Home Page › Forums › Network Management › ZeroShell › Internal Webserver needs to be reachable via two WAN ports
- This topic is empty.
-
AuthorPosts
-
January 22, 2013 at 3:31 pm #43556
miketheknife
MemberHello community,
I have been using zeroshell for many years as routers and captive portals or bridges and and i can only say, it comepletely rocks!
but now, i encountered the following problem:
I have a internal Webserver 192.168.10.3 and I would like to be able to access it via both WAN Interfaces. I have a straight
forward setup with two WAN ports.
+---+ +
+
| I | +
+ | Zeroshell |
| N +--+ CABLE ROUTER +----+ ETH00 0x66 |
| T | | | | DYNAMIC IP | +
+
| E | +
+ | | | Webserver |
| R | | +-- ETH02 LAN 192.168.10.1 --+ 192.168.10.3 |
| N | +
+ | ETH01 0x65 | +
+
| E +--+ ADSL ROUTER +
+ 195.65.46.2 |
| T | | 195.65.46.1 | | 195.65.46.3 |
+---+ +
+ +
+
The Setup:
– Two Virtual Server rules
ETH00 / ANY TCP 80 192.168.10.3:80
ETH01 / 195.65.46.3 TCP 80 192.168.10.3:80– Firewall Rules
ETH02 ETH00 ACCEPT all opt — in ETH02 out ETH00 0.0.0.0/0 -> 0.0.0.0/0
ETH00 ETH02 ACCEPT all opt — in ETH00 out ETH02 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
ETH02 ETH01 ACCEPT all opt — in ETH02 out ETH01 0.0.0.0/0 -> 0.0.0.0/0
ETH01 ETH02 ACCEPT all opt — in ETH01 out ETH02 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
* * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 192.168.10.3 tcp dpt:80
* * ACCEPT tcp opt — in * out * 192.168.10.3 -> 0.0.0.0/0 tcp spt:80– Routing Table – ETH00 is set as Default Gateway
195.65.46.0 255.255.255.240 Net 0 none ETH01 U Up Auto
192.168.10.0 255.255.255.0 Net 0 none ETH02 U Up Auto
195.127.196.0 255.255.252.0 Net 0 none ETH00 U Up Auto
DEFAULT GATEWAY 0.0.0.0 Net 0 195.127.196.1 ETH00 UG Up Auto– Netbalancer
DEFAULT GATEWAY 195.202.196.1 1 Disabled 0
ADSL 195.65.46.1 1 Spare 0
CABLE 195.127.196.1 99 Active 0So far So good,
I am able to connect to my Webserver via the ETH00 interface OK. When i use the ADSL Interface probably
whats happening is asynchronus routing the packets come in on ETH01 and the asnwer is going out though
the ETH00 Deafult gateway.i tried something like this in the Startup/Cron under “NAT and virual Servers”
iptables -t nat -I PREROUTING 1 -d 195.65.46.3 -i ETH01 -j DNAT –to-destination 192.168.10.1
iptables -t nat -I POSTROUTING 1 -s 192.168.10.1 -o ETH01 -j SNAT –to-source 195.65.46.3OR i tried to mark incomming Packets on the ADSL ETH01
iptables -t mangle -I PREROUTING 2 -i ETH01 -m state –state NEW -j MARK –set-mark 0x65with no success i managed to either get the ADSL working or the Cable, but not Both interfaces. There must be
a simple solution for this problem. i just dont see how 🙁 I spent now 2 days on this and finally decided to post
a forum thread.Is someone there that has solved this Puzzle 😉 ?
– Greets Mike
January 22, 2013 at 5:03 pm #52638miketheknife
MemberI have found the following thread.
https://www.zeroshell.org/forum/viewtopic.php?t=2326
https://www.zeroshell.org/forum/viewtopic.php?t=1283
https://www.zeroshell.org/forum/viewtopic.php?p=4470trying to read, understand and implement accordingly.
will let you know about success or failure.
– mike
-
AuthorPosts
- You must be logged in to reply to this topic.