ISP connection setup problem

[xtacyMember]

Hi!
3 NICs:
ETH00 is for my home LAN
ETH01 uses PPPoE connection and works fine with ZS.
ETH02 uses only Dyn.IP and nothing else just connect and go (like PnP)! Doesnt work with ZS at all! But If i connect this ISP’s ethernet cable direct to my PC (bypassing ZS) internet on that PC works perfectly which means ZS is a problem.

So the question is how to setup my second internet connection via ETH02 properly?

Tried to do many things such as using only second ISP alone but no success. ZS refuses to manage it. I guess ZS didnt realize that ETH02 is WAN and manage it like an usual LAN.

thanx.

using ZS 1.0.beta13 on CF

Added:
this is the route table:

Destination Netmask Type Metric Gateway Interface Flags State Source
10.0.0.1 255.255.255.255 Host 0 none ppp0 UH Up Auto
10.33.169.0 255.255.255.128 Net 0 none ETH01 U Up Auto
10.54.29.0 255.255.255.0 Net 0 none ETH00 U Up Auto
188.230.20.0 255.255.254.0 Net 0 none ETH02 U Up Auto
DEFAULT GATEWAY 0.0.0.0 Net 0 188.230.20.1 ETH02 UG Up Auto
DEFAULT GATEWAY 0.0.0.0 Net 0 none ppp0 U Up Auto

also added NAT for ETH02
Still no changes. ZS ignore my 2nd ISP. In the NET BALANCER ETH02 fail the Failover test:

00:49:17 +++ Testing across the gateway NetG (Interface: ppp0) +++
00:49:17 [74.125.39.105] : Success (Round Trip Time: 45.9 ms)
00:49:17 [77.87.153.1] : Success (Round Trip Time: 19.3 ms)
00:49:17 [199.238.166.245] : Success (Round Trip Time: 213 ms)
00:49:17 +++ Testing across the gateway Inti (Interface: ETH02) +++
00:49:20 [74.125.39.105] : ERROR
00:49:23 [77.87.153.1] : ERROR
00:49:26 [199.238.166.245] : ERROR

seems like my 2nd ISP is like an external router for ZS

[ppaliasMember]

If you ping from your ZS (utilities menu) do you get a response? Is your second ISP blocking ICMPs? Is your second ISP filtering packets depending on MAC address so that your desktop connects but your ZS fails?

[xtacyMember]

@ppalias wrote:

If you ping from your ZS (utilities menu) do you get a response?

Yes i do. I do get responses from google, yahoo, this site or any other alive website at all even if 1st ISP is disconnected physically. But every arp finishes with msg like:

WARNING: the host 62.149.128.154 is not directly connected on the ETH02 LAN but is reachable via
the gateway 188.230.20.1: ARP is a Layer 2 Protocol and it cannot be routed by routers!

@ppalias wrote:

Is your second ISP blocking ICMPs?

Don’t know
@ppalias wrote:

Is your second ISP filtering packets depending on MAC address so that your desktop connects but your ZS fails?

No. Any connected PC works fine. I guess if I connect their cable to a simple 8ports switch all of 7 PCs connected to that swith would work fine due to ISP’s DCHP. But anyway – is it possible to change the MAC in ZS (like in WinXP)?
Ping to google.com:

ARPING 74.125.39.106 from 188.230.21.97 ETH02
Sent 3 probes (3 broadcast(s))
Received 0 response(s)

WARNING: the host 74.125.39.106 is not directly connected on the ETH02 LAN but is reachable via
the gateway 188.230.20.1: ARP is a Layer 2 Protocol and it cannot be routed by routers!

PING 74.125.39.106 (74.125.39.106) 56(84) bytes of data.
64 bytes from 74.125.39.106: icmp_seq=1 ttl=51 time=89.4 ms
64 bytes from 74.125.39.106: icmp_seq=2 ttl=51 time=60.2 ms
64 bytes from 74.125.39.106: icmp_seq=3 ttl=51 time=56.6 ms

— 74.125.39.106 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2010ms
rtt min/avg/max/mdev = 56.671/68.765/89.417/14.677 ms

for zeroshell.net:

ARPING 95.110.132.149 from 188.230.21.97 ETH02
Sent 3 probes (3 broadcast(s))
Received 0 response(s)

WARNING: the host 95.110.132.149 is not directly connected on the ETH02 LAN but is reachable via
the gateway 188.230.20.1: ARP is a Layer 2 Protocol and it cannot be routed by routers!

