jt

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • in reply to: How to install on harddisk #50665

    jt
    Member

    My computer would start booting off the hard drive, then couldn’t find the drive to continue booting after the initial boot messages displayed.

    ( I posted this in 2008.)

    I had trouble booting the SATA drive on my 1U server. I tried a lot of CMOS settings for the drive and other hardware configs and nothing fixed it.

    Finally, moving the drive to SATA channel 2 instead of 1 allowed it to boot as if it was an ATA drive. That works.

    in reply to: Best way to tranfer files to ZeroShell? #47570

    jt
    Member

    I sometimes use a USB flash drive to copy files to or from zeroshell. (My sshd on my server only allows key pairs, so I can’t just scp without installing a key first)

    Insert the flash drive in a usb slot.
    ssh to zeroshell, or use the console, and select a shell prompt.
    Enter:
    dmesg

    My zeroshell shows this (I have zeroshell booting from a hard drive):
    …etc…
    scsi 2:0:0:0: Direct-Access USB 2.0 USB Flash Drive 0.00 PQ: 0 ANSI: 2
    sd 2:0:0:0: [sda] 7897088 512-byte hardware sectors (4043 MB)
    …etc…
    sd 2:0:0:0: [sda] Assuming drive cache: write through
    sda: sda1

    So, my zeroshell assigns the flash drive to be sda1. You may get a different sdxx name, depending on your hardware.

    Enter:
    mkdir /usbtemp {make a temporary mount point}
    mount /dev/sda1 /usbtemp {mount the flash drive}
    cd /usbtemp
    ls {see the files and directories that are on the flash drive}

    copy files as needed, using cp

    when done:
    cd /
    umount /usbtemp

    Now you can remove the flash drive from the usb slot.

    in reply to: Need hardware-recommendations #49363

    jt
    Member

    I got a pair of 1u servers similar to this:
    http://www.abmx.com/1u-short-depth-server

    Dual core, 2gb, sata drive, 4 ethernet ports.

    ‘free’ shows that zeroshell only uses 470mb. I have 1606064 free. So the 2gb memory wasn’t needed. I think that zeroshell is limited to 512mb memory (unless there’s some setting I don’t know about)

    I have zeroshell installed on the hard drive, and had some trouble getting it to boot at first. I set the sata drive to be an IDE drive on cable number 2, and it works fine. ( I don’t think the hard drive is used during normal operation, just at boot time and to save the profile / database entries)

    I don’t do any L7 filtering or clamAV, but I do forward between three different subnets and the internet for about 70 users. My uptime or vmstat always shows 100% idle.

    So this configuration is really much more than I needed. I just ran iptraf and saw 250 packets/sec on our LAN, with half the users already gone home. The load average is still 0.00 0.00 0.00 in ‘uptime’.

    We have two identical U1 servers, since the company completely depends on this router to forward between our wired vlans, not just for internet access. Having spare hardware will save us downtime if one zeroshell stops working. I really like having a second machine for testing configuration changes and upgrading the zeroshell version, since upgrading is very similar to a re-install.

    in reply to: commands shell prompt #49359

    jt
    Member

    iptraf saves it’s settings in a config file
    /var/local/iptraf/iptraf.cfg

    But zeroshell doesn’t create the directory it needs.

    So do this:
    mkdir /var/local/iptraf

    It will be gone at the next zeroshell reboot, so it probably needs to be added to the bootup scripts.

    I use iptraf via a ssh connection to zeroshell.
    I set Configure–> Timers –> Screen update interval –> 1 second. Otherwise, iptraf itself continuously generates a lot of packets when you monitor the ETH that your ssh session is running on. (it’s not a problem on the console)

    in reply to: Trouble getting to the web control panel #49399

    jt
    Member

    You probably know about the Setup–>https tab–>Allow access only from (IP or subnet) settings. Of course, if these get set wrong, you can’t get in to fix it.

    Have you tried this: (from the FAQ)

    Having incorrectly configured the firewall or the network in general I can no longer connect via the web interface. Even rebooting the system doesn’t work. How can I resolve the problem?

    From the ZeroShell console press the Z key. This enables the system to start the Fail-Safe procedure: you will be requested to select an Ethernet interface which can be attributed an IP address of your choice; any obstacles, such as firewall rules, belonging to a bridge, static routes or other will be removed. Once complete, you can access the interface via the IP address you attributed. To exit the Fail-Safe mode you must reboot, having removed the obstacle that blocked access.

    in reply to: dhcpd server already running #49381

    jt
    Member

    My zeroshell dhcp log always shows that message, too. But it works correctly.
    16:24:35 Sending on Socket/fallback/fallback-net
    16:24:35 There’s already a DHCP server running.

    in reply to: Add tool: iftop #48874

    jt
    Member

    That looks interesting.

    zeroshell already has iptraf, which can display various network statistics. I connect via ssh and get a shell prompt, then enter ‘iptraf’

    To store your iptraf config changes (until the next reboot), a directory needs to be created:

    mkdir /var/local/iptraf

    iptraf configs:
    I set the Update Interval to 1 second, otherwise running iptraf via ssh, it generates a lot of IP traffic on the ssh connection if it’s constantly updating the display.
    It can filter for just selected IP addresses. Then the Detailed display will be fairly short. It does remember the filters, so turn them back off when you are done. I rarely use the filters.

