My 1st installation of ZEROSHELL – Need help please…

Forums Network Management ZeroShell My 1st installation of ZEROSHELL – Need help please…

  • This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #44570

    Hi All,

    This is my first post and I can’t start without thanking Fulvio for his availability and friendly support.
    I must say HE IS the reason why I didn’t give up on Zeroshell. THANK YOU FULVIO !!

    I am trying to get Zeroshell to work but unfortunately I am getting a bit frustrated.
    My goal is to use zeroshell as a proxy server and a captive portal.
    I have two networks:
    – FIBER NETWORK: GOAL is to make all clients use ZEROSHELL as their captive portal (+transparent proxy) is the gateway and dhcp server
    – Ethernet and wireless clients

    – OFFICE NETWORK: GOAL is to make all clients use ZEROSHELL as their transparent proxy server is the gateway
    – Ethernet only

    This is how I’ve configured the ZEROSHELL “server”:
    ETH00 –
    ETH01 – Not connected
    ETH02 –
    ETH03 – Not connected
    Then I configured Zeroshell gateway as and all was looking good and from there I could ping all networks.
    When I connected the laptop to the FIBER network I had to manually configure the IP settings to use as my gateway.
    When accessing the internet all as ok but it was not using neither the captive portal or the proxy (tried squid and dansguardian).

    When I connected the laptop to the OFFICE network I also had to manually configure the IP settings this time to use as the gateway.
    Surprisingly enough I could ping the internet but the internet browsers wouldn’t load any page at all.

    After several hours of frustration, I decided to swap the configuration:
    ETH00 –
    ETH01 – not connected
    ETH02 –
    ETH03 – not connected
    It was even more confusing. The OFFICE network could not access the internet and the FIBER network could access the OFFICE network, which for obvious reasons I do not want this.
    Anyway sorry for the long post. At this stage I am willing to start from scratch and I am currently “playing” with a virtualbox image trying to understand where I’ve failed.
    Any help is much appreciated and welcome. Many thanks in advance.


    Right, found the problem. Well one of them…
    My issue was lack of RAM. I only have 512MB on the ZEROSHELL box. Although it’s a server it’s a very old one.
    Now that I “understand” a bit more about zeroshell I think I have the proper questions to ask. Here goes:

    1st – Should zeroshell “management interface” be on the fiber network (were the gateway is) or the office network?
    2nd – To enable office devices access the fiber network do I need to enable NAT on the fiber or the office network?
    3rd – Without using Zeroshell as the DHCP server how can I “force” all clients to use zeroshell as a gateway or proxy?

    Many thanks in advance ! In the meantime I’m configuring another box for my tests.


    For management interface I don’t think there is right or wrong, however I would put it on the interface that is the least exposed to a potential attack.

    You network diagram is kind of weird. I would do it a bit different.
    Fiber and MPLS would go into Zeroshell using ETH00 and ETH01.
    Ofiice network would g on a different interface, ex ETH02.

    You still can achieve your goals with your setup but might be a bit more complicated. You have 2 local networks + internet. Keep in mind that anything that is not local will go the gateway (supplied by DHCP).
    When you