PING 95.110.132.149 (95.110.132.149) 56(84) bytes of data.
64 bytes from 95.110.132.149: icmp_seq=1 ttl=49 time=89.6 ms
64 bytes from 95.110.132.149: icmp_seq=2 ttl=49 time=88.8 ms
64 bytes from 95.110.132.149: icmp_seq=3 ttl=49 time=86.4 ms

— 95.110.132.149 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 86.437/88.313/89.682/1.393 ms

[ppaliasMember]

Yes i do. I do get responses from google, yahoo, this site or any other alive website at all even if 1st ISP is disconnected physically.

You mean here that you get responses from any site from the utilities ping, if the first connection is deactivated? The syntax was ambiguous that is why I am asking.
It looks like the ping from ZS is working fine. Don’t worry about the arp error, this is normal.
Could you please post here the output of the commands

ifconfig

iptables -L -v

iptables -t nat -L -v

Also a screenshot of the NetBalancer page from the web gui would be helpful.

[xtacyMember]

@ppalias wrote:

Yes i do. I do get responses from google, yahoo, this site or any other alive website at all even if 1st ISP is disconnected physically.

You mean here that you get responses from any site from the utilities ping, if the first connection is deactivated?

Yes.
i mean if 1st IPS’s ethernet cable isn’t connected to ZS’s PC (not just deactivated via Network Setup).
@ppalias wrote:

The syntax was ambiguous that is why I am asking.

I’m sorry about that.

NB Page

NetworkSetup Page

Router Page

[xtacyMember]

@ifconfig wrote:

root@zeroshell root> ifconfig
ETH00 Link encap:Ethernet HWaddr 00:E0:F4:15:A4:64
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:76031782 errors:0 dropped:0 overruns:0 frame:0
TX packets:49630556 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1183392016 (1128.5 Mb) TX bytes:3869829057 (3690.5 Mb)
Interrupt:24 Base address:0xc000

ETH00:00 Link encap:Ethernet HWaddr 00:E0:F4:15:A4:64
inet addr:10.54.29.1 Bcast:10.54.29.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:24 Base address:0xc000

ETH01 Link encap:Ethernet HWaddr 00:E0:F4:15:A4:65
inet addr:10.33.169.85 Bcast:10.33.169.127 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31623457 errors:0 dropped:0 overruns:0 frame:0
TX packets:57821538 errors:0 dropped:0 overruns:0 carrier:0
collisions:9598748 txqueuelen:1000
RX bytes:2311971396 (2204.8 Mb) TX bytes:1126790893 (1074.5 Mb)
Interrupt:25 Base address:0xc400

ETH02 Link encap:Ethernet HWaddr 00:E0:F4:15:A4:66
inet addr:188.230.21.97 Bcast:188.230.21.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39506871 errors:0 dropped:0 overruns:0 frame:0
TX packets:37422143 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3215544688 (3066.5 Mb) TX bytes:1098084078 (1047.2 Mb)
Interrupt:26 Base address:0xc800

dummy1 Link encap:Ethernet HWaddr 32:E2:83:E9:1C:EB
inet addr:192.168.142.142 Bcast:192.168.142.255 Mask:255.255.255.255
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:426471 errors:0 dropped:0 overruns:0 frame:0
TX packets:426471 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:41543464 (39.6 Mb) TX bytes:41543464 (39.6 Mb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:10.96.1.184 P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:18122247 errors:0 dropped:0 overruns:0 frame:0
TX packets:20429744 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:4047006462 (3859.5 Mb) TX bytes:1951829921 (1861.4 Mb)

