yuda

Forum Replies Created

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • in reply to: Need help with VLAN setup #47829

    yuda
    Member

    @netsysadmin wrote:

    Hi all,

    I want to use ZeroShell to also do inter-VLAN routing. I have created 2 VLANs (VLAN 2 and 3) and assigned IP addresses 10.2.0.1/16 and 10.3.0.1/16 to them, respectively, on ETH01.

    ETH01 is connected to a switch port which has been configured as a trunk (IEEE 802.1Q is enabled on the switch). The switch uplink is also a trunk.

    I configured a PC with IP 10.2.1.34/16 on another switch. The PC is connected to a port on VLAN2 and the uplink of the second switch is also a trunk. However, I cannot ping 10.2.0.1 from the PC, nor can I ping the PC from ZeroShell, despite that the routing table includes the network 10.2.0.0.

    Thanks for any help.

    Check your switch vlan ID of the vlan 2 and vlan 3
    vlan 2 —>vlan id 2
    vlan 3 —->vlan id 3
    PC connection port must be untag port (access port)
    Ports that switch1 connect to switch2 must be tag port (enable 802.1q)

    u:untag
    t:tag
    2:vlan ID 2
    3:vlan ID 3


    u:2


    t:2,3—-t:2,3—-t:2,3


    t:2,3
    PC


    SWITCH


    SWITCH


    ZEROSHELL

    in reply to: DHCP relay (IP helper) support for ZeroShell #46132

    yuda
    Member

    dhcrelay -i interface ip
    interface :which interface run dhcrelay ?
    ip :dhcpserver ip
    example
    dhcrelay -i ETH0 192.168.1.1
    Do not forget aceept udp 67,68 in firewall rule
    Write into startup

    in reply to: can you add iptstate function into beta 8? #46029

    yuda
    Member

    http://www.phildev.net/iptstate/index.shtml
    IPTState is a top-like interface to your netfilter connection-tracking table.

    Thank You

    in reply to: Zeroshell max sessions in bridge/shaping 100Mb/s circuit #46013

    yuda
    Member

    you can add those configs into startup

    echo “600” > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
    echo “524288” > /proc/sys/net/ipv4/ip_conntrack_max
    echo 134217728 > /proc/sys/kernel/shmall
    echo 134217728 > /proc/sys/kernel/shmmax

    Then reboot

    in reply to: Delete all QoS rules #45934

    yuda
    Member

    use ssh

    cd /DB/_DB.001/var/register/system/net/FW/Chains/QoS/Rules
    rm -rf *

    in reply to: L7 is not matching yet IPP2P is matching #45761

    yuda
    Member

    Maybe you can try to add those rules.
    I hope to hear your good news
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto html MARK set 0xb
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto httpcachemiss MARK set 0xb
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto httpcachehit MARK set 0xb
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto http MARK set 0xb
    MARK all tcp — in * out * 0.0.0.0/0 -> 193.111.200.135 MARK set 0xd
    MARK all tcp — in * out * 193.111.200.135 -> 0.0.0.0/0 MARK set 0xd

    MARK all — * * 0.0.0.0/0 0.0.0.0/0 ipp2p v0.8.2 –kazaa –gnu –edk –dc –bit MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto soulseek MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto xunlei MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto poco MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto kugoo MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto directconnect MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto 100bao MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack MARK set 0xc
    MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnucleuslan MARK set 0xc
    MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:80 MARK set 0xc
    MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spts:80 MARK set 0xc

    in reply to: I find two problems #45747

    yuda
    Member

    I repair my QOS rule
    Now it is no problem
    Thank you very much

    in reply to: Can you add two function in zeroshell #45657

    yuda
    Member

    /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established

    Time of the netfilter drop this tcp session ,If netfilter no receive ACK packages
    Default is 432000 sec , 5 days
    It is too long time
    If user uses ssh , he not close ssh before poweeoff PC
    After 5 days netfilter can drop this sessions
    If everyone not close tcp session
    The system will log an error:
    “ip_conntrack: table full, dropping packet”
    Thank,s

    in reply to: Can you add two function in zeroshell #45655

    yuda
    Member

    When enabled through the use of NAT or other stateful inspection rules, netfilter (iptables) under Linux maintains a list of connections passing through the router. Each connection tracking entry contains defined characteristics of the packet, including the source and destination IP address and port number.

    The connection tracking entries are ultimately stored in a hash table with a fixed size. By default on an Imagestream router, the hash table can store 8064 entries. For routers with stateful inspection enabled, the number of connections to track may exceed the total number of connections available in the table. If the router reaches the maximum number of connection tracking entries, it will log an error:
    “ip_conntrack: table full, dropping packet”

    each time that it is unable to store an entry in the connection tracking table. Each instance of this message represents a connection that the router has discarded, typically meaning that the user whose connection was dropped must re-establish their connection.

    The maximum size of the connection tracking table can be increased. The maximum size value is stored in the router’s proc filesystem in the file /proc/sys/net/ipv4/ip_conntrack_max. Increasing the maximum size of the connection tracking table to a value larger than the total number fo connections will eliminate the error message and prevent the router from dropping connections due to a lack of space in the connection tracking table.

    in reply to: QOS Question (Updated) #45635

    yuda
    Member

    you can use “commection tracking” to monitor packages
    Int filter key “udp”
    To find out voip packges
    modify qos

    in reply to: Redirect Homepage override – urgent #45543

    yuda
    Member

    You edit “/root/kerbynet.cgi/template/cp_redirect” file


    yuda
    Member

    sorry, I am write wrong this word. It’s not “funtion” . It is “feature”.
    Could you add new feature in the “Captive Portal” ?
    It can auto redirect URL of we define after the user authentication succeed.
    Thanks

Viewing 12 posts - 1 through 12 (of 12 total)