May 6, 2008 at 6:08 am #41022
I have 5 WAN IP’s, all on a 255.255.255.248 subnet.
I want to be able to do the following:
1. Make all 5 IP’s respond to an ICMP Ping request from an external source.
2. Configure ports to redirect to different hosts interally depending on the destination IP. I have only been able to do it using the virtual server option, which unfortunately is by interface, and therefor forwards the port for all IP’s to the same destination. The plan is to be able to have port 25 for IP1 go to .1, port 25 for IP2 go to .2, etc….
3. Configure outbound traffic to come from a different source ip based on what the traffic is. Do not want to only be able to set it as a destination, but to be able to say all port 25 traffic comes from ip2, all port 80 traffic comes from ip3, etc. If layer 7 categories can be used on this traffic as well, even better.
If anyone can assist with any of this, that would be great.
AaronMay 10, 2008 at 5:23 am #46458
Can anyone assist with any of this?
ThanksJune 13, 2008 at 8:58 am #46459
This might not be the exact answer you are looking for, but how about approaching the problem in the following manner:
1) Enable ssh on your ZS box (and access it)
(or — use the serial port of your ZS machine; same menu interface)
2) Access the shell prompt and set up what you want using manual “iptables” commands
3) Once you can do everything with iptables that you want manually, copy/paste all the commands you want (from your ssh session’s history) in the order you want into ZS’s Startup Bash Script (available from the top menu’s setup->startup tab)
I’m no expert on iptables, but I was able to do what I wanted (VNC access to 10 different clients on the other side of the NATted interface using a different WAN port for each host). The ZS web interface didn’t quite have what I needed, but the linux shell underneath is still just linux, so it can probably do any kind and combination of packet manipulation that you can dream up.
I got the iptables commands and syntax I wanted by just mimicking what other people posted on howto and other tutorial documents which I found on google.June 14, 2008 at 1:35 am #46460
Thas exactly what I ended up doing. Some of the web interface stuff is quite limited. Using iptables I could get exactly what I needed done, and moved it to the startup scripts.
Thanks for the reply mate.June 14, 2008 at 12:18 pm #46461
Cool — glad it worked out.
Actually, I should clarify my original reply. I made it sound like ZS is not a cool thing — nothing could be further from my opinion.
Actually, I *could* set up all the virtual hosts (forwarded WAN ports) using the web interface, but because there were so many hosts/statements, it was just easier to cut and paste some text into the startup script area.
Great job + many thanks, Fulvio!
You must be logged in to reply to this topic.