ZS not forwarding IP address problem

Home Page Forums Network Management ZeroShell ZS not forwarding IP address problem

This topic contains 12 replies, has 0 voices, and was last updated by  domu 1 year, 1 month ago.

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #44846

    domu
    Participant

    I can’t figure out how to set up ZS to forward original IP address.

    For example, I have Asterisk server behind ZS. There are some
    hacking attempts coming from outside, but in logs offending IP
    address is always address of our ZS gateway.

    Similar situation with L2L VPN, rsync mirroring server allows to
    connect one particular IP from the subnet at our another branch,
    but again, it fails because server receives ZS IP instead.

    When using other routers (RV082) everything works as expected
    out of the box.

    What am I missing ?

    #54513

    domu
    Participant

    Anybody, please ?

    #54514

    reaperz
    Member

    I am also using ZS for L2L VPN and I don’t have such problems.

    Are you by chance using wrong-way NAT?

    Go to “Router -> NAT” in menu

    Under “NAT Enabled Interfaces” there should only be one interface – that is your external (WAN) interface, that has external IP-address from your ISP. No other interfaces should be under right tab!

    #54515

    domu
    Participant

    Thank you for your answer.

    In the router section there are selected three PPPoE. as we utilize
    Network Balancer feature of ZS router, so I guess that should not
    cause that kind of problem. Especially that RV081 had similar
    feature, and never experienced such issue.

    #54516

    domu
    Participant

    Two months and no answer ?

    Is it really impossible to have in ZS feature which is a standard
    in even simplest routers ?

    Can anybody confirm/deny if it is possible at all ?

    #54517

    Montikore
    Participant

    Hi,

    For what i understand, this is a misconfiguration on your side. Zeroshell is of course capable of ding this, as this is the basics of routing.
    Please give more info about your configuration/architecture if you want to get help.

    #54518

    domu
    Participant

    Sure, here are the relevant points of the ZS setup

    Setup -> Network ->
    Gateway – [empty]
    – that is supposed to be controlled by NetBalancer settings
    NAT Enabled Interfaces [pppoe0,pppoe1,pppoe2]
    – two FTTx redundant links + one aircard

    ETH0 – LAN
    ETH2/3/5 – pppoe

    NetBalancer
    – default gateway – [disabled]
    – pppoe0 – fiber1 (active)
    – pppoe1 – fiber2 (spare)
    – ICMP failover checking [enabled]

    Please let me know what else you would need to know.

    #54519

    Montikore
    Participant

    as suggested reaperz, did you check your NAT?
    your external access interfaces (PPPoE) have to be under “NAT Enabled Interfaces” and nothing else.

    #54520

    domu
    Participant

    Yup, that’s exactly as it is. You can see it in my previous reply:
    “NAT Enabled Interfaces [pppoe0,pppoe1,pppoe2]”

    #54521

    Montikore
    Participant

    do you use any port redirection / virtual server ?

    #54522

    domu
    Participant

    Yes I do. That is how servers are being “found” in the LAN.
    Asterisk server among the others. The problem is that when
    there is hacking attempt detected on Asterisk server – ofending
    address is identified as IP of our ZS router, instead of external
    IP address of the “attacker”.

    If I only have an _external_ IP address in the server logs – the
    problem is solved.

    #54523

    Montikore
    Participant

    this may be the problem then : if your server is accessed using virtual server, it means you use the zeroshell IP to access it and not its own IP, then this is not anymore basic routing and zeroshell processes the packets instead of just passing them through.

    #54524

    domu
    Participant

    Then how would you explain that any stock router that I know/used
    – have virtual servers / port forwarding section
    – passes external IPs to virtual servers in the NAT without any extra setup
    ?

    #54525

    Montikore
    Participant

    my answer was incomplete… this is the case when using the keyword MASQUARADE with iptable routing NAT, which is the default with ZS.
    I don’t know how to do this from the web interface (not sure it’s even possible), but you have to use instead POSTROUTING.
    I suggest you to search about this 2 different ways to do NAT to learn more about it.

Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic.