jasonh100

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 18 total)
  • Author
    Posts
  • in reply to: Zeroshell on Linode #52702
    jasonh100
    Member

    I have been trying to figure out the same thing for a while without any luck… Then finally I realized that any “KVM” style host will be able to run the “bootable cd” version of zeroshell. I have been doing it for a while now and it works perfectly.

    Just make sure to change the boot order of the server to be the cd image before the hard-drive image.

    Once you are booted, you can format the hard-drive to store your profiles using the zeroshell web-interface. (just as if you were using the bootable cd on a standard computer)

    I am no expert on the topic, so I’m sure others with more experience can chime in with the best service providers, but here are two to get you started. These two already have the latest version of zeroshell as an available cd image.

    http://hostigation.com/
    http://buyvm.net/

    you might notice that there is a KVM version of zeroshell available for download. Most of the KVM hosts I have worked with would not support this hard-drive image type download… that is why I just used the ISO download version as a cd image.

    in reply to: Transferring Zeroshell Profile #47488
    jasonh100
    Member

    I see several times on the forum where people say that when they try to restore a profile through the web-interface, there is a message about error to restore profile (after quite a while).

    I work mainly on the alix platform. These devices are plenty fast enough to unzip a backup file within a matter of seconds normally. I believe the reason that it takes so long before eventually failing (and if you examine the files, they are only partially there), has to do with the time setting on the zeroshell. I have a hunch that there is a message being sent somewhere (possibly com2???) that says “warning: unzipping a file that is newer than the current system time.” The message will have to be repeated for each file that is unzipped and the speed at which it can send the message is likely very slow (possibly because of the rate of the serial interface).

    Last time I needed to do a profile backup/restore, I tried all of the usual tips like deactivating the main profile before restoring and/or copying the original profile and making a backup of the copy. Neither of these tips worked for me and I don’t believe they are necessary steps.

    I believe the true answer is simply setting the time of the zeroshell device to a date/time greater than or equal to the zeroshell device that you are restoring from. I think most zeroshell devices will have the incorrect time until they are on-line long enough to set themselves.

    Lastly, I didn’t have a reason to test my above theory using the web-interface, but I do want to encourage anyone that is nervous about backup/restore that the manual methods are very straight forward and more fool-proof. Here is my alternate strategy if the web-interface option does not work:

    1. create a tar.gz file of the profile that you want to backup (log in through ssh)
    2. sftp the tar.gz file to an alternate host (almost any server/device that you can ssh to would be able to accept the file)
    3. connect your new zeroshell device. set up minimal internet connectivity (takes about 2 minutes)
    4. log in to the new zeroshell device with ssh; use sftp to get the backup file
    5. unzip the backup file into the profiles directory
    6. activate the profile

    Using the above procedure is where I stumbled upon the possible delay in restoring. A debug message is displayed on the screen warning about the time for every file that is being unzipped. I waited for about 15 minutes for the unzip to complete before I got tired of it. I canceled the unzip, set the correct time, and started the unzip again. It took maybe 3 seconds.

    in reply to: Conflict with Transparent Proxy port 8080 #52447
    jasonh100
    Member

    Hi, I should have mentioned this earlier. I’m primarily using the zeroshell combined with the dansguardian plugin for internet content filtering. Therefore, I cannot upgrade to the latest version of zeroshell at this time. Do you know of any other options for this situation?

    in reply to: Conflict with Transparent Proxy port 8080 #52445
    jasonh100
    Member

    I believe it is 1 beta 12 or 13

    in reply to: HELP problems booting from USB stick #51069
    jasonh100
    Member

    You indicated that you have access to a linux system. You might want to try these commands from the linux system:

    gunzip ZeroShell-1.0.x-CompactFlash512.img.gz
    dd /dev/sdc

    (copy and pasted from this page: http://www.zeroshell.net/eng/faq/storage/ )

    make sure to change /dev/sdc to correspond to your usb thumb drive. If you aren’t sure which device it is, run this command before and after plugging it in and compare the differences:

    ls /dev | grep sd

    in reply to: PCI Express Dual NIC #51062
    jasonh100
    Member

    I was able to get the onboard nics to work thanks to this post:

    http://www.zeroshell.net/eng/forum/viewtopic.php?t=2290

    Also, the realtec nics in that other supermicro system work without any modification ( 2x Realtek RTL8111C-GR Gigabit Ethernet).

    Thanks.

    in reply to: Replacing kernel module (unsupported ethernet card) #50482
    jasonh100
    Member

    I copied the 2.6.25.20 folder to 2.6.9-1.667 and now everything is working. So I’m good for now. Thanks again for this guide.

    in reply to: Replacing kernel module (unsupported ethernet card) #50481
    jasonh100
    Member

    Ok, I gave this a shot and got pretty close. When booting ZS it says:

    Looking for PCI hardware:

    loading …. e1000e

    Then later on in the boot when it gets to the parts where it initializes netfileter, qos, and anything else related to network it displays some messages that reference dependencies. The path to the dependency has 2.6.9-1.667 in it which is the kernel version on the system that I compiled everything on. So I’m guessing I messed up on the dependency mod part.

