www.zeroshell.org

[jlb]

Hi,

I am currently testing network accelerators in a LAN-to-LAN VPN, with routing/VPN handled by zeroshell:

lan1 -- accel1 -- zeroshell1 -- wan -- zeroshell2 -- accel2 -- lan2

there is a vpn between the two zeroshell systems, with NAT enabled for both the vpn and "external" (towards wan) interfaces of the zeroshell systems. All seems to be working normally, ie, I can see one lan from the other, and can access the outside world from both.

The issue I am facing: the accelerators are not working as prescribed by their vendor, who states that these systems won't link up with each other properly unless static NAT is used. Being relatively illiterate regarding NAT, my questions are then:

1) does zeroshell by default use static or dynamic NAT?
2) if possible, how do I go about setting up static NAT?

Thanks in advance,

James

[ppalias]

1) Static nat means that the public IP address correlates to a private IP address in the internal network. Dynamic usually means that either one public IP is overloaded (PAT) or multiple public IP's are used in a pool and correlate to various private IPs.
ZS by default uses Dynamic (PAT).
2) You have to change the rules in the iptables, so that your external public IP address equals to the internal private IP of the vpn accelerator. All this would require a post boot script to change the configuration, as there is no such option in the web interface.

[jlb]

Thanks for the info/that's what I was afraid of... in closing, anybody have any pointers to online documentation which might help me in learning the art of iptable rule manipulation?

Ciao,

James

[ppalias]

You can read this tutorial on iptables
http://iptables-tutorial.frozentux.net/iptables-tutorial.html