Replacing Cisco PIX with Zeroshell?

Home Page Forums Network Management ZeroShell Replacing Cisco PIX with Zeroshell?

This topic contains 4 replies, has 0 voices, and was last updated by  MisterPhoton 9 years, 8 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #41979

    MisterPhoton
    Member

    Hi all,

    I’m an experienced developer who may have bit off more than he can chew by taking an “everything” position with a small agency. One of the issues my predecessor left me with was two internet connections through different ISPs (one T1 and one cable) that aren’t working together at all currently. On the T1 we have a Cisco PIX device and on the cable is an SMC cable modem/router.

    I already have Zeroshell up and running on an old server (Dell Poweredge 2550) with three NICs and redundant connections for testing.

    My question is:
    Is there some way to decipher the settings text dump from the Cisco PIX to ensure that I have everything set up exactly the same on Zeroshell so that our VoIP system and other crucial systems will be guaranteed to work?

    Thanks!

    #48933

    ppalias
    Member

    I don’t think so… You’ll have to configure the box from scratch and spend one day troubleshooting all your clients’ complaints.

    #48934

    MisterPhoton
    Member

    Hrmph, oh well.

    Zeroshell is making me feel stupid, anyway. I’m trying to configure the Net Balancer but I can’t seem to get it to work right – my main problem being I can’t figure out whether I should be assigning traffic on each physical device or to IP addresses.

    Here’s how everything is hooked up:

    Internet -> T1 Connection -> T1 Modem -> PIX -> ETH02 on Zeroshell

    Internet -> Cable Connection -> Cable Modem/Router -> ETH01 on Zeroshell

    ETH00 is my internal port.

    It seems there’s not documentation covering my specific case, and as such I keep trying different instructions trying to get it to work, but nothing is working right.

    So yeah, any help would be appreciated. I can’t seem to even get Zeroshell working as an internet gateway, let alone effective load balancing. :

    #48935

    ppalias
    Member

    Enable (if necessary) NAT on interfaces ETH01 and ETH02.
    Assign on ETH01-02 IP or set them up to aquire DHCP or bring up a PPPoE session.
    Then add these two connections on the netbalancer. There are some tutorials for you here.

    #48936

    MisterPhoton
    Member

    Ok, I followed those instructions, and I’m getting connectivity through ETH01, but not ETH02 (the T1 line). Its probably something wrong with my IP settings, though, because I’ve had to much with it a bunch to get the testing environment working.

    Couple more questions:

    1) Does adding ETH01 and ETH02 to NAT and the Net Balancer enable the firewall as well?

    2) Also, does running Net Balancer hinder the use of OpenVPN at all? I need to be able to activate VPN easily once I get the more basic functions of ZeroShell up and running 100%.

    #48937

    ppalias
    Member

    1) No, firewall by default permits all on INPUT-OUTPUT-FORWARD. Take my advise and switch to DENY only the INPUT chain, after you have granted access to the ZS router by https and ssh.
    2) No, not at all. I have Netbalancer and Openvpn working fine. In case you face issues with those two, consider adding a Balancing Rule for the Openvpn to be directed on one interface if both are up.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.