Zeroshell Bridge Inaccessible – Not passing traffic

Home Page Forums Network Management ZeroShell Zeroshell Bridge Inaccessible – Not passing traffic

This topic contains 2 replies, has 0 voices, and was last updated by  SupaJ 9 years ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #42208

    SupaJ
    Member

    I install a Zeroshell bridge and configured some firewall rules as below. The setup works. However after about 30 minutes, the connection to Zeroshell is lost. I can’t access ZeroShell nor the Internet. What is the possible cause of this? What log files should I access to help me trace this error? Note that if I disconnect the ethernet cables, and then reconnect them after a few minutes, the setup works again, even without rebooting.

    Thanks. Any help will be deeply appreciated.

    FORWARD Chain

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH01 –physdev-out ETH00 tcp spt:67 dpt:68
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp spt:68 dpt:67
    37 5231 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpt:25
    665 29219 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpt:110
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpt:23
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpt:9100
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpt:445
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpts:137:139
    1268 82216 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 udp dpt:53
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpts:20:22
    21974 4187K ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpt:80
    2560 592K ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpt:443
    434 44034 ACCEPT udp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 udp dpts:161:162
    0 0 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 –physdev-out ETH01 tcp dpt:9100
    30726 26M ACCEPT all — * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    1984 569K LOG all — * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 15 LOG flags 0 level 4 prefix `FORWARD/016′
    113K 15M DROP all — * * 0.0.0.0/0 0.0.0.0/0

    INPUT Chain

    Chain INPUT (policy DROP 38879 packets, 11M bytes)
    pkts bytes target prot opt in out source destination
    41199 11M SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
    0 0 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    1482 160K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    508 39996 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    33 7234 ACCEPT all — * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match –physdev-in ETH00
    0 0 ACCEPT all — * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

    OUTPUT Chain

    Chain OUTPUT (policy ACCEPT 3135 packets, 1345K bytes)
    pkts bytes target prot opt in out source destination
    3432 1376K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0

    #49638

    ppalias
    Member

    Can you connect on the ZS box itself by the time the problem occurs with a monitor and a keyboard, so that you can see if there is an interesting message. It also may be the switch you are using, I had a similar problem and it was the switch to blame.

    #49639

    SupaJ
    Member

    I didn’t see any ‘interesting message’ on the console when it happen. However I’ve noticed this when it is booting;

    08:18:11 	physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.

    and also this:

    08:18:10 	ETH00: setting half-duplex.

    Also note that when I run Zeroshell between a switch and a single PC , it run the whole day without problems. The problem occurs when it is place between the Internet Modem/Router and my server.

    BTW, Zeroshell is being run a 1.5GHz P4, 256MB RAM PC.

    Any suggestions?

    Here is the section of my kernel messages I extracted the above messages from:

    08:18:09 	BRIDGE00: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature.
    08:18:10 device ETH00 entered promiscuous mode
    08:18:10 ETH00: setting half-duplex.
    08:18:10 device ETH01 entered promiscuous mode
    08:18:10 ETH01: setting full-duplex.
    08:18:10 BRIDGE00: port 2(ETH01) entering learning state
    08:18:10 BRIDGE00: port 1(ETH00) entering learning state
    08:18:11 physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
    08:18:11 message repeated 17 times
    08:18:11 physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
    08:18:11 message repeated 47 times
    08:18:25 BRIDGE00: topology change detected, propagating
    08:18:25 BRIDGE00: port 2(ETH01) entering forwarding state
    08:18:25 BRIDGE00: topology change detected, propagating
    08:18:25 BRIDGE00: port 1(ETH00) entering forwarding state
    #49640

    ppalias
    Member

    By the time the problem occurs isn’t there anything at all in the logs? That is strange.
    Regarding the logs… I don’t think you should worry about the PHYSDEV since your interfaces are bridged. The half duplex of ETH00 is something weird but not something that would brick the box. Check if the cable is ok. And use another switch for connecting the box, to verify that it is not the ZS to blame.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.