@iptables -L -v wrote:

root@zeroshell root> iptables -L -v
Chain INPUT (policy ACCEPT 3050K packets, 288M bytes)
pkts bytes target prot opt in out source destination
3515K 336M SYS_INPUT all — any any anywhere anywhere
429 24957 SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:http
4094 568K SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:https
1527 75492 SYS_SSH tcp — any any anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT 126M packets, 102G bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 970K packets, 70M bytes)
pkts bytes target prot opt in out source destination
1432K 114M SYS_OUTPUT all — any any anywhere anywhere

Chain NetBalancer (0 references)
pkts bytes target prot opt in out source destination

Chain SYS_HTTPS (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo any anywhere anywhere
4523 593K ACCEPT all — any any anywhere anywhere

Chain SYS_INPUT (1 references)
pkts bytes target prot opt in out source destination
426K 42M ACCEPT all — lo any anywhere anywhere
19356 4654K ACCEPT udp — any any anywhere anywhere udp spt:domain state ESTABLISHED
285 196K ACCEPT tcp — any any anywhere anywhere tcp spt:http state ESTABLISHED
0 0 ACCEPT tcp — any any anywhere anywhere tcp spt:8245 state ESTABLISHED
13411 1019K ACCEPT udp — any any anywhere anywhere udp spt:ntp state ESTABLISHED
3056K 288M RETURN all — any any anywhere anywhere

Chain SYS_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
427K 42M ACCEPT all — any lo anywhere anywhere
21088 1535K ACCEPT udp — any any anywhere anywhere udp dpt:domain
402 24090 ACCEPT tcp — any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp — any any anywhere anywhere tcp dpt:8245
13507 1027K ACCEPT udp — any any anywhere anywhere udp dpt:ntp
970K 70M RETURN all — any any anywhere anywhere

Chain SYS_SSH (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo any anywhere anywhere
1486 73344 ACCEPT all — ETH00 any 10.54.29.3 anywhere
0 0 DROP all — any any anywhere anywhere

@iptables -t nat -L -v wrote:

root@zeroshell root> iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 2708K packets, 177M bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 9197 packets, 568K bytes)
pkts bytes target prot opt in out source destination
2037K 108M SNATVS all — any any anywhere anywhere
1083K 58M MASQUERADE all — any ETH02 anywhere anywhere
944K 49M MASQUERADE all — any ppp0 anywhere anywhere

Chain OUTPUT (policy ACCEPT 177K packets, 14M bytes)
pkts bytes target prot opt in out source destination

Chain SNATVS (1 references)
pkts bytes target prot opt in out source destination

P.S. both ISPs was turned on

[xtacyMember]

that’s what i got with the only ETH02/ISP2 connected (unchecked ETH01/ppp0’s Up and reboot ZS):

root@zeroshell root> ifconfig
ETH00 Link encap:Ethernet HWaddr 00:E0:F4:15:A4:64
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2460 errors:0 dropped:0 overruns:0 frame:0
TX packets:1573 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:215186 (210.1 Kb) TX bytes:370142 (361.4 Kb)
Interrupt:24 Base address:0xc000

ETH00:00 Link encap:Ethernet HWaddr 00:E0:F4:15:A4:64
inet addr:10.54.29.1 Bcast:10.54.29.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:24 Base address:0xc000

ETH01 Link encap:Ethernet HWaddr 00:E0:F4:15:A4:65
inet addr:10.33.169.85 Bcast:10.33.169.127 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:485 errors:0 dropped:0 overruns:0 frame:0
TX packets:673 errors:0 dropped:0 overruns:0 carrier:0
collisions:20 txqueuelen:1000
RX bytes:96800 (94.5 Kb) TX bytes:76935 (75.1 Kb)
Interrupt:25 Base address:0xc400

