Net Balancer

Home Page Forums Network Management Networking Net Balancer

This topic contains 18 replies, has 0 voices, and was last updated by  Luigi10 8 years, 11 months ago.

Viewing 15 posts - 1 through 15 (of 20 total)
  • Author
    Posts
  • #42430

    Luigi10
    Member

    Hey Everyone,

    I am new to Zeroshell and apologize in advance if the answers to my questions have already been posted to the Forum.

    We have set up a workstation in my office with 3 NIC cards. We have 2 PCI and 1 onbourd NIC.We are currently using Release 1.0 Beta 12 . From what I have read on this forum , QOS and Net Balancing are glitchy and have made sure not to enable QOS.

    The issue we are running into is that the Failover is not working properly, I keep receiving Fauts everytime I switch between the interfaces.Below is my current setup.

    Default Gateway ETH02
    Cable Internet Connection ETH01
    DSL Internet Connection ETH02

    Thank You
    Luigi

    #50382

    ppalias
    Member

    If you apply Atheling’s patch for mangling then you can use both QoS and Netbalancer. I don’t understand what do you mean exactly

    everytime I switch between the interfaces

    could you elaborate a bit? Failover sticks to the active connection and switches to the standby only when the active goes off.

    #50383

    Luigi10
    Member

    We are trying to setup load balancing between a DSL connection and a Cable connection. Whenever We have the failover monitor in place, the DSL connection fails. In the routing table, the default gateway shows that all traffic should be going out the connection for the DSL connection, but when I try to run a trace route or ping a public IP address it doesn’t work.

    Traffic is getting stopped at the WAN Port on the Zero Shell server for the DSL connection.

    If I were to ping a device that is past the WAN Port for the DSL connection, it is successful. I don’t know what the problem is. I can provide tracerts and IP addressing if you need.

    Thanks for your time.

    #50384

    ppalias
    Member

    Post here the screen from the web interface of Netbalancer and the balancing rules, if you have any. Also post anything else you have, like traceroutes or pings, and maybe logs from the netbalancer.

    #50385

    Luigi10
    Member

    My company is an Internet service provider. We provide DSL and T1 lines to various customers. While we are troubleshooting this issue, we are using DSL service that we provide. So the connection from our Core router goes out through the connection to our DSL vendor and then in through a phone line into our office and into a3Com 3030 router. We then have the LAN-side of this 3Com 3030 router going into one of the WAN ports of the Zero Shell server.

    Here is a tracert when our DSL connection is the Default Gateway:

    C:Documents and Settingsstudent>tracert 208.67.222.222
    Tracing route to resolver1.opendns.com [208.67.222.222]
    over a maximum of 30 hops:
    1 <1 ms <1 ms <1 ms 10.150.1.1
    2 10.104.117.2 reports: Destination host unreachable.
    Trace complete.

    Here is the routing table on ZeroShell:

    Destination Netmask Type Metric Gateway Interface Flags State Source
    10.150.1.0 255.255.255.0 Net 0 none ETH00 U Up Auto
    10.104.117.0 255.255.255.0 Net 0 none ETH02 U Up Auto
    192.168.250.0 255.255.255.0 Net 0 none VPN99 U Up Auto
    24.185.196.0 255.255.252.0 Net 0 none ETH01 U Up Auto
    10.0.0.0 255.0.0.0 Net 1 10.104.117.1 ETH02 UG Up Static
    DEFAULT GATEWAY 0.0.0.0 Net 0 none ETH02 U Up Auto

    You’ll see that the DEFAULT GATEWAY is pointing to ETH02. This is the connection to our DSL router.

    The static routes on the DSL router are:
    ip route-static 0.0.0.0 0.0.0.0 10.101.1.1 preference 60
    ip route-static 10.150.1.0 255.255.255.0 10.104.117.2 preference 80

    The DSL router is supposed to take the traffic from ZeroShell and send it out to the internet and then back, but according to the tracert above, ZeroShell isn’t sending the traffic to the DSL router. 10.104.117.2 is the WAN IP address of the ZeroShell server that connects to the LAN-side of the DSL router.

