Really Frustrated!

Home Page Forums Network Management ZeroShell Really Frustrated!

This topic contains 10 replies, has 0 voices, and was last updated by  nrandom 11 years, 10 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #40711

    nrandom
    Member

    I really am having a hard time making this work. I wish someone would give me feedback to what it is that I am doing wrong.

    Here is my setup:

    1, Access Point connected to ETH00 for authentication and DHCP. Using Paul Taylor’s paper for that part.

    2. ETH01 is connected to our school backbone. We have an internet proxy for internal users.

    3. What I am trying to do is have students connect via AP then routed to ETH01 for access to lan.

    4. ETH00 I gave 192.xxx.xxx.xxx and ETH01 10.xxx.xxx.xx.

    5. When I connect via a notebook, the AP sees me – and passes thru to server for DHCP. I am able to get a IP lease.

    6. But I don’t pass thru to lan.

    7. In the Router section, I added a route to 10.xxx.xxx.xx.

    8. I Nated ETH00 to ETH01.

    Being a teacher I am well aware that I don’t know much about networking but I didn’t think it would be this hard.

    Also, is the correct way to do page redirect edit cp_cltrlclient (sic) and where the brackets are replace that with internal web page?

    Please any help would be greatly appreciated. I am spending all my time off working on this and I know it shouldn’t be this hard.

    thanks – sorry about venting
    Noemi

    #45675

    imported_fulvio
    Participant

    You should put in the NAT list only ETH01.
    Have you configured the default gateway of Zeroshell? you should set it from the section [Router]->[Default Gateway] to the IP of the LAN School’s router.
    From the section [Utilities]->[IP Check] try the ping and traceroute of the default gateway and of an external host.

    Regards
    Fulvio

    #45676

    nrandom
    Member

    thank you for the help. I will try that right now.

    #45677

    nrandom
    Member

    okay I tried that. I can ping everthing on internal network and check ip with arp and traceroute showed everything okay.

    But, I can not connect with browser to any internal websites. Also, when I ran check ip I could not reach any external site.

    Any ideas?

    #45678

    nrandom
    Member

    Fulvio:

    After running wireshark, I found a problem in routing and corrected it. Now I can ping internal and external.

    Problems that remain:

    1. Leaking dhcp ip’s to 10.xxx.xxx.xx network. Is this a firewall issue? Here is my firewall config:

    INPUT Chain

    Chain INPUT (policy ACCEPT 5819 packets, 673K bytes)
    pkts bytes target prot opt in out source destination
    11938 1365K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
    15 2065 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    3388 382K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    0 0 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

    FORWARD Chain

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 CapPort all — * * 0.0.0.0/0 0.0.0.0/0

    OUTPUT Chain

    Chain OUTPUT (policy ACCEPT 11038 packets, 2972K bytes)
    pkts bytes target prot opt in out source destination
    15936 3424K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0

    2. Still can not connect to internal or external websites. Is this an internet proxy issue? If so, can you suggest how I might fix it.

    thanks – any help is greatly appreciated.

    Noemi

    #45679

    nrandom
    Member

    Okay, I can now access web pages! That is the good news.

    Bad news is I am still leaking dhcp ips to 10.xxx.xxx.xx lan. Also, even though I have captive portal enabled, when I open a browser it takes me to the redirected web page – by passing the portal login.

    Any help?

    #45680

    imported_fulvio
    Participant

    Please, post the dhcpd log.
    How many subnets have you created in the dhcp configuration?
    If you disable the captive gateway, are you able to visit web sites?
    Does your network use a proxy?

    Regards
    Fulvio

    #45681

    nrandom
    Member

    It appears that it is no longer leaking. Yeah!

    ‘How many subnets have you created in the dhcp configuration?’
    2 – 192xxxx and 10xxxx

    ‘If you disable the captive gateway, are you able to visit web sites?’
    I am able to get to web sites. However, I don’t get the captive portal logon page.

    ‘Does your network use a proxy?’
    Yes

    thank you for your help Fulvio.

    regards
    noemi

    #45682

    OnHeL
    Member

    Can you please post what you did that fixed it so future users can learn to resolve their network should they come across a similar issue, thanks in advance.

    #45683

    imported_fulvio
    Participant

    Why did you create a dhcp subnet for the network 10.x.x.x?
    You should remove it.
    The captive portal works only if your clients contact the tcp port 80 (http) and 443 (https). In that case the browser will be redirect on the authentication page. If you use a proxy you don’t use those tcp ports and the captive portal is not able to redirect your clients.
    This is not true if your organization use a transparent proxy, because in this case you don’t need to configure the web browser to use different http and https ports.

    Regards
    Fulvio

    #45684

    nrandom
    Member

    Thank you so much for your help! I removed the dhcp segment 10.xxxx. I don’t know how to change the win proxy transparent mode. Our windows network was setup by some university guys paid by the Feds under a grant. They left and now we teachers have to support it.

    So, I will research how to create transparent proxy in windows.

    Fulvio, words escape me on how to tell you how much I appreciate your help.

    thanks
    noemi

    #45685

    imported_fulvio
    Participant

    In transparent proxy mode you have to remove any proxy configuration from your browsers. The proxy server automatically will redirect any http request to itself.

    Fulvio

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.