Forum Replies Created

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • in reply to: (Bug?) Zeroshell upgrade 3.6.0>3.7.0 OpenVPN X509+passwor #54318


    I upgraded 3.7.0 -> 3.7.1 and didn’t need to flag again.
    So I would say the issue only affects * -> 3.7.0 upgrade

    in reply to: (Bug?) Zeroshell upgrade 3.6.0>3.7.0 OpenVPN X509+passwor #54314


    Indeed you saved my time: I also got this issue after upgrading from 3.6 to 3.7.
    Fixed it ticking the authentication -> trusted CAs item.

    Thankyou again!


    That’s what I did: the same configuration (copied over page-by-page) works in every aspect but using the right gateway in network balancing for some traffic (not all – see my post above).


    I changed my hardware, so I think it’s not possible to go the gradual upgrade path (because of how the network interfaces are identified).

    Thanks anyway


    After having put this task aside for some months, I’m now trying to fix the problem (without success by now).

    Here is my setup:
    – ETH00 –> LAN
    – ETH01 –> DMZ
    – ETH02 –> GW1
    – ETH03 –> GW2

    GW1 + GW2 are in netbalancing (failover), where GW1’s weight is 95 and GW2’s weight is 1.

    GW2 has 4 IP addresses (x.x.x.74,x.x.x.75,x.x.x.76,x.x.x.77).

    My goal is to map different addresses to different services/servers in DMZ.

    So I setup portforwarding and postrouting rules in crontab in order to SNAT specific traffic.
    I also setup balancing rules to get all trafic coming from DMZ through GW2.

    This configuration _was_ working in version 1.beta14.

    What happens now:
    – services mapped to first address (x.x.x.74) are correctly routed through GW2
    – services mapped to the other addresses are routed through GW1 (which is also default gateway). Therefore they never get back to the calling party.

    Port forwarding config:

    ETH03 / x.x.x.77 TCP 25
    ETH03 / x.x.x.74 TCP 110,143,143
    ETH03 / x.x.x.74 TCP 80,443,443
    ETH03 / x.x.x.75 TCP 80
    ETH03 / x.x.x.74 TCP 25
    ETH03 / x.x.x.76 TCP 80,443,443

    Postrouting rules:

    iptables -t nat -I POSTROUTING 1 -s -o ETH03 -j SNAT --to-source x.x.x.76
    iptables -t nat -I POSTROUTING 1 -s -o ETH03 -j SNAT --to-source x.x.x.75

    *** No change even if these rules are commented ***

    Net balancing rule:

    1 * * MARK all opt -- in * out * -> MARK set 0x66 GW2 (x.x.x.73)

    Any help will be greatly appreciated. Thanks!


    Hi miketheknife,

    I’m in the same trouble upgrading from 1.b14 to latest 3.2.1.
    The configuration that was working in previous release doesn’t work any more now in routing packets as per nat1:1 configuration.

    I don’t think it is a netbalancer issue: I have the same problem even disabling netbalancing.

    In my configuration I have 4 public ip addresses (, .75, .76, .77) on ETH03.
    All 4 are configured nat1:1 to dmz servers, but only the first one ( works, i.e. packets come back through ETH03. Packet to the others goes back through ETH02 (which is the default route).

    I’m stuck trying all possible configurations and wondering if you fixed your issue.

Viewing 6 posts - 1 through 6 (of 6 total)