    I use these iptraf displays:

    Detailed interface statistics — select the internet ETH interface. I see kbits/sec counts, updated every 5 seconds.

    IP traffic monitor — select the internet ETH interface. I see bytes and packets for all the internet connections. Sort by largest byte count to see the big users.

    General interface statistics — to see activity counts on all the ETH interfaces.

    Statistical breakdowns… by port number. To see what port numbers are in use.

    in reply to: Logging in to zeroshell’s ssh as a user (not admin) #48049

    jt
    Member

    @bdsnyder wrote:

    In my post boot script I added:

    echo “backup:x:50003:100::/backup:” >> /etc/passwd
    echo “AllowUsers admin backup” >> /etc/ssh/sshd_config
    /etc/init.d/sshd stop
    /etc/init.d/sshd start

    That will help, thanks! I can use this same method for a lot of other settings changes.

    for instance,
    iptraf wants to save it’s settings in a file, but the directory doesn’t exist, so this will create the directory it needs:

    mkdir /var/local/iptraf

    (of course, the iptraf.cfg file itself doesn’t carry over, but that’s ok for now)

    For copying files, here’s how I temporarily mount a usb flash drive as another filesystem. My zeroshell boots from a IDE hard drive. I used this to export some tcpdump files that I collected.

    I plug in the USB drive.
    then, from the ssh admin login, or the Shell prompt on the console,
    dmesg | more

    I get this information at the end of the dmesg entries:

    Initializing USB Mass Storage driver...
    scsi2 : SCSI emulation for USB Mass Storage devices
    usb-storage: device found at 2
    usb-storage: waiting for device to settle before scanning
    usbcore: registered new interface driver usb-storage
    USB Mass Storage support registered.
    usbcore: registered new interface driver ub
    scsi 2:0:0:0: Direct-Access USB 2.0 USB Flash Drive 0.00 PQ: 0 ANSI: 2
    sd 2:0:0:0: [sda] 7897088 512-byte hardware sectors (4043 MB)
    sd 2:0:0:0: [sda] Write Protect is off
    sd 2:0:0:0: [sda] Mode Sense: 00 00 00 00
    ...
    sd 2:0:0:0: [sda] Assuming drive cache: write through
    sda: sda1
    sd 2:0:0:0: [sda] Attached SCSI removable disk

    So, it is /dev/sda1 in this case. ( “sda: sda1”)

    mkdir /usbtmp
    mount /dev/sda1 /usbtmp
    copy files to or from the usb drive at /usbtmp.
    cd /
    umount /usbtmp
    in reply to: Hard Drive Install hangs at boot #47358

    jt
    Member

    I couldn’t get the SATA drive to finish booting on my machine. I fixed it by attaching it to the second SATA connection, which allowed it to boot as if it was IDE. That works great.

    in reply to: System Size #47244

    jt
    Member

    The hardware requirements depend on the volume of packets that the zeroshell router needs to handle.

    I’m just posting this for any other readers that wonder what equipment they need.

    I have about 120 devices on three vlans. Zeroshell routes packets between the vlans and out to the internet. I have a $600.00 2GB memory, 2.0 GHz dual core machine with 4x1GB ethernet on the motherboard, running zeroshell. It handles the load with ease:

    a sample output from ‘top’. Note that only 200mb is in use, and the load average is just about zero.

    top – 18:16:36 up 17 days, 41 min, 1 user, load average: 0.00, 0.00, 0.00

    Tasks: 68 total, 1 running, 67 sleeping, 0 stopped, 0 zombie

    Cpu(s): 0.0% user, 0.0% system, 0.0% nice, 100.0% idle, 0.0% IO-wait

    Mem: 2074028k total, 192600k used, 1881428k free, 29760k buffers

    Swap: 131064k total, 0k used, 131064k free, 48364k cached

    —-
    pinging on my local subnet, I get .04 ms ping times. Pinging across subnets with a route through zeroshell, I get .25 ms ping times.

    in reply to: open same port in firewall for multiple internal ips #47256

    jt
    Member

    If you only have one public IP address, a port can only be forwarded to one internal IP address.

    Someone at an IP on the internet wants to connect to your port 5060. They make the connection to your public IP, port 5060 and it is forwarded to your internal server, for instance 192.168.12.50

    There’s no easy way to decide that a connection request to 5060 needs to go to a different server 192.168.12.51 instead. Typically, if two internal servers need to listen for connections, one of them needs to be changed to a different port number on zeroshell.

    You don’t need to edit the iptables rules, instead use the Router–>Virtual Server tab. It does have the option to divide the connections between multiple internal servers, but one particular server can’t be selected that way.

