Multiwan without netbalancing and port forwarding.

Home Page Forums Network Management ZeroShell Multiwan without netbalancing and port forwarding.

This topic contains 5 replies, has 0 voices, and was last updated by  RDelpopolo 8 years, 7 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #42489

    RDelpopolo
    Member

    I’m coping this image from this topic: http://www.zeroshell.net/eng/forum/viewtopic.php?p=4470

    I’ve the same scenario. Instead of a terminal server i’ve a webserver.
    I need to make the webserver accessible using both the DSL lines that don’t have to be netbalanced.
    I’ve already installed the atheling patch but it isn’t of any help in my scenario.
    The webserver is visible only throug the DSL1 that is also the default gateway but not from DSL2. If a change the default gateway to dsl1, webserver start to be reacheable only from dsl2 ad not from dsl1.
    What i can try to do?

    #50650

    ppalias
    Member

    Atheling’s patch works great if you netbalance traffic. If you don’t netbalance traffic, I don’t see the problem sending the traffic out of one line only. You select the gateway that will be forwarding packets to the corresponding DSL and enable port forwarding for that connection to the web server. Post some screenshots from virtual servers and netbalancer if you still have trouble.

    #50651

    RDelpopolo
    Member

    I can’t use only one dsl.
    I need that the webserver result reacheable with both the dsl.

    ETH00 is my dsl1
    ETH01 is my dsl2
    ETH02 is my internal lan

    DSL1 is a bridged dsl modm with a public ip. From here the webserver is reacheable
    DSL2 is a routed dsl modem with a public ip. It have as internal ip 192.168.0.1. I’m already forwarding the port from this routed modem to the zeroshell. From here the webserver is unreacheable.

    /edit
    If i go on Conection tracking i get someting like:
    tcp 6 104 SYN_SENT src=8(omiss2)5 dst=8(omiss)0 sport=54189 dport=80 packets=5 bytes=300 [UNREPLIED] src=8(omiss)0 dst=8(omiss2)5 sport=80 dport=54189 packets=0 bytes=0 mark=0 use=1

    192.168.1.8 = my private ip.
    added (omiss) and (omiss2) to cover the public ips.
    (omiss) = public ip of DSL2 (the webserver unreacheable)
    (omiss2) = public ip of DSL1

    ad here the result of iptables -t mangle -vn -L

    Chain PREROUTING (policy ACCEPT 200K packets, 86M bytes)
    pkts bytes target prot opt in out source destination
    465 30862 MARK all — ETH01 * 0.0.0.0/0 0.0.0.0/0 state NEW MARK set 0x64
    449 30094 MARK all — ETH01 * 0.0.0.0/0 0.0.0.0/0 state NEW MARK set 0x64

    Chain INPUT (policy ACCEPT 92315 packets, 47M bytes)
    pkts bytes target prot opt in out source destination

    Chain FORWARD (policy ACCEPT 107K packets, 39M bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 92377 packets, 48M bytes)
    pkts bytes target prot opt in out source destination

    Chain POSTROUTING (policy ACCEPT 200K packets, 87M bytes)
    pkts bytes target prot opt in out source destination
    8594 3569K QoS all — * * 0.0.0.0/0 0.0.0.0/0

    Chain NB_CT_POST (0 references)
    pkts bytes target prot opt in out source destination
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 realm 0x66 MARK set 0x66
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 realm 0x65 MARK set 0x65
    0 0 CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save

    Chain NB_CT_PRE (0 references)
    pkts bytes target prot opt in out source destination
    0 0 MARK all — ETH01 * 0.0.0.0/0 192.168.0.2 MARK set 0x66
    0 0 MARK all — ETH00 * 0.0.0.0/0 8(omiss2)5 MARK set 0x65

    Chain NB_FO_PRE (0 references)
    pkts bytes target prot opt in out source destination

    Chain NB_STAT (0 references)
    pkts bytes target prot opt in out source destination
    0 0 all — * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x66
    0 0 all — * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x65

    Chain NetBalancer (0 references)
    pkts bytes target prot opt in out source destination

    Chain OpenVPN (0 references)
    pkts bytes target prot opt in out source destination

    Chain QoS (1 references)
    pkts bytes target prot opt in out source destination

    #50652

    ppalias
    Member

    First of all double NAT is something that I have tried to make it work for more than a day with no result.
    Secondly I see that your mangle PREROUTING marks twice the same thing.

    Chain PREROUTING (policy ACCEPT 200K packets, 86M bytes)
    pkts bytes target prot opt in out source destination
    465 30862 MARK all -- ETH01 * 0.0.0.0/0 0.0.0.0/0 state NEW MARK set 0x64
    449 30094 MARK all -- ETH01 * 0.0.0.0/0 0.0.0.0/0 state NEW MARK set 0x64

    Tell me what is wrong here.

    Also attach a picture of the netbalancer front page as well as any netbalancer rules you might have.

    #50653

    RDelpopolo
    Member

    Rebooted zeroshell, enabled the netbalancer and setted as failover, and now it works.

    I’m going to see how to patch zeroshell to make the portforwarding work on multiwan withouth enabling the netbalancer with atheling patch.

    Thank you for your kind support 😀

    #50654

    ppalias
    Member

    @rdelpopolo wrote:

    I’m going to see how to patch zeroshell to make the portforwarding work on multiwan withouth enabling the netbalancer with atheling patch.

    Put Atheling’s patch in

    /Database/patches/Zeroshell.7.patch

    and then in Startup/Cron enter the following line in Pre-Boot.

    patch -p0 -d /root/kerbynet.cgi < /Database/patches/Zeroshell.7.patch
    #50655

    RDelpopolo
    Member

    It don’t work if netbalancig or failover isn’t active

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.