Internal Webserver needs to be reachable via two WAN ports

Home Page Forums Network Management ZeroShell Internal Webserver needs to be reachable via two WAN ports

This topic contains 0 replies, has 0 voices, and was last updated by  miketheknife 5 years, 10 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #43556

    miketheknife
    Member

    Hello community,

    I have been using zeroshell for many years as routers and captive portals or bridges and and i can only say, it comepletely rocks!

    but now, i encountered the following problem:

    I have a internal Webserver 192.168.10.3 and I would like to be able to access it via both WAN Interfaces. I have a straight
    forward setup with two WAN ports.


    +---+ +
    +
    | I | +
    + | Zeroshell |
    | N +--+ CABLE ROUTER +----+ ETH00 0x66 |
    | T | | | | DYNAMIC IP | +
    +
    | E | +
    + | | | Webserver |
    | R | | +-- ETH02 LAN 192.168.10.1 --+ 192.168.10.3 |
    | N | +
    + | ETH01 0x65 | +
    +
    | E +--+ ADSL ROUTER +
    + 195.65.46.2 |
    | T | | 195.65.46.1 | | 195.65.46.3 |
    +---+ +
    + +
    +

    The Setup:
    – Two Virtual Server rules
    ETH00 / ANY TCP 80 192.168.10.3:80
    ETH01 / 195.65.46.3 TCP 80 192.168.10.3:80

    – Firewall Rules
    ETH02 ETH00 ACCEPT all opt — in ETH02 out ETH00 0.0.0.0/0 -> 0.0.0.0/0
    ETH00 ETH02 ACCEPT all opt — in ETH00 out ETH02 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
    ETH02 ETH01 ACCEPT all opt — in ETH02 out ETH01 0.0.0.0/0 -> 0.0.0.0/0
    ETH01 ETH02 ACCEPT all opt — in ETH01 out ETH02 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
    * * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 192.168.10.3 tcp dpt:80
    * * ACCEPT tcp opt — in * out * 192.168.10.3 -> 0.0.0.0/0 tcp spt:80

    – Routing Table – ETH00 is set as Default Gateway
    195.65.46.0 255.255.255.240 Net 0 none ETH01 U Up Auto
    192.168.10.0 255.255.255.0 Net 0 none ETH02 U Up Auto
    195.127.196.0 255.255.252.0 Net 0 none ETH00 U Up Auto
    DEFAULT GATEWAY 0.0.0.0 Net 0 195.127.196.1 ETH00 UG Up Auto

    – Netbalancer
    DEFAULT GATEWAY 195.202.196.1 1 Disabled 0
    ADSL 195.65.46.1 1 Spare 0
    CABLE 195.127.196.1 99 Active 0

    So far So good,

    I am able to connect to my Webserver via the ETH00 interface OK. When i use the ADSL Interface probably
    whats happening is asynchronus routing the packets come in on ETH01 and the asnwer is going out though
    the ETH00 Deafult gateway.

    i tried something like this in the Startup/Cron under “NAT and virual Servers”

    iptables -t nat -I PREROUTING 1 -d 195.65.46.3 -i ETH01 -j DNAT –to-destination 192.168.10.1
    iptables -t nat -I POSTROUTING 1 -s 192.168.10.1 -o ETH01 -j SNAT –to-source 195.65.46.3

    OR i tried to mark incomming Packets on the ADSL ETH01
    iptables -t mangle -I PREROUTING 2 -i ETH01 -m state –state NEW -j MARK –set-mark 0x65

    with no success i managed to either get the ADSL working or the Cable, but not Both interfaces. There must be
    a simple solution for this problem. i just dont see how 🙁 I spent now 2 days on this and finally decided to post
    a forum thread.

    Is someone there that has solved this Puzzle 😉 ?

    – Greets Mike

    #52638

    miketheknife
    Member

    I have found the following thread.

    https://www.zeroshell.org/forum/viewtopic.php?t=2326
    https://www.zeroshell.org/forum/viewtopic.php?t=1283
    https://www.zeroshell.org/forum/viewtopic.php?p=4470

    trying to read, understand and implement accordingly.

    will let you know about success or failure.

    – mike

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.