www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

My 1st installation of ZEROSHELL - Need help please...

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
utilizadortnt



Joined: 04 Jun 2016
Posts: 2

PostPosted: Sat Jun 04, 2016 11:12 am    Post subject: My 1st installation of ZEROSHELL - Need help please... Reply with quote

Hi All,

This is my first post and I can't start without thanking Fulvio for his availability and friendly support.
I must say HE IS the reason why I didn't give up on Zeroshell. THANK YOU FULVIO !!

I am trying to get Zeroshell to work but unfortunately I am getting a bit frustrated.
My goal is to use zeroshell as a proxy server and a captive portal.
I have two networks:
- FIBER NETWORK: GOAL is to make all clients use ZEROSHELL as their captive portal (+transparent proxy)
- 192.168.1.1 is the gateway and dhcp server
- Ethernet and wireless clients

- OFFICE NETWORK: GOAL is to make all clients use ZEROSHELL as their transparent proxy server
- 10.0.0.254 is the gateway
- Ethernet only



This is how I've configured the ZEROSHELL "server":
ETH00 - 192.168.1.254
ETH01 - Not connected
ETH02 - 10.0.0.253
ETH03 - Not connected
Then I configured Zeroshell gateway as 192.168.1.1 and all was looking good and from there I could ping all networks.
When I connected the laptop to the FIBER network I had to manually configure the IP settings to use 192.168.1.254 as my gateway.
When accessing the internet all as ok but it was not using neither the captive portal or the proxy (tried squid and dansguardian).

When I connected the laptop to the OFFICE network I also had to manually configure the IP settings this time to use 10.0.0.253 as the gateway.
Surprisingly enough I could ping the internet but the internet browsers wouldn't load any page at all.

After several hours of frustration, I decided to swap the configuration:
ETH00 - 10.0.0.253
ETH01 - not connected
ETH02 - 192.168.1.254
ETH03 - not connected
It was even more confusing. The OFFICE network could not access the internet and the FIBER network could access the OFFICE network, which for obvious reasons I do not want this.
Anyway sorry for the long post. At this stage I am willing to start from scratch and I am currently "playing" with a virtualbox image trying to understand where I've failed.
Any help is much appreciated and welcome. Many thanks in advance.
Ciao.
Back to top
View user's profile Send private message
utilizadortnt



Joined: 04 Jun 2016
Posts: 2

PostPosted: Mon Jun 06, 2016 5:43 pm    Post subject: Reply with quote

Right, found the problem. Well one of them...
My issue was lack of RAM. I only have 512MB on the ZEROSHELL box. Although it's a server it's a very old one.
Now that I "understand" a bit more about zeroshell I think I have the proper questions to ask. Here goes:


1st - Should zeroshell "management interface" be on the fiber network (were the gateway is) or the office network?
2nd - To enable office devices access the fiber network do I need to enable NAT on the fiber or the office network?
3rd - Without using Zeroshell as the DHCP server how can I "force" all clients to use zeroshell as a gateway or proxy?

Many thanks in advance ! In the meantime I'm configuring another box for my tests.
Back to top
View user's profile Send private message
iulyb



Joined: 02 Jun 2016
Posts: 90

PostPosted: Mon Jun 06, 2016 9:35 pm    Post subject: Reply with quote

Hi,
For management interface I don't think there is right or wrong, however I would put it on the interface that is the least exposed to a potential attack.

You network diagram is kind of weird. I would do it a bit different.
Fiber and MPLS would go into Zeroshell using ETH00 and ETH01.
Ofiice network would g on a different interface, ex ETH02.

You still can achieve your goals with your setup but might be a bit more complicated. You have 2 local networks + internet. Keep in mind that anything that is not local will go the gateway (supplied by DHCP).
When you say that you want your laptop to see Office network, there are 2 scenarios, your laptop may see only one computer or it can see all computers. If you want to see only 1 computer then NAT + DMZ might be an easy route. If you want to see all computers, you have scenarios with 2 gateways, for example:
Laptop -> Office GW= ZH (192.168.1.254)
Laptop -> Internet GW 192.168.1.1
For this you might need to add a new route on fiber device. In this way a request for 10.0.0.10 will be routed to ZH.
You also can try to supply computers with ZH as gateway and then setup ZH gateway as 192.168.1.1. and add a rute for 10.x.x.x
I hope this helps.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group