Zeroshell in Bridge Mode

Home Page Forums Network Management ZeroShell Zeroshell in Bridge Mode

This topic contains 10 replies, has 0 voices, and was last updated by  nfldwifi 9 years, 3 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #42012

    nfldwifi
    Member

    Hello all,

    This is our first zeroshell install. We are installing it on a Dell PowerEdge 860 Server with a Quad core 2.4 GHz processor and 4 gig of ram.

    We have 3 NIC cards in this box. 1 being a PCI card, and the others being the 2 onboard cards. The network interfaces are configured as follows:

    Eth2: Management port (192.168.0.1)
    Eth0: Bridged
    Eth1: Bridged

    Eth0 is plugged into our router and Eth1 is our lan interface. When plugging into Eth1 we are able to pull down an IP address, but we are unable to get out to the outside world. We cannot ping our router through the zeroshell server. I am guessing this is a route issue, traffic is able to come in but we are unable to get out.

    Any suggestions?

    #49018

    ppalias
    Member

    There is not route issue on Bridge mode. Bridge is in layer 2 while routing is in L3. Check if there is a loop in your network and ZS’ spanning tree has blocked a port.

    #49019

    nfldwifi
    Member

    @ppalias wrote:

    There is not route issue on Bridge mode. Bridge is in layer 2 while routing is in L3. Check if there is a loop in your network and ZS’ spanning tree has blocked a port.

    I figured out the issue. All traffic is being classified as P2P which is limited to 2kbps. Under QoS>Class Manager we have Class: P2P, Description: file sharing peer to peer. Then if you go to QoS>Classifier, we have:

    MARK all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 MARK set 0xb
    Class: p2p

    Target Class we have P2P selected. In the tutorial on setting up the rule for sniffing out the P2P traffic there were on/off buttons to select the L7 traffic you wanted to look for. We don’t seem to have that in our Zeroshell. See screen shot.

    Do we manually have to add each one of the P2P applications from the L7 drop down list? That seems very teadious…..

    #49020

    ppalias
    Member

    Yes I am afraid you will have to…

    #49021

    nfldwifi
    Member

    @ppalias wrote:

    Yes I am afraid you will have to…

    Ok, no worries. ppalias see my two new attachments.

    On this screen shot, we show the P2P applications we are going to l7 filter.

    I notice some of the more popular ones are not an option to choose from. For example, uTorrent isn’t an option to choose from, Azureus also isn’t one to choose from. How do we go about updating this list so the l7 filters know what to look for?

    Also, see this screen shot.

    Are these settings correct?

    I appreciate your help and input. BTW ZeroShell is an amazing application. Great support and very stable build. Loving it.

    #49022

    ppalias
    Member

    Azureus and uTorrent are clients of the Bittorrent protocol which you already have included, so no worries, your setup is fine. Just make sure you apply it on the correct WAN interface on the outgoing flow.

    #49023

    JC
    Member

    What ever happened to the block ability of beta11? the peer-to-peer section

    Peer-to-Peer: eMule,EDonkey,Kademlia KaZaA,FastTrack Gnutella BitTorrent Direct Connect

    that made things so simple for p2p blocking, 1 rule for 8 items.

    #49024

    nfldwifi
    Member

    @ppalias wrote:

    Azureus and uTorrent are clients of the Bittorrent protocol which you already have included, so no worries, your setup is fine. Just make sure you apply it on the correct WAN interface on the outgoing flow.

    I have it applied to the outgoing and incoming connections for the bridge. I beleive that is what the guide has instructed to do.

    We have a quad core box, 2.4GHz with 4 gigs of ram and gig ethernet connections. What type of bandwidth should we expect to be able to push through this box? WE have a 60meg up and down fiber connection, with roughly 320 users (no idea how many concurrent) that will be behind this box. Will this set up handle this? I have read where it should do just fine, just seeing what you thought.

    #49025

    ppalias
    Member

    @jc wrote:

    What ever happened to the block ability of beta11? the peer-to-peer section

    Peer-to-Peer: eMule,EDonkey,Kademlia KaZaA,FastTrack Gnutella BitTorrent Direct Connect

    that made things so simple for p2p blocking, 1 rule for 8 items.

    Not applicable any more from what I’ve read and seen.

    #49026

    ppalias
    Member

    @nfldwifi wrote:

    @ppalias wrote:

    Azureus and uTorrent are clients of the Bittorrent protocol which you already have included, so no worries, your setup is fine. Just make sure you apply it on the correct WAN interface on the outgoing flow.

    I have it applied to the outgoing and incoming connections for the bridge. I beleive that is what the guide has instructed to do.

    We have a quad core box, 2.4GHz with 4 gigs of ram and gig ethernet connections. What type of bandwidth should we expect to be able to push through this box? WE have a 60meg up and down fiber connection, with roughly 320 users (no idea how many concurrent) that will be behind this box. Will this set up handle this? I have read where it should do just fine, just seeing what you thought.

    I don’t use a bridge, but the principal is to apply QoS filtering on the outgoing flow of the wan interface.

    #49027

    nfldwifi
    Member

    @ppalias wrote:

    @nfldwifi wrote:

    @ppalias wrote:

    Azureus and uTorrent are clients of the Bittorrent protocol which you already have included, so no worries, your setup is fine. Just make sure you apply it on the correct WAN interface on the outgoing flow.

    I have it applied to the outgoing and incoming connections for the bridge. I beleive that is what the guide has instructed to do.

    We have a quad core box, 2.4GHz with 4 gigs of ram and gig ethernet connections. What type of bandwidth should we expect to be able to push through this box? WE have a 60meg up and down fiber connection, with roughly 320 users (no idea how many concurrent) that will be behind this box. Will this set up handle this? I have read where it should do just fine, just seeing what you thought.

    I don’t use a bridge, but the principal is to apply QoS filtering on the outgoing flow of the wan interface.

    ppalias,

    That is what essentially what we have done. We applied the QoS settings to the inbound and outbound connections. Or is applying the filtering to the inbound redunant and not needed?

    These are the instructions we followed from the ZC documentation file “•QoS and Traffic Shaping in Transparent Bridge mode”

    Adding QoS classes to the bridged interfaces
    Now it is the moment to assign the QoS classes created in the previous steps to the network interfaces whose outgoing traffic you want to control.

    The steps to be performed to assign the QoS classes to the interfaces are the following ones:
    •From [QoS]->[Interface Manager] click the button [Add Class] related to the ETH00 interface. From the dialog window that appears (look at the figure) click the button [Add] for the VOIP, P2P, SHELL and BULK QoS classes;
    •Add the same classes to the ETH01 interface with the same procedure of the previous step;
    •Enable the Quality of Service for ETH00 and ETH01 by clicking on the related flags “On”;
    •Save the changes by clicking on the button [Activate last Changes].
    Note that you have activated the QoS directly on the members (ETH00,ETH01) of the bridge and not on the BRIDGE00.

    At this point the QoS is working on the bridge, but all traffic is outgoing from the DEFAULT class because you haven’t classified the traffic yet. In the next steps we will do that.

    #49028

    ppalias
    Member

    As I said I haven’t worked in bridged mode, if it is stated so by the vendor, you should go ahead and do it.

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.