Forum Replies Created
Also looking for a HA solution with ZS. what did you end up doing?
Thank you for your guidance. I do have more questions to get clarification,
1. in your examples, does ETH00.771 refer to the inside interface or outside?
2. do I need to have both rules or can I just do the outgoing? I am not needing all the TCP/UDP to be forwarded. I already have it inbound setup already.
Thanks for the reply. I wanted to clarify myself on my initial email. I wanted to block all SMTP from within the LAN out to the INTERNET from all devices accept the internal Mail server.
We caught a machine that was acting like it’s own email server and was possibly sending emails out from within the LAN out to the INTERNET without relaying it to our real mail server.
is that still not possible? or with that information, there are some hopes.
As ppalias recommended, I was able to walk a remote user through connecting a monitor and keyboard on the ZS out there. I then walked the user through the instructions from ppalias and it works.
I then went into ZS and removed it from the HTTPS part to make sure it would not come back after a reboot.
Thanks all for the suggestions and help.
I created a rule as “Any interface/Any IP” so I assume when I tried using a Putty to SSH and telnet it failed to both the internal IP address of the LAN and the IP address of the VPN tunnel on that side.
Should I try something else?
Thanks for the replies..
ppalias, you are right.. it does seems like exactly what you discribe.
atheling, I looked in the update section, but did not see any updates that pertains to this. I am on Release 1.0 Beta 12. Where could I get the updates and are their any details to implement the updates?
Another update: used the iptable commands in the Setup>Startup/cron>NAT and Virtual Server and rebooted the ZS. It works now.
I also removed all my configs from the Virtual Server page.
I notice that I have to reboot the firewall to get that IPTABLE additions to take. Is there a way to get this to take without rebooting the firewall?
I have a updated description of the issue. I have recreated the issue with more time to test.
I have 2 external IP address assigned to the ETH01 and Nat’d it for the ETH00 to get out. Traffic works find outbound.
For inbound testing, when I use the first IP address assigned on ETH01 on the Virtual Server configs, it works. I am able to forward port 20/21 for FTP testing and can actually ftp to the External IP address and successfully login to the FTP server.
When I replace the Virtual server External IP with the secondary IP that was assigned to the ETH01 in the exact line, I cannot forward any ports for testing at all. Nothing can be forwarded to the internal server.
I took the ZS offline and don’t have it available at this minute. I will will be putting it on a test network later this weekend.
At that point, I will get the output for you. thanks for your help.
The External side of the Zeroshell has several external IP address that is assigned to us by the Internet Provider. I use to have these IPs on IPCOP as Alias.
the Router is not doing NAT.Router is not doing NAT.
Inside interface has VLAN 1, VLAN2, VLAN3, and the Mail server is on VLAN1 tagged on our switchs. the Mail server can access the internet fine while on VLAN1.
Hope that this helps.
BTW: VLAN1 is tagged on the ZeroShell ETH00.
Will I also need to create the VLAN on the ETH00? I assume that it is needed to maintain the VLAN information from the Switch through the ETH00 and passing it to the VPN00 interface.
Thanks for the quick help.
Base on this link: http://www.zeroshell.net/eng/faq/network/#net.faq8 I am interpreting that it does support VLAN tunneling?
Please correct me.