June 8, 2010 at 2:25 pm #42430
I am new to Zeroshell and apologize in advance if the answers to my questions have already been posted to the Forum.
We have set up a workstation in my office with 3 NIC cards. We have 2 PCI and 1 onbourd NIC.We are currently using Release 1.0 Beta 12 . From what I have read on this forum , QOS and Net Balancing are glitchy and have made sure not to enable QOS.
The issue we are running into is that the Failover is not working properly, I keep receiving Fauts everytime I switch between the interfaces.Below is my current setup.
Default Gateway ETH02
Cable Internet Connection ETH01
DSL Internet Connection ETH02
LuigiJune 8, 2010 at 4:46 pm #50382
If you apply Atheling’s patch for mangling then you can use both QoS and Netbalancer. I don’t understand what do you mean exactly
everytime I switch between the interfaces
could you elaborate a bit? Failover sticks to the active connection and switches to the standby only when the active goes off.June 8, 2010 at 4:55 pm #50383
We are trying to setup load balancing between a DSL connection and a Cable connection. Whenever We have the failover monitor in place, the DSL connection fails. In the routing table, the default gateway shows that all traffic should be going out the connection for the DSL connection, but when I try to run a trace route or ping a public IP address it doesn’t work.
Traffic is getting stopped at the WAN Port on the Zero Shell server for the DSL connection.
If I were to ping a device that is past the WAN Port for the DSL connection, it is successful. I don’t know what the problem is. I can provide tracerts and IP addressing if you need.
Thanks for your time.June 8, 2010 at 5:02 pm #50384
Post here the screen from the web interface of Netbalancer and the balancing rules, if you have any. Also post anything else you have, like traceroutes or pings, and maybe logs from the netbalancer.June 8, 2010 at 5:12 pm #50385
My company is an Internet service provider. We provide DSL and T1 lines to various customers. While we are troubleshooting this issue, we are using DSL service that we provide. So the connection from our Core router goes out through the connection to our DSL vendor and then in through a phone line into our office and into a3Com 3030 router. We then have the LAN-side of this 3Com 3030 router going into one of the WAN ports of the Zero Shell server.
Here is a tracert when our DSL connection is the Default Gateway:
C:Documents and Settingsstudent>tracert 188.8.131.52
Tracing route to resolver1.opendns.com [184.108.40.206]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.150.1.1
2 10.104.117.2 reports: Destination host unreachable.
Here is the routing table on ZeroShell:
Destination Netmask Type Metric Gateway Interface Flags State Source
10.150.1.0 255.255.255.0 Net 0 none ETH00 U Up Auto
10.104.117.0 255.255.255.0 Net 0 none ETH02 U Up Auto
192.168.250.0 255.255.255.0 Net 0 none VPN99 U Up Auto
220.127.116.11 255.255.252.0 Net 0 none ETH01 U Up Auto
10.0.0.0 255.0.0.0 Net 1 10.104.117.1 ETH02 UG Up Static
DEFAULT GATEWAY 0.0.0.0 Net 0 none ETH02 U Up Auto
You’ll see that the DEFAULT GATEWAY is pointing to ETH02. This is the connection to our DSL router.
The static routes on the DSL router are:
ip route-static 0.0.0.0 0.0.0.0 10.101.1.1 preference 60
ip route-static 10.150.1.0 255.255.255.0 10.104.117.2 preference 80
The DSL router is supposed to take the traffic from ZeroShell and send it out to the internet and then back, but according to the tracert above, ZeroShell isn’t sending the traffic to the DSL router. 10.104.117.2 is the WAN IP address of the ZeroShell server that connects to the LAN-side of the DSL router.
When I try to ping my core router and the 3Com 3030 router from a workstation on the LAN 10.150.1.x network, pings are successful, but whenever I try to access a website on the internet through the DSL connection it fails at the ZeroShell connection.
I only have NAT turned on for the Cable connection. Our DSL connection has NAT performed on the firewall that is directly in front of the Core router.June 9, 2010 at 7:26 am #50386
Your ZS routing table is wrong. In the Default Gateway line you should also have the gateway IP address (10.104.117.1 I think). The way you have it is for p2p links, while you are on a routed network, so the router should know the IP to hit.June 9, 2010 at 4:20 pm #50387
Thanks for the assistance. I was unable to specify the output interface and the IP address of the default gateway (10.104.117.1), but I was able to just put in the default gateway and that seemed to have fixed the routing issue we had.
Now I am trying to figure out what is needed in regards to DNS.
We currently have our DNS servers specified as the forwarders for our client’s DNS servers. In the event of a WAN link failure that we provide (DSL or T1), the clients will not be able to resolve websites to IP addresses.
I am aware of the fact that we can set DNS forwarders on the ZS box and then have our clients use the IP address of the ZS box as their DNS forwarder. My question for this is, is there a way to provide failover for this DNS function? I’d like to make it so that when our WAN link is up (DSL or T1), ZS will forward DNS requests to our Primary and Secondary DNS servers, but when those WAN links are down, we would like ZS to forward DNS requests to a DNS server out on the internet (for example, OpenDNS).
Is there a way to configure this?
Also is there a way to perform policy-based routing on ZS?
ThanksJune 10, 2010 at 6:21 am #50388
Although I guess that when your WAN links are down DNS will be the least problem of your clients, you can always add many DNS servers in the forwarders list, starting with your own and finally using OpenDNS.June 10, 2010 at 6:47 pm #50389
Is there any way to configure the http proxy to specify a different IP address and port number? I am trying to incorporate this ZeroShell router into a network with a filtering system that requires proxy settings on all the workstations. If ZeroShell can automatically redirect all HTTP web requests to the filtering system instead of having to put the proxy settings on the workstations, that would significantly help us deploy this across all of our clients. Thanks.June 10, 2010 at 8:52 pm #50390
Yes you can do it with PREROUTING rules in IPTABLES, more specifically DNAT action.June 15, 2010 at 3:58 pm #50391
I’m just not that familiar with this software to be able to do this on my own. How would I go about setting this up?
What information do you need from me in order to assist me? Our proxy server on this network segment is 10.150.1.3 with port number 8080. Our ZeroShell server has IP address 10.150.1.1 on the LAN and it has two WAN ports, one of them has a static IP address that connects to a DSL line that my company provides ISP services to. The WAN IP address on the ZeroShell server for that connection is 10.104.117.2 and the other WAN connection connects to a third-part Cable ISP provider and it receives an IP address through DHCP. Thanks.June 15, 2010 at 4:06 pm #50392
Your proxy server must support transparent mode.
The command should be like that
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.150.1.3:8080
You might want to add the same command for https
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.150.1.3:8080
Hope this helps.June 15, 2010 at 4:17 pm #50393
Thanks for the info. I’m assuming I need to type this in the Shell Prompt, correct? (Command Menu, Option S for Shell prompt)
How would I remove these commands if I needed to? I might be installing this server at a client’s location on Thursday and I would need to remove these settings and change the IP addresses of the interfaces since the client has a different IP range. Thanks.June 16, 2010 at 9:12 am #50394
Yes you have to add them in the shell. You can see the installed rules with
iptables -L -v
and remove the rule you want with
iptables -t nat -D PREROUTING X
where X is the number of the line the command is in the specific chain.June 16, 2010 at 11:21 am #50395
Thanks I’ll test that out today. Does ZeroShell support SNMP? If so, how would I go about configuring it? We use What’s Up Gold for monitoring purposes, and would love to be able to monitor the ZeroShell Server. Thanks.
You must be logged in to reply to this topic.