ETH02 Link encap:Ethernet HWaddr 00:E0:F4:15:A4:66
inet addr:188.230.21.97 Bcast:188.230.21.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4002 errors:0 dropped:0 overruns:0 frame:0
TX packets:1925 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:276933 (270.4 Kb) TX bytes:115782 (113.0 Kb)
Interrupt:26 Base address:0xc800

dummy1 Link encap:Ethernet HWaddr DA:65:93:83:13:E7
inet addr:192.168.142.142 Bcast:192.168.142.255 Mask:255.255.255.255
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:337 errors:0 dropped:0 overruns:0 frame:0
TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:34827 (34.0 Kb) TX bytes:34827 (34.0 Kb)

root@zeroshell root> iptables -L -v
Chain INPUT (policy ACCEPT 623 packets, 64569 bytes)
pkts bytes target prot opt in out source destination
1263 176K SYS_INPUT all — any any anywhere anywhere
0 0 SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:http
214 36243 SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:https
125 9652 SYS_SSH tcp — any any anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT 2531 packets, 172K bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 581 packets, 263K bytes)
pkts bytes target prot opt in out source destination
1750 356K SYS_OUTPUT all — any any anywhere anywhere

Chain NetBalancer (0 references)
pkts bytes target prot opt in out source destination

Chain SYS_HTTPS (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo any anywhere anywhere
214 36243 ACCEPT all — any any anywhere anywhere

Chain SYS_INPUT (1 references)
pkts bytes target prot opt in out source destination
219 21117 ACCEPT all — lo any anywhere anywhere
62 26116 ACCEPT udp — any any anywhere anywhere udp spt:domain state ESTABLISHED
17 18552 ACCEPT tcp — any any anywhere anywhere tcp spt:http state ESTABLISHED
0 0 ACCEPT tcp — any any anywhere anywhere tcp spt:8245 state ESTABLISHED
3 228 ACCEPT udp — any any anywhere anywhere udp spt:ntp state ESTABLISHED
962 110K RETURN all — any any anywhere anywhere

Chain SYS_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
1003 82254 ACCEPT all — any lo anywhere anywhere
133 9144 ACCEPT udp — any any anywhere anywhere udp dpt:domain
21 1172 ACCEPT tcp — any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp — any any anywhere anywhere tcp dpt:8245
12 912 ACCEPT udp — any any anywhere anywhere udp dpt:ntp
581 263K RETURN all — any any anywhere anywhere

Chain SYS_SSH (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo any anywhere anywhere
125 9652 ACCEPT all — ETH00 any 10.54.29.3 anywhere
0 0 DROP all — any any anywhere anywhere
root@zeroshell root> iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 1067 packets, 69118 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 79 packets, 4638 bytes)
pkts bytes target prot opt in out source destination
1034 57037 SNATVS all — any any anywhere anywhere
786 42849 MASQUERADE all — any ETH02 anywhere anywhere
181 10483 MASQUERADE all — any ppp0 anywhere anywhere

Chain OUTPUT (policy ACCEPT 204 packets, 14830 bytes)
pkts bytes target prot opt in out source destination

Chain SNATVS (1 references)
pkts bytes target prot opt in out source destination
root@zeroshell root>

[ppaliasMember]

Go to Netbalancer, select Inti and in the “Gateway configuration” add the 188.230.20.1 as IP address and try the pinging again.

[xtacyMember]

thanx, that made both connections Active at NB. And the Utils’s Ping works fine but it did b4 anyway, what’s the point?
And what if second ISP’s GW would change? Should i monitor this situation all the time?

And the next looks like a huge bug! I did the following via web interface:
1) In the Network setup – unchecked ETH01 “Up” chkbox
2) In the Network setup – unchecked PPP0 “Up” chkbox
3) Reboot ZS
After reboot in the in the Network setup ETH01 “Up” chkbox stays unchecked while PPP0 is checked on and IT IS CONNECTED!!! How’s that could happen? It looks 4me like 1st ISP’s PPPoE goes via 2nd ISP. I believe both ISPs wouldn’t thank me for that if it’s so!

[ppaliasMember]

Point is that Netbalancer need to specifically have the gateway declared, regardless if it is declared in the routing section (which is why ping worked). Most likely (99,999%) the gateway of your ISP won’t change.
After the reboot the ppp0 is up again cause you have checked the auto start at boot in its properties.

[Author]

Posts