    Can anyone provide any tips?

    Or if you see this aviegas, can you send me the newiso.img file that you created?

    Thanks,
    Jason

    in reply to: Replacing kernel module (unsupported ethernet card) #50480
    jasonh100
    Member

    I have a linux system that meets the requirements of the “aux” system. compiling right now. I have my fingers crossed. Thanks for this guide!

    in reply to: Replacing kernel module (unsupported ethernet card) #50479
    jasonh100
    Member

    Hey, I am trying to put zeroshell on the same motherboard. Can you send me the files that you created?

    in reply to: Zeroshell Lan to Lan VPN bonding to CentOS server? #47380
    jasonh100
    Member

    Hi gcams. I’m interested in setting up a similar configuration. I have two internet connections at my office that I would like to “bond” together to obtain the best qualities of both. I know I could use netbalancer to utilize both internet connections to some extent, but Ideally I would like two vpn tunnel with both connections to a data center so that I could utilize the cumulative upload and download of both connections with a single network connection. Also services like voip trunking would not be fault tolerant with net balancing (afaik) because they rely so heavily on the ip address staying the same.

    The network connections are as follows:

    3Mbps/3Mbps Broadband Ethernet (high reliability, high upload speed (for this area), relatively slow download speed)

    12Mbps/768Kbps Adsl (low reliability but it would be useful to have the 12Mbps download speed)

    My main priorities for my internet connection are reliability (because it is used for voip trunking) and high upload speed because the type of work that I do requires a large amount of data uploading. I currently have several smaller internet connections (1mbps upload & 768kbps upload) that upload 24/7 every day just to keep up with our off-site backup.

    So basically I had this idea about a year ago to use zeroshell to bond two vpn connections together to a datacenter server…I thought it would be easy but I ended up never trying it because after pausing to think, I came to the same conclusion that fulvio mentioned. I don’t have the option of having a zeroshell box on the other end either. But I do have the option of a variety of linux based operating systems. I’m most familiar with centos.

    Gcams, have you been able to make any improvements with your setup over time?

    Does anyone else have any suggestions?

    Thanks,
    Jason

    in reply to: QoS when zeroshell using lan-2-lan vpn #49685
    jasonh100
    Member
    root@zeroshell root> iptables -t mangle -L -v
    Chain PREROUTING (policy ACCEPT 14M packets, 1302M bytes)
    pkts bytes target prot opt in out source destination

    Chain INPUT (policy ACCEPT 13M packets, 1132M bytes)
    pkts bytes target prot opt in out source destination

    Chain FORWARD (policy ACCEPT 695K packets, 166M bytes)
    pkts bytes target prot opt in out source destination
    390 147K MARK all -- any any anywhere anywhere MARK set 0xb
    390 147K ACCEPT all -- any any anywhere anywhere MARK match !0x0

    Chain OUTPUT (policy ACCEPT 14M packets, 1105M bytes)
    pkts bytes target prot opt in out source destination

    Chain POSTROUTING (policy ACCEPT 15M packets, 1275M bytes)
    pkts bytes target prot opt in out source destination

    Chain NB_CT_POST (0 references)
    pkts bytes target prot opt in out source destination
    0 0 CONNMARK all -- any any anywhere anywhere CONNMARK save

    Chain NB_STAT (0 references)
    pkts bytes target prot opt in out source destination

    Chain NetBalancer (0 references)
    pkts bytes target prot opt in out source destination

    Chain OpenVPN (0 references)
    pkts bytes target prot opt in out source destination
    root@zeroshell root> iptables -t nat -L -v
    Chain PREROUTING (policy ACCEPT 32429 packets, 5385K bytes)
    pkts bytes target prot opt in out source destination

    Chain POSTROUTING (policy ACCEPT 585K packets, 36M bytes)
    pkts bytes target prot opt in out source destination
    585K 36M SNATVS all -- any any anywhere anywhere

    Chain OUTPUT (policy ACCEPT 577K packets, 35M bytes)
    pkts bytes target prot opt in out source destination

