reach from the internet was connected via vmbr (acts like a network switch) which was on 10.10.20.15 so this was an issue! Also I think i have an issue on the bond within the vmbr so i just changed this to active-backup for now.

    I installed Pfsense and it was at this point I suddenly realised my mistake! So back in went zeroshell and we are good to go now – very gald it is working for me.

    Thanks to all.

    I still have an issue. ETH03 is my wan and currently one public IP is working ok if I add another public IP to ETH03 I can’t seem to get the same results (as in internal server open for access from the internet) with similar firewall, nat and virtual server settings.

    Any ideas?

    Thanks

    Stephen

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.