Internal Webserver needs to be reachable via two WAN ports

Forums Network Management ZeroShell Internal Webserver needs to be reachable via two WAN ports

  • This topic is empty.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • January 22, 2013 at 3:31 pm #43556
    miketheknife
    Member

    Hello community,

    I have been using zeroshell for many years as routers and captive portals or bridges and and i can only say, it comepletely rocks!

    but now, i encountered the following problem:

    I have a internal Webserver 192.168.10.3 and I would like to be able to access it via both WAN Interfaces. I have a straight
    forward setup with two WAN ports.


    
+---+                      +

    
+
    
| I |  +

    
+    | Zeroshell   |
    
| N +--+ CABLE ROUTER +----+ ETH00 0x66  |
    
| T |  |              |    | DYNAMIC IP  |                            +

    
+
    
| E |  +

    
+    |             |                            | Webserver    |
    
| R |                      |             +-- ETH02 LAN 192.168.10.1 --+ 192.168.10.3 |
    
| N |  +

    
+     | ETH01 0x65  |                            +

    
+
    
| E +--+ ADSL ROUTER +

    
+ 195.65.46.2 |
    
| T |  | 195.65.46.1 |     | 195.65.46.3 |
    
+---+  +

    
+     +

    
+

    The Setup:
    – Two Virtual Server rules
    ETH00 / ANY TCP 80 192.168.10.3:80
    ETH01 / 195.65.46.3 TCP 80 192.168.10.3:80

    – Firewall Rules
    ETH02 ETH00 ACCEPT all opt — in ETH02 out ETH00 0.0.0.0/0 -> 0.0.0.0/0
    ETH00 ETH02 ACCEPT all opt — in ETH00 out ETH02 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
    ETH02 ETH01 ACCEPT all opt — in ETH02 out ETH01 0.0.0.0/0 -> 0.0.0.0/0
    ETH01 ETH02 ACCEPT all opt — in ETH01 out ETH02 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
    * * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 192.168.10.3 tcp dpt:80
    * * ACCEPT tcp opt — in * out * 192.168.10.3 -> 0.0.0.0/0 tcp spt:80

    – Routing Table – ETH00 is set as Default Gateway
    195.65.46.0 255.255.255.240 Net 0 none ETH01 U Up Auto
    192.168.10.0 255.255.255.0 Net 0 none ETH02 U Up Auto
    195.127.196.0 255.255.252.0 Net 0 none ETH00 U Up Auto
    DEFAULT GATEWAY 0.0.0.0 Net 0 195.127.196.1 ETH00 UG Up Auto

    – Netbalancer
    DEFAULT GATEWAY 195.202.196.1 1 Disabled 0
    ADSL 195.65.46.1 1 Spare 0
    CABLE 195.127.196.1 99 Active 0

    So far So good,

    I am able to connect to my Webserver via the ETH00 interface OK. When i use the ADSL Interface probably
    whats happening is asynchronus routing the packets come in on ETH01 and the asnwer is going out though
    the ETH00 Deafult gateway.

    i tried something like this in the Startup/Cron under “NAT and virual Servers”

    iptables -t nat -I PREROUTING 1 -d 195.65.46.3 -i ETH01 -j DNAT –to-destination 192.168.10.1
    iptables -t nat -I POSTROUTING 1 -s 192.168.10.1 -o ETH01 -j SNAT –to-source 195.65.46.3

    OR i tried to mark incomming Packets on the ADSL ETH01
    iptables -t mangle -I PREROUTING 2 -i ETH01 -m state –state NEW -j MARK –set-mark 0x65

    with no success i managed to either get the ADSL working or the Cable, but not Both interfaces. There must be
    a simple solution for this problem. i just dont see how ๐Ÿ™ I spent now 2 days on this and finally decided to post
    a forum thread.

    Is someone there that has solved this Puzzle ๐Ÿ˜‰ ?

    – Greets Mike

    January 22, 2013 at 5:03 pm #52638
    miketheknife
    Member

    I have found the following thread.

    https://www.zeroshell.org/forum/viewtopic.php?t=2326
    https://www.zeroshell.org/forum/viewtopic.php?t=1283
    https://www.zeroshell.org/forum/viewtopic.php?p=4470

    trying to read, understand and implement accordingly.

    will let you know about success or failure.

    – mike

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.