Forum Replies Created
January 25, 2017 at 10:17 am in reply to: (Bug?) Zeroshell upgrade 3.6.0>3.7.0 OpenVPN X509+passwor #54318
I upgraded 3.7.0 -> 3.7.1 and didn’t need to flag again.
So I would say the issue only affects * -> 3.7.0 upgradeJanuary 17, 2017 at 6:50 am in reply to: (Bug?) Zeroshell upgrade 3.6.0>3.7.0 OpenVPN X509+passwor #54314
Indeed you saved my time: I also got this issue after upgrading from 3.6 to 3.7.
Fixed it ticking the authentication -> trusted CAs item.
Thankyou again!December 10, 2016 at 7:44 pm in reply to: 2.0.RC3 NET BALANCER – 1:1 Nat Virtual Servers not managable #52889
That’s what I did: the same configuration (copied over page-by-page) works in every aspect but using the right gateway in network balancing for some traffic (not all – see my post above).December 8, 2016 at 4:53 pm in reply to: 2.0.RC3 NET BALANCER – 1:1 Nat Virtual Servers not managable #52887
I changed my hardware, so I think it’s not possible to go the gradual upgrade path (because of how the network interfaces are identified).
Thanks anywayDecember 6, 2016 at 8:46 pm in reply to: 2.0.RC3 NET BALANCER – 1:1 Nat Virtual Servers not managable #52885
After having put this task aside for some months, I’m now trying to fix the problem (without success by now).
Here is my setup:
– ETH00 –> LAN
– ETH01 –> DMZ
– ETH02 –> GW1
– ETH03 –> GW2
GW1 + GW2 are in netbalancing (failover), where GW1’s weight is 95 and GW2’s weight is 1.
GW2 has 4 IP addresses (x.x.x.74,x.x.x.75,x.x.x.76,x.x.x.77).
My goal is to map different addresses to different services/servers in DMZ.
So I setup portforwarding and postrouting rules in crontab in order to SNAT specific traffic.
I also setup balancing rules to get all trafic coming from DMZ through GW2.
This configuration _was_ working in version 1.beta14.
What happens now:
– services mapped to first address (x.x.x.74) are correctly routed through GW2
– services mapped to the other addresses are routed through GW1 (which is also default gateway). Therefore they never get back to the calling party.
Port forwarding config:
ETH03 / x.x.x.77 TCP 25 10.0.1.11:25
ETH03 / x.x.x.74 TCP 110,143 10.0.1.11:110,143
ETH03 / x.x.x.74 TCP 80,443 10.0.1.15:80,443
ETH03 / x.x.x.75 TCP 80 10.0.1.12:80
ETH03 / x.x.x.74 TCP 25 10.0.1.11:25
ETH03 / x.x.x.76 TCP 80,443 10.0.1.14:80,443
iptables -t nat -I POSTROUTING 1 -s 10.0.1.14 -o ETH03 -j SNAT --to-source x.x.x.76
iptables -t nat -I POSTROUTING 1 -s 10.0.1.12 -o ETH03 -j SNAT --to-source x.x.x.75
*** No change even if these rules are commented ***
Net balancing rule:
1 * * MARK all opt -- in * out * 10.0.1.0/24 -> 0.0.0.0/0 MARK set 0x66 GW2 (x.x.x.73)
Any help will be greatly appreciated. Thanks!January 3, 2015 at 5:13 pm in reply to: 2.0.RC3 NET BALANCER – 1:1 Nat Virtual Servers not managable #52884
I’m in the same trouble upgrading from 1.b14 to latest 3.2.1.
The configuration that was working in previous release doesn’t work any more now in routing packets as per nat1:1 configuration.
I don’t think it is a netbalancer issue: I have the same problem even disabling netbalancing.
In my configuration I have 4 public ip addresses (22.214.171.124, .75, .76, .77) on ETH03.
All 4 are configured nat1:1 to dmz servers, but only the first one (126.96.36.199) works, i.e. packets come back through ETH03. Packet to the others goes back through ETH02 (which is the default route).
I’m stuck trying all possible configurations and wondering if you fixed your issue.