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination
    root@zeroshell root> tc -s qdisc
    qdisc htb 1: dev ETH00 root r2q 10 default 10 direct_packets_stat 0
    Sent 52545035 bytes 479553 pkt (dropped 0, overlimits 6834 requeues 0)
    rate 0bit 0pps backlog 0b 0p requeues 0
    qdisc sfq 10: dev ETH00 parent 1:10 limit 127p quantum 1514b perturb 10sec
    Sent 50248672 bytes 474662 pkt (dropped 0, overlimits 0 requeues 0)
    rate 0bit 0pps backlog 0b 0p requeues 0
    qdisc sfq 11: dev ETH00 parent 1:11 limit 127p quantum 1514b perturb 10sec
    Sent 2296363 bytes 4891 pkt (dropped 0, overlimits 0 requeues 0)
    rate 0bit 0pps backlog 0b 0p requeues 0
    qdisc pfifo_fast 0: dev ETH01 root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
    Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
    rate 0bit 0pps backlog 0b 0p requeues 0
    qdisc htb 1: dev VPN00 root r2q 10 default 10 direct_packets_stat 0
    Sent 889194 bytes 3457 pkt (dropped 0, overlimits 0 requeues 0)
    rate 0bit 0pps backlog 0b 0p requeues 0
    qdisc sfq 10: dev VPN00 parent 1:10 limit 127p quantum 1514b perturb 10sec
    Sent 889194 bytes 3457 pkt (dropped 0, overlimits 0 requeues 0)
    rate 0bit 0pps backlog 0b 0p requeues 0
    in reply to: QoS when zeroshell using lan-2-lan vpn #49683
    jasonh100
    Member

    atheling, I have the lan-2-lan openvpn connections setup using the UDP protocol and not the TCP protocol. When setting up a VPN for voip only using zeroshell, I was (with a little outside of the box thinking) able to successfully configure internet qos to make sure that vpn traffic would have a high priority by classifying “everything else” as needed, setting a guaranteed and max speed on the default class, and setting the priority of the default class to highest. The vpn qos works as necessary for voip — i.e. uploads do not interfere with voice call quality, excessive downloads do not interfere with voice call quality (if policing is used as well–normally mild downloading would not interfere given the proportionally large download speed that is commonly available)

    ppalias, thank you for your help. I greatly appreciate all the time that you have spent helping me with this. I made most of the screenshots, but it seems difficult to believe/convey the fact that a rule that should classify Everything is classifying Everything BUT the vpn traffic with just a screenshot.

    Anyway, here is my attempt:

    Please see this screen shot:

    http://picasaweb.google.com/102368343210452599606/Zeroshell?authkey=Gv1sRgCO-nv9-W_s2VcQ#5454903833139369122

    As you can see from the shot, despite the classifier that should classify all traffic to the VPN_OUT class, only a minute amount of traffic is classified into that class. Everything else goes to the default class. There is no other traffic on the zeroshell box except for vpn (it is strictly configured as a vpn gateway). This leaves me to assume that practically everything that goes into the default class is vpn related.

    Please note, you would probably say that if the zeroshell is not the default gateway for the internet, there is no reason to shape traffic. This is a simplified test case. The same symptoms would be seen in a situation where the zeroshell box had a pppoe connection directly connected or if the box was set up to be a transparent qos bridge.

    Thanks!

    in reply to: QoS when zeroshell using lan-2-lan vpn #49680
    jasonh100
    Member

    how would that provide qos for your vpn traffic unless you had a dedicated default gateway that only handled your vpn traffic?

    Or is your point simply that you are able to classify the vpn traffic through a net-balancer rule?

    Any idea why I’m not able to classify outgoing vpn traffic with a QoS rule?

    If I’m not connecting the dots and there is some way that I can use balancing rules to provide the same effect as qos, please elaborate.

    Thanks,
    Jason

    in reply to: QoS when zeroshell using lan-2-lan vpn #49678
    jasonh100
    Member

    Sorry, for the trouble, but there are a lot of screenshots that would be needed to prove that I’m not able to classify the vpn traffic. For the test I just did, I’m just using eth0. Eth0 is assigned a local ip and is plugged into a switch. an internet router forwards the vpn ports to the zeroshell local ip and that is how I have the vpn up and running. I enabled qos on eth0, I added a class called “VPN_OUT” which I gave 20kbps max and guaranteed bandwidth; I added the class to the eth0 interface, I activated the changes, I added the following classifier to mark all traffic as vpn_out:

    MARK all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 MARK set 0xb

    I saved the classifier

    Then I used ssh to connect through the vpn to a host on the other side of the vpn. Then I used sftp to connect back to a host on my side of the vpn to download a file (which would be uploading a file as far as my local vpn is concerned).

    The rate of file upload was around 60KB/sec (480kbps). I would expect the transfer speed to be less than 20kbps given the overhead of the vpn would be taking up some of the 20kbps that is available.

    I checked the statistics for the QoS. A minute amount of packets was adding up on vpn_out (which should be classifying everything). I refershed a couple of zeroshell web interface pages to see if they were contributing — they were not (strangely).

    So I checked the download speed through the vpn (which should also be classified by the above rule). The download speed was “policed” down to less than the 20kbps mark. This is what I mean when I say “policed”: The way I understand it, it is more normal to impliment qos on the outbound because that is what you control, but you can also police inbound traffic. Basically, you just drop the packets that go above and beyond your limit. The sending host does not receive ACKs to some of the packets that were dropped so it knows to resend and also to slow down. Messy but effective.

    Any suggestions based on this additional information? has anyone been able to effectively classify lan-2-lan vpn traffic with zeroshell?

Viewing 15 posts - 1 through 15 (of 18 total)