November 13, 2012 at 5:02 pm #43496
I found a strange bug in the load balancer for a very specific situation. In my company we are using ZeroShell with 2 gateways, very classic use case!!
I made some tests using Iperf and wireshark, basically I tried to accessed an Iperf server in the internal network, from an iperf client on a computer in the cloud. All port forwarding mechanisms and firewall are well configured.
So the problem is the following: “an internal service is available from outside, through the first gateway that has been activated (UP) through the web interface.”
In short, the first gateway I set UP through the GUI is going to be the one chosen by default by zeroshell. For example, gateway1 was the first to be set up, I try to access the internal service via gateway2, the service receives the request and replies (seen by wireshark), but zeroshell will forward the reply to gateway1, which is wrong because in the end the client does not receive anything as the IP is different.
No matter the rules in the net balancer, the problem is the same. Worse: I set a rule for the computer, that has the service, to always use gateway1. But, gateway2 was set up the first one in the GUI after gateway1. I access the service via gateway1, then zeroshell forwards the reply of the service through gateway2 (note that for a use in the other way around, from inside to outside, the net balancer rules work perfectly).
In the same environment, I replace zeroshell by zentyal using the load balancing, I have no problem, no matter the gateway the service is accessed through, zentyal will redirect the reply to the right gateway, it works perfectly.
It is as if ZeroShell does not register well the communication when it is initiated from outside, and it ends up to be using the first gateway that was set up.
I hope this post can help to improve that amazing operating system. I am quite sad to have to leave ZeroShell for now…November 22, 2012 at 5:12 am #52526
could you try with the new release?.
RegardsNovember 23, 2012 at 5:52 pm #52527
Thanks for the new release!
Unfortunately the problem is persistent: ZeroShell still redirects the traffic of a local service, accessed from the Internet, to the same gateway. It is funny this time, with the new release (ZeroShell 2.0 RC2), the traffic is always redirected to the LAST gateway that has been set up in the GUI. Now I really don’t know if that information can help…
Let me know if you want me to make more tests, but so far I reproduced all the tests I had already made on the previous RC version.
You must be logged in to reply to this topic.