- This topic is empty.
-
Posts
-
Hi all, after some tweaking and reading I have Zeroshell working – or so i thought! I am getting timed out error when trying to connect to ssh on a server.
Sometimes it works?
I am using a bridge with 2 static public ip ETH01 and internal IP ETH04.
Would really appreciate some help and guidance – http://en.wikipedia.org/wiki/Newbi
Thanks
Stephen
Virtual server settings are also below.
Port Forwarding and Source NAT (PAT)
Chain PREROUTING (policy ACCEPT 112 packets, 6852 bytes)
pkts bytes target prot opt in out source destination
6 400 DNAT tcp — BRIDGE00 * 0.0.0.0/0 78.xxx.99.44 tcp dpt:22 to:10.20.10.25:22
0 0 DNAT tcp — BRIDGE00 * 0.0.0.0/0 78.xxx.99.44 tcp dpt:993 to:10.20.10.25:993Chain POSTROUTING (policy ACCEPT 49 packets, 3248 bytes)
pkts bytes target prot opt in out source destination
130 9144 SNATVS all — * * 0.0.0.0/0 0.0.0.0/0
81 5896 MASQUERADE all — * BRIDGE00 0.0.0.0/0 0.0.0.0/0Chain SNATVS (1 references)
pkts bytes target prot opt in out source destinationBelow are my input, forward and output chains
Chain INPUT (policy ACCEPT 8 packets, 256 bytes)
pkts bytes target prot opt in out source destination
1644 209K SYS_GUI all — * * 0.0.0.0/0 0.0.0.0/0
1644 209K SYS_INPUT all — * * 0.0.0.0/0 0.0.0.0/0
0 0 SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
1061 167K SYS_HTTPS tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 SYS_SSH tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
4 982 ACCEPT all — ETH00 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp — BRIDGE00 * 78.xxx.99.44 10.20.10.25 tcp spt:22 dpt:22
0 0 ACCEPT tcp — BRIDGE00 * 78.xxx.99.44 10.20.10.25 tcp spt:993 dpt:993Chain FORWARD (policy ACCEPT 18 packets, 744 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — * BRIDGE00 10.20.10.25 78.xxx.99.44 PHYSDEV match –physdev-in ETH04Chain OUTPUT (policy ACCEPT 303 packets, 185K bytes)
pkts bytes target prot opt in out source destination
1773 601K SYS_OUTPUT all — * * 0.0.0.0/0 0.0.0.0/0Hi all. OK after I bit more fiddling I can get thing to work but it doesn seemed to stick for some reason I f I am out of the admin console or gui for a number of hours my settings in the firewall and virtual servers make no difference and all access is lost. How can I mak ethese settings stick!!
Any help or guidance would be very appreciated.
Stephen
Why do you use a bridge? NAT-ing is only possible on router. Can you tell us some more details about your network topology?
Why do you use a bridge? NAT-ing is only possible on router. Can you tell us some more details about your network topology?
Thanks.
I have 4 static ip’s and I want to use 2 of these to offer public email and web hosting. The other 2 are already being used direct from the ADSL router (set up in pass through mode) so there is no issue with the router. The first two go direct onto another 2 linux gateways and are working without problems. So the other 2 I want to use through Zeroshell.
The Zeroshell hardware has 5 nic’s. ETH00 is being used as an admin interface on 10.0.10.0 network. ETH01 and ETH02 are going to be used for the static ip addresses 78.xx.xx.44 and 45 subnet mask 255.255.248.0 and gateway 78.105.96.1. ETH03 is spare and ETH04 is running dhcp on 10.20.10.0 network. It is on this network that I want to host the virtual machines that I need Like my public email server and web hosting. As I need more servers I can additional static IP addresses. I am using Proxmox to virtualise.
I have had some success but only when I use just one of the static ip addresses and the settings dont stick
I want to route traffic on one static IP address directly through to the email server on 10.20.10.25 (well just 993, 443and 22) and on the other static IP address 443 and 80 to the web server on 10.20.10.30 and vice versa. In certain circumstance I will also want to block traffic between the virtual servers so they are only accessible from the outside and admin interface.
At some point I also like to allow access from one static IP to a windows terminal server but force all port 80 and 443 traffic requests out through another IP address.
That will probably confuse you as I have not explained it very well.
HTH
Hi All, Ok some more tweaking but there is something I cant fix? It is still timing out for some reason. If I do for instance a apt-get update / upgrade or apt-get install some app on my debian server sitting behind the zeroshell server I can access it EXTERNALLY but after maybe 10-15 minutes of inactivity on the internal server the external ports anf firewall prevent access?
So Like I have explained the settings are not sticking or they are being effected by something else. Name resolution also seems slow ish.
Please can anyone help?
Thanks
stephen
Ok I think I am giving up at this stage. Just followed this useful document
http://www.zeroshell.net/listing/1_1_NAT_in_ZeroShell.pdf
An i still cant get it working. I think Pfsene it is 🙁
S
i’m sorry to read that you are giving up… for the past 2 days i’ve been trying to understand your Network configuration but i’v failed.. maybe a couple of days more…
Ok I have it working – of a sort! As usual the issue was the chair to keyboard interface – in this case me!.
I am using proxmox to host virtual servers behind the zeroshell box and the network card on the ZS was 10.20.10.1 and all virtual servers are going to be in this network however the internal server I was trying to reach from the internet was connected via vmbr (acts like a network switch) which was on 10.10.20.15 so this was an issue! Also I think i have an issue on the bond within the vmbr so i just changed this to active-backup for now.
I installed Pfsense and it was at this point I suddenly realised my mistake! So back in went zeroshell and we are good to go now – very gald it is working for me.
Thanks to all.
I still have an issue. ETH03 is my wan and currently one public IP is working ok if I add another public IP to ETH03 I can’t seem to get the same results (as in internal server open for access from the internet) with similar firewall, nat and virtual server settings.
Any ideas?
Thanks
Stephen
- You must be logged in to reply to this topic.