www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Netbalancer forwarding all HTTPS traffic to specific gateway

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
greycap



Joined: 13 Jan 2012
Posts: 3

PostPosted: Fri Jan 13, 2012 3:22 pm    Post subject: Netbalancer forwarding all HTTPS traffic to specific gateway Reply with quote

hello people,
first of all i would like to thank Fulvio for the great job he did with Zeroshell

second is my problem
so, i got a pc with zeroshell and 5 nics acting as gateway for our network on the 4 ends are ADSL routers connecting to 4 different ISPs and the 5th is for the LAN connection...

Netbalancer works like a charm
but i need to add a rule to drive all https request always to the same gateway (1of the 4 WANs)
can someone point me how this can be done?
i tried to forward 443 port to 1 WAN but it doesnt work...
can someone tell me step by step how to fix my problem?

thank you all in advance Smile
Back to top
View user's profile Send private message
hvgsit



Joined: 16 Feb 2009
Posts: 5
Location: Australia

PostPosted: Sat Jan 14, 2012 2:37 am    Post subject: Reply with quote

We have 5 connections and have setup similar.

It's done by going to netbalancer then balancing rules.

Just have to set TCP dest 443 and pick your gateway.

Here is a screenshot of our rule

http://dl.dropbox.com/u/26399369/zs-443-balance.JPG


[/img]
Back to top
View user's profile Send private message
greycap



Joined: 13 Jan 2012
Posts: 3

PostPosted: Sat Jan 14, 2012 1:31 pm    Post subject: Reply with quote

OK this is done Smile thanks

but my actual question is something like this...(maybe i was not clear @ first place)


now lets say PC01 makes HTTPS request... i want zeroshell to take and forward it to the best possible gateway (wan1 wan2 wan3 or wan4) and then stick with that wan till session is over...

i dont want to have a static rule ... i just need to make zeroshell choose 1 gateway and stick with it till session is over for the HTTPS requests

hope now my question is more clear Smile

thanks again
Back to top
View user's profile Send private message
micampo



Joined: 24 Dec 2008
Posts: 61

PostPosted: Wed Feb 29, 2012 12:11 pm    Post subject: Reply with quote

can not do that

review how does https request to have more clarity
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Wed Feb 29, 2012 4:23 pm    Post subject: Reply with quote

greycap wrote:
OK this is done Smile thanks

but my actual question is something like this...(maybe i was not clear @ first place)


now lets say PC01 makes HTTPS request... i want zeroshell to take and forward it to the best possible gateway (wan1 wan2 wan3 or wan4) and then stick with that wan till session is over...

i dont want to have a static rule ... i just need to make zeroshell choose 1 gateway and stick with it till session is over for the HTTPS requests

hope now my question is more clear Smile

thanks again


micampo wrote:
can not do that

review how does https request to have more clarity


My patch to fix net balancing and quality of service does provide for "sticky connections" so that your HTTPS traffic all uses one interface for the session.

Patch for b16 is at http://dl.dropbox.com/u/19663978/nb_qos_b16_patch.tar.gz
Patch for b14 is at http://dl.dropbox.com/u/19663978/ZS_nb_qos_b14_b.tar.gz

(The patch for b14 will work on b15 so there is no separate patch for that.)
Back to top
View user's profile Send private message
micampo



Joined: 24 Dec 2008
Posts: 61

PostPosted: Sat Mar 03, 2012 12:57 pm    Post subject: Reply with quote

The patch is for use with QOS on the same router?
Already proven to work in B16?
What is the installation procedure? where is the link?
I was tested in b14 and b15 but finally gave me problems and allow one router to proceed to use QOS in bridge mode

thanks
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Sat Mar 03, 2012 5:20 pm    Post subject: Reply with quote

I have been using the b16 version of the patch on b16 Zeroshell.

There are no functional changes between the latest version and the earlier one. The one change was to resolve a code change conflict with a new feature Fulvio added in b16. So if the early one gave you problems the this one will be no different. However I would like more information about the problems you've had to see if they can be fixed.

Link is in the earlier post on this thread. Install instructions are in a text file inside the compressed file.
Back to top
View user's profile Send private message
micampo



Joined: 24 Dec 2008
Posts: 61

PostPosted: Sat Mar 17, 2012 11:55 am    Post subject: Reply with quote

I want to know if this patch applies only in the case of load balancing and QoS on the same router ZS?
Back to top
View user's profile Send private message
atheling



Joined: 24 Sep 2009
Posts: 212

PostPosted: Sat Mar 17, 2012 3:39 pm    Post subject: Reply with quote

micampo wrote:
I want to know if this patch applies only in the case of load balancing and QoS on the same router ZS?


Load balancing in stock ZS is broken. So if you want to load balance you'll be better off with the patch.

In stock ZS load balancing and QoS are incompatible. If you want to run both you will be better off with the patch.

I don't recall a specific issue with QoS on stock ZS, so I think that if you just want to do QoS over a single WAN link you should be fine without the patch.
Back to top
View user's profile Send private message
micampo



Joined: 24 Dec 2008
Posts: 61

PostPosted: Sat Mar 17, 2012 4:10 pm    Post subject: Reply with quote

What you are indicating to me that my current server in which I have 4 WAN load balancing is to fail? and that your patch I can improve or correjir that fails?

your patch corrects this failure ZS load balancing?

that corrects such failures?

thanks
Back to top
View user's profile Send private message
mrgagge



Joined: 10 May 2012
Posts: 2

PostPosted: Thu May 10, 2012 9:37 am    Post subject: Reply with quote

I just apply the patch and it solves my problem with https site with that I had problem of expiring sessions.
Now I've to check if that patch also solve my incoming https and ssh connection problem from outside to servers inside my LAN.
Thanks Atheling!!
Back to top
View user's profile Send private message
micampo



Joined: 24 Dec 2008
Posts: 61

PostPosted: Thu May 10, 2012 3:36 pm    Post subject: Reply with quote

How many wan?
Back to top
View user's profile Send private message
mrgagge



Joined: 10 May 2012
Posts: 2

PostPosted: Fri May 11, 2012 3:32 pm    Post subject: Reply with quote

only 2 wan
Back to top
View user's profile Send private message
miccil



Joined: 05 Apr 2013
Posts: 1

PostPosted: Fri Apr 05, 2013 11:29 pm    Post subject: Reply with quote

hi all and thanks for this great piece of software.
I used b16 with this patch and it works like a charm.
I want to know if i can apply this patch for zs 2.0-rc2?
Here I saw only b14 and b16 version.
Is already included in 2.0-rc2?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group