Port Forwarding and Web GUI Issue

Home Page Forums Network Management ZeroShell Port Forwarding and Web GUI Issue

This topic contains 6 replies, has 0 voices, and was last updated by  taylormade201 8 years, 11 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #42599

    Hey,
    Has anyone noticed a problem trying to restrict access to the Zeroshell web interface? I am running Zeroshell beta 11, and when I try to restrict access to the web interface to my local subnet only or a VPN interface, it seems to ignore it and allow access from the external IP. I have also noticed the same strangeness when trying to configure virtual servers, where requests seem to just end up at the gateway and not forwarded to the servers. Has anyone noticed this or have a fix besides manually editing the iptable rules?

    Thanks,
    Jon

    #50973

    ppalias
    Member

    I haven’t seen this ever. ZSbeta11 was working fine as far as I recall. Show us the rules you have applied on the web interface and the output of

    iptables -L -v
    iptables -t nat -L -v
    #50974

    iptables -L -v
    Chain INPUT (policy ACCEPT 39046 packets, 4401K bytes)
    pkts bytes target prot opt in out source destination

    Chain FORWARD (policy ACCEPT 6017K packets, 5604M bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 35789 packets, 3900K bytes)
    pkts bytes target prot opt in out source destination

    iptables -t nat -L -v
    Chain PREROUTING (policy ACCEPT 195K packets, 15M bytes)
    pkts bytes target prot opt in out source destination
    3 160 DNAT tcp — ppp0 any anywhere anywhere tcp dpt:http to:192.168.1.190:80
    1 40 DNAT tcp — ppp0 any anywhere anywhere tcp dpt:http-alt to:192.168.1.190:8080
    0 0 DNAT tcp — ppp0 any anywhere anywhere tcp dpt:domain to:192.168.1.190:53
    0 0 DNAT tcp — ppp0 any anywhere anywhere tcp dpt:tacacs-ds to:192.168.1.190:8500

    Chain POSTROUTING (policy ACCEPT 2642 packets, 109K bytes)
    pkts bytes target prot opt in out source destination
    181K 14M SNATVS all — any any anywhere anywhere
    178K 14M MASQUERADE all — any ppp0 anywhere anywhere
    2633 109K OpenVPN all — any any anywhere anywhere

    Chain OUTPUT (policy ACCEPT 92598 packets, 7052K bytes)
    pkts bytes target prot opt in out source destination

    Chain OpenVPN (1 references)
    pkts bytes target prot opt in out source destination
    2 332 MASQUERADE all — any any anywhere anywhere source IP range 192.168.250.1-192.168.250.253

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination

    Any requests for port 80 on the external IP go to the Zeroshell web interface, requests on the other ports are just dropped.

    Under the HTTPS settings in ZS, I have access restricted to my subnet (192.168.1.0/24)

    #50975

    ppalias
    Member

    This is weird, there are some chains missing. Are you sure that the configuration changes have been saved correctly?

    #50976

    As far as I can tell they are, although they do not seem to be updated in the iptable rules.

    Not sure what is going on. Any ideas?

    #50977

    ppalias
    Member

    I would suggest upgrading to beta12 if not beta13. Don’t forget to backup first! Maybe you’ve hit an old bug, as I haven’t seen that before.

    #50978

    I am using a special MLPPP version of Zeroshell that requires beta11. At first I thought that may be the problem, but it doesn’t seem like other users have that issue.

    I am not an iptables expert, but would it be possible to manually add the correct iptables rules through the shell, or would interfere with Zeroshell?

    #50979

    ppalias
    Member

    Yeah it is possible. You can add it at System -> Setup -> Startup/Cron and select NAT from the drop down lost. There you can add your custom rules.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.