www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Internal Webserver needs to be reachable via two WAN ports

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
miketheknife



Joined: 08 Apr 2010
Posts: 13

PostPosted: Tue Jan 22, 2013 3:31 pm    Post subject: Internal Webserver needs to be reachable via two WAN ports Reply with quote

Hello community,

I have been using zeroshell for many years as routers and captive portals or bridges and and i can only say, it comepletely rocks!

but now, i encountered the following problem:

I have a internal Webserver 192.168.10.3 and I would like to be able to access it via both WAN Interfaces. I have a straight
forward setup with two WAN ports.

Code:

+---+                      +-------------+
| I |  +--------------+    | Zeroshell   |
| N +--+ CABLE ROUTER +----+ ETH00 0x66  |
| T |  |              |    | DYNAMIC IP  |                            +--------------+
| E |  +--------------+    |             |                            | Webserver    |
| R |                      |             +-- ETH02 LAN 192.168.10.1 --+ 192.168.10.3 |
| N |  +-------------+     | ETH01 0x65  |                            +--------------+
| E +--+ ADSL ROUTER +-----+ 195.65.46.2 |
| T |  | 195.65.46.1 |     | 195.65.46.3 |
+---+  +-------------+     +-------------+


The Setup:
- Two Virtual Server rules
ETH00 / ANY TCP 80 192.168.10.3:80
ETH01 / 195.65.46.3 TCP 80 192.168.10.3:80

- Firewall Rules
ETH02 ETH00 ACCEPT all opt -- in ETH02 out ETH00 0.0.0.0/0 -> 0.0.0.0/0
ETH00 ETH02 ACCEPT all opt -- in ETH00 out ETH02 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
ETH02 ETH01 ACCEPT all opt -- in ETH02 out ETH01 0.0.0.0/0 -> 0.0.0.0/0
ETH01 ETH02 ACCEPT all opt -- in ETH01 out ETH02 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
* * ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 192.168.10.3 tcp dpt:80
* * ACCEPT tcp opt -- in * out * 192.168.10.3 -> 0.0.0.0/0 tcp spt:80

- Routing Table - ETH00 is set as Default Gateway
195.65.46.0 255.255.255.240 Net 0 none ETH01 U Up Auto
192.168.10.0 255.255.255.0 Net 0 none ETH02 U Up Auto
195.127.196.0 255.255.252.0 Net 0 none ETH00 U Up Auto
DEFAULT GATEWAY 0.0.0.0 Net 0 195.127.196.1 ETH00 UG Up Auto

- Netbalancer
DEFAULT GATEWAY 195.202.196.1 1 Disabled 0
ADSL 195.65.46.1 1 Spare 0
CABLE 195.127.196.1 99 Active 0

So far So good,

I am able to connect to my Webserver via the ETH00 interface OK. When i use the ADSL Interface probably
whats happening is asynchronus routing the packets come in on ETH01 and the asnwer is going out though
the ETH00 Deafult gateway.

i tried something like this in the Startup/Cron under "NAT and virual Servers"

iptables -t nat -I PREROUTING 1 -d 195.65.46.3 -i ETH01 -j DNAT --to-destination 192.168.10.1
iptables -t nat -I POSTROUTING 1 -s 192.168.10.1 -o ETH01 -j SNAT --to-source 195.65.46.3

OR i tried to mark incomming Packets on the ADSL ETH01
iptables -t mangle -I PREROUTING 2 -i ETH01 -m state --state NEW -j MARK --set-mark 0x65

with no success i managed to either get the ADSL working or the Cable, but not Both interfaces. There must be
a simple solution for this problem. i just dont see how Sad I spent now 2 days on this and finally decided to post
a forum thread.

Is someone there that has solved this Puzzle Wink ?

- Greets Mike
Back to top
View user's profile Send private message
miketheknife



Joined: 08 Apr 2010
Posts: 13

PostPosted: Tue Jan 22, 2013 5:03 pm    Post subject: Internal Webserver needs to be reachable via two WAN ports Reply with quote

I have found the following thread.

http://www.zeroshell.org/forum/viewtopic.php?t=2326
http://www.zeroshell.org/forum/viewtopic.php?t=1283
http://www.zeroshell.org/forum/viewtopic.php?p=4470

trying to read, understand and implement accordingly.

will let you know about success or failure.

- mike
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group