www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Zeroshell 2.0 RC1 Virtual Server Issue

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
byruda



Joined: 17 Sep 2007
Posts: 10
Location: Kingston, Ontario, Canada

PostPosted: Wed Aug 22, 2012 8:55 pm    Post subject: Zeroshell 2.0 RC1 Virtual Server Issue Reply with quote

I am testing Zeroshell 2.0 RC1 and have run into a problem that has me stumped.

To keep things simple, I've started with 3 NICS with an internal net (192.168.1.0/24) on ETH00, a 10/10 fiber with a /29 external network on ETH01, and another internal net (192.168.2.0/24) on ETH02.

For testing the virtual server, I attached two external IP addresses to ETH01: xxx.yyy.zzz.101 (first IP) and xxx.yyy.zzz.100 (2nd IP).

I followed the example given in the Zeroshell document "1:1 NAT in Zeroshell." The NAT/Virtual Server script running is as follows:

#
# Translate incoming connections to the private server addresses
iptables -t nat -I PREROUTING 1 -d xxx.yyy.zzz.100 -i ETH01 -j DNAT --to-destination 192.168.2.201
#
# Translate outgoing connections from the private server addresses
#
iptables -t nat -I POSTROUTING 1 -s 192.168.2.201 -o ETH01 -j SNAT --to-source xxx.yyy.zzz.100

I have a post-boot script:

# Post-Boot Script
rm -f /etc/ssh/sshd_config
cp /Database/scripts/sshd_config /etc/ssh/sshd_config
/etc/init.d/sshd restart

the purpose of which is to allow the ssh daemon to bind to a non-standard port.

I have Many:1 NAT translation set up on ETH01.

The Firewall Input rules are simple:

1 ETH00 * ACCEPT all opt -- in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0
2 ETH03 * ACCEPT all opt -- in ETH03 out * 0.0.0.0/0 -> 0.0.0.0/0
3 * * ACCEPT icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 8 no
4 * * ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
Default Policy is "DROP"

The Firewall Forwarding rules are:

1 ETH00 * ACCEPT all opt -- in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0
2 ETH03 * ACCEPT all opt -- in ETH03 out * 0.0.0.0/0 -> 0.0.0.0/0
3 * * ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
4 ETH01 * ACCEPT tcp opt -- in ETH01 out * 0.0.0.0/0 -> 192.168.2.201 tcp dpt:443
5 ETH01 * ACCEPT tcp opt -- in ETH01 out * 0.0.0.0/0 -> 192.168.2.201 tcp dpt:22
6 * * ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:262
7 * * ACCEPT icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 icmptype 8
Default Policy is "DROP"

Immediately after a re-boot, I used Firefox on a remote system to connect successfully to to the internal server at 192.168.2.201 on port 443. I few minutes later I tried again and this time the connection timed out. In working the problem I saw the following lines in the Scripts Log:

22:20:17 [NAT and Virtual Servers]: Running ...
22:20:17 [NAT and Virtual Servers]: SUCCESS
22:20:19 [QoS]: Disabled
22:20:38 [Post Boot]: Running ...
22:20:38 Stopping sshd daemon...
22:20:39 ^[[A^[[70G[ ^[[1;32mOK^[[0;39m ]
22:20:40 Starting sshd daemon...
22:20:40 ^[[A^[[70G[ ^[[1;32mOK^[[0;39m ]
22:20:40 [Post Boot]: SUCCESS
22:22:03 [Firewall Chain]: Disabled

If the Firewall Forward Chain is disabled that explains why I cannot contact the internal server from a remote machine.
The question is: why is the chain being disabled?

I also see in the log that QoS is disabled. However, I look at the QoS statistics, it seems to be correctly tabulating the amount of traffic in the various classes I assigned.

I would appreciate any comments the community might have about what is going on.

Thank you
_________________
Do not ask, "Why?" Rather ask, "Why not?"
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group