    When I try to ping my core router and the 3Com 3030 router from a workstation on the LAN 10.150.1.x network, pings are successful, but whenever I try to access a website on the internet through the DSL connection it fails at the ZeroShell connection.

    I only have NAT turned on for the Cable connection. Our DSL connection has NAT performed on the firewall that is directly in front of the Core router.

    #50386

    ppalias
    Member

    Your ZS routing table is wrong. In the Default Gateway line you should also have the gateway IP address (10.104.117.1 I think). The way you have it is for p2p links, while you are on a routed network, so the router should know the IP to hit.

    #50387

    Luigi10
    Member

    Thanks for the assistance. I was unable to specify the output interface and the IP address of the default gateway (10.104.117.1), but I was able to just put in the default gateway and that seemed to have fixed the routing issue we had.

    Now I am trying to figure out what is needed in regards to DNS.

    We currently have our DNS servers specified as the forwarders for our client’s DNS servers. In the event of a WAN link failure that we provide (DSL or T1), the clients will not be able to resolve websites to IP addresses.

    I am aware of the fact that we can set DNS forwarders on the ZS box and then have our clients use the IP address of the ZS box as their DNS forwarder. My question for this is, is there a way to provide failover for this DNS function? I’d like to make it so that when our WAN link is up (DSL or T1), ZS will forward DNS requests to our Primary and Secondary DNS servers, but when those WAN links are down, we would like ZS to forward DNS requests to a DNS server out on the internet (for example, OpenDNS).

    Is there a way to configure this?

    Also is there a way to perform policy-based routing on ZS?

    Thanks

    #50388

    ppalias
    Member

    Although I guess that when your WAN links are down DNS will be the least problem of your clients, you can always add many DNS servers in the forwarders list, starting with your own and finally using OpenDNS.

    #50389

    Luigi10
    Member

    Is there any way to configure the http proxy to specify a different IP address and port number? I am trying to incorporate this ZeroShell router into a network with a filtering system that requires proxy settings on all the workstations. If ZeroShell can automatically redirect all HTTP web requests to the filtering system instead of having to put the proxy settings on the workstations, that would significantly help us deploy this across all of our clients. Thanks.

    #50390

    ppalias
    Member

    Yes you can do it with PREROUTING rules in IPTABLES, more specifically DNAT action.

    #50391

    Luigi10
    Member

    I’m just not that familiar with this software to be able to do this on my own. How would I go about setting this up?

    What information do you need from me in order to assist me? Our proxy server on this network segment is 10.150.1.3 with port number 8080. Our ZeroShell server has IP address 10.150.1.1 on the LAN and it has two WAN ports, one of them has a static IP address that connects to a DSL line that my company provides ISP services to. The WAN IP address on the ZeroShell server for that connection is 10.104.117.2 and the other WAN connection connects to a third-part Cable ISP provider and it receives an IP address through DHCP. Thanks.

    #50392

    ppalias
    Member

    Your proxy server must support transparent mode.
    The command should be like that

    iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.150.1.3:8080

    You might want to add the same command for https

    iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.150.1.3:8080

    Hope this helps.

    #50393

    Luigi10
    Member

    Thanks for the info. I’m assuming I need to type this in the Shell Prompt, correct? (Command Menu, Option S for Shell prompt)

    How would I remove these commands if I needed to? I might be installing this server at a client’s location on Thursday and I would need to remove these settings and change the IP addresses of the interfaces since the client has a different IP range. Thanks.

    #50394

    ppalias
    Member

    Yes you have to add them in the shell. You can see the installed rules with

    iptables -L -v

    and remove the rule you want with

    iptables -t nat -D PREROUTING X

    where X is the number of the line the command is in the specific chain.

    #50395

    Luigi10
    Member

    Thanks I’ll test that out today. Does ZeroShell support SNMP? If so, how would I go about configuring it? We use What’s Up Gold for monitoring purposes, and would love to be able to monitor the ZeroShell Server. Thanks.

Viewing 15 posts - 1 through 15 (of 20 total)

You must be logged in to reply to this topic.