www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Net Balancer...

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Firewall, Traffic Shaping and Net Balancer
View previous topic :: View next topic  
Author Message
maxchock



Joined: 24 Jun 2010
Posts: 7

PostPosted: Thu Jun 24, 2010 10:35 am    Post subject: Net Balancer... Reply with quote

Hi all,

I'm very new to Zeroshell, and I have little knowledge about networking. I'm trying to setup a load balancer which can do traffic shaping for my Internet Cafe. Before deploy to a real PC I actually have it install in a VirtualBox.

here is the setup of my environment.



here is the screenshot of the zeroshell-> setup->network



here is the screenshot of "NetBalancer"



i can online using DEFAULT GATEWAY or Streamyx but when I enable Load balancing, the Zeroshell itself fail to run the Ping test under "Utilities"-> IP Check



As it's return the DNS Lookup ERROR, I did actually add a line into "DNS Forwarder"



The Zeroshell still fail on the Ping test if keyin domain name such as google.com but it return success if I key in google's IP instead of URL.



So I wish someone can help to solve my problem. Thanks for helping in advance.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Thu Jun 24, 2010 12:46 pm    Post subject: Reply with quote

First post here the contents of the "DNS Options" window that pops up. I suspect it is a query - recursion issue.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
maxchock



Joined: 24 Jun 2010
Posts: 7

PostPosted: Fri Jun 25, 2010 4:08 am    Post subject: Reply with quote

is this the one you meant?
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Fri Jun 25, 2010 6:09 am    Post subject: Reply with quote

Yes... add the following
Code:
recursion yes;
allow-query {10.0.0.0/8;127.0.0.0/8;};

change 10.0.0.0/8 with your LAN address space.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
maxchock



Joined: 24 Jun 2010
Posts: 7

PostPosted: Fri Jun 25, 2010 12:42 pm    Post subject: Reply with quote

I tried using

"recursion yes;
allow-query {192.168.1.0/8;127.0.0.0/8;};"

and

"recursion yes;
allow-query {10.1.1.0/8;127.0.0.0/8;};"

neither of them are working, it gave same error.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Fri Jun 25, 2010 9:27 pm    Post subject: Reply with quote

Do me a favor and open a shell to execute these commands.
Code:
 cat /etc/resolv.conf
dig www.yahoo.com
netstat -anp | grep :53
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
maxchock



Joined: 24 Jun 2010
Posts: 7

PostPosted: Tue Jun 29, 2010 4:31 am    Post subject: Reply with quote

ok,

"cat /etc/resolv.conf" return
nameserver 127.0.0.1

dig www.yahoo.com return
; <<>> DiG 9.5.1-P2 <<>> www.yahoo.com
;; global options: printcmd
;; connection timed out; no servers could be reached

netstat -anp | grep :53
tcp 0 0 192.168.250.254:53 0.0.0.0:* LISTEN 1545/named
tcp 0 0 192.168.0.55:53 0.0.0.0:* LISTEN 1545/named
tcp 0 0 10.1.1.55:53 0.0.0.0:* LISTEN 1545/named
tcp 0 0 192.168.0.55:53 0.0.0.0:* LISTEN 1545/named
tcp 0 0 192.168.141.142:53 0.0.0.0:* LISTEN 1545/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1545/named
udp 0 0 192.168.250.254:53 0.0.0.0:* LISTEN 1545/named
udp 0 0 192.168.0.55:53 0.0.0.0:* LISTEN 1545/named
udp 0 0 10.1.1.55:53 0.0.0.0:* LISTEN 1545/named
udp 0 0 192.168.1.55:53 0.0.0.0:* LISTEN 1545/named
udp 0 0 192.168.141.142:53 0.0.0.0:* LISTEN 1545/named
udp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1545/named

I tried to vi the resolv.conf, but permission is denied even i "su"...
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Tue Jun 29, 2010 7:02 am    Post subject: Reply with quote

named is up, but no servers can be reached. I suspect a firewall blocking your box from reaching the forwarders.
Is
Code:
ping 208.67.220.220
answering?
What is the output of
Code:
iptables -L -v
?
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
maxchock



Joined: 24 Jun 2010
Posts: 7

PostPosted: Fri Jul 09, 2010 8:02 am    Post subject: Reply with quote

ping is working and replied.

below is the screen shot of iptable.



Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Sat Jul 10, 2010 5:44 pm    Post subject: Reply with quote

As I said there is a firewall blocking you.
Code:
0 0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp spt:domain state ESTABLISHED

Means you don't receive DNS replies back. You have not printed SYS_OUTPUT chain, which will show you that your system sends DNS packets out.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
maxchock



Joined: 24 Jun 2010
Posts: 7

PostPosted: Mon Jul 12, 2010 8:15 am    Post subject: Reply with quote

hmm...

I don't understand, because i don't have any firewall setup in my network. And why the DNS can reply back if i'm using only 1 WAN?

Thanks for helping me. Really wish to deploy zeroshell in my cafe.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Fri Jul 16, 2010 12:23 pm    Post subject: Reply with quote

Have you added the
Code:
recursion yes;
allow-query {192.168.0.0/16;10.0.0.0/8;127.0.0.0/8;};

to the options window? If not what is the error?
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
maxchock



Joined: 24 Jun 2010
Posts: 7

PostPosted: Sat Jul 24, 2010 12:17 pm    Post subject: Reply with quote

add to where?? which part?

Thanks.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Sun Jul 25, 2010 5:17 pm    Post subject: Reply with quote

In the DNS-> Options tab.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Firewall, Traffic Shaping and Net Balancer All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group