    Example. First server:

    Interface ETH01 (the internet port)
    IP address ANY (anyone can connect)
    Protocol TCP
    Local Port 5060
    Real Server 192.168.12.50:5060

    Second server:
    Interface ETH01 (the internet port)
    IP address ANY (anyone can connect)
    Protocol TCP
    Local Port 5160 (a different port on your public IP)
    Real Server 192.168.12.51:5060 (the same port on a different server)

    in reply to: OpenVPN LAN to LAN setup #46733

    jt
    Member

    I got the LAN-to-LAN VPN working now. I didn’t get the concept of the VPN’s own IP addresses at first. Zeroshell is great, but we need more working examples in detail like this:

    This is how I configured the LAN-to-LAN VPN:

    Site A has one subnet, Site B has three subnets, two are VLANS.

    Site A:
    ETH00 is the LAN 192.168.0.0/24 IP 192.168.0.1
    ETH01 is the internet gateway

    VPN LAN-to-LAN
    Remote host is the public IP for Site B. Port 1195 TCP, Authentication: PSK. Generated a key and pasted it into Site B, too. Gateway: Auto

    VPN00 shows Connected once the Site B VPN is up. I can ping from zeroshell to 192.168.55.11 then, too.

    Add IP to VPN00 192.168.55.10 mask 255.255.255.0 vlan: Native
    NOTE—this is an arbitrary subnet that is only used for VLAN gateways.

    Here’s the critical step to make this work:
    Router –> Add a static route
    Destination: 192.168.15.0 mask 255.255.255.0 Gateway: 192.168.55.11 Metric 0 NOTE–192.168.55.11 is the VPN address at Site B, not this Site A.

    Added static routes for 192.168.23.0 and 192.168.80.0 the same way.

    = = = = = = = =
    Site B:
    ETH00 is the LAN:
    192.168.15.0/24 IP 192.168.15.1 this is vlan 15.
    192.168.23.0/24 IP 192.168.23.0 this is vlan 23.
    192.168.80.0/24 IP 192.168.80.0 non-vlan subnet.
    ETH01 is the internet gateway

    VPN LAN-to-LAN
    Remote host is the public IP for Site A. Port 1195 TCP, Authentication: PSK. Same key as Site A. Gateway: Auto

    VPN00 shows Connected once the Site A VPN is up. I can ping from zeroshell to 192.168.55.10

    Add IP to VPN00 192.168.55.11 mask 255.255.255.0 vlan: Native

    Router –> Add a static route
    Destination: 192.168.0.0 mask 255.255.255.0 Gateway: 192.168.55.10 Metric 0 NOTE–this is the VPN address at Site A.

    Remember, both ends need the static routes set up or the reply to a packet won’t come back via the VPN.

    in reply to: OpenVPN LAN to LAN setup #46732

    jt
    Member

    Fulvio, thanks for your fast reply.

    I’ve used ipsec VPNs where the VPN setup has the public IP address of the remote site, and the subnet and mask of the remote site that will be routed via the VPN. So I tried a similar concept here–that’s why I’m confused.

    My goal is to link Site A 192.168.0.0/24 with Site B 192.168.27.0/24. For example: A client machine at Site B, 192.168.27.19 connect to a server at Site A 192.168.0.100. Or a print job from Site A would print at Site B.

    I’d like to access all the other subnets at Site B from Site A, too.

    Zeroshell is used as the internet router at both ends. ETH00 is the lan, and ETH01 is the internet gateway.

    Site B is a new building for the company and needs multiple subnets. The Zeroshell router is used to route between Site B’s subnets and connect to the internet.

    Site A is the old building and is where everyone works now. People will move to Site B a few at a time over the next few months, then we’ll shut down Site A.

    in reply to: OpenVPN LAN to LAN setup #46730

    jt
    Member

    I’ve been using the new version 11 of Zeroshell, and it’s working great.

    I still don’t understand how to configure the LAN to LAN VPN. The VPN00 tunnel is connecting, and the VPN log shows it is working, but I can’t connect to IPs on the other side. tcpdump shows VPN packets sending and receiving, too.

    Site A:
    ETH00 is 192.168.0.1/24
    ETH01 is the internet gateway

    VPN00 has addresses assigned to it:
    192.168.15.200 as VLAN 15
    192.168.23.200 as VLAN 23
    192.168.80.200
    – – – – –
    Site B:
    ETH00 has
    192.168.15.1/24 as VLAN 15
    192.168.23.1/24 as VLAN 23
    192.168.80.1/24 non vlan.
    ETH01 is the internet gateway.

    VPN00 has the address assigned to it:
    192.168.0.200

    From Site B, I can ping 192.168.0.200 , but can’t ping anything else in the 192.168.0.x subnet at Site A — “destination unreachable”. Pinging from Site B to A doesn’t work either. I don’t see any open ports over the VPN.

    If I view the route list from Site B, I see an auto route to 192.168.0.0/24 using VPN00.

    What am I missing here?

    in reply to: Problem for booting from SATA #47043

    jt
    Member

    I had trouble booting the SATA drive on my 1U server. I tried a lot of CMOS settings for the drive and other hardware configs and nothing fixed it.

    Finally, moving the drive to SATA channel 2 instead of 1 allowed it to boot as if it was an ATA drive. That works.

Viewing 15 posts - 1 through 15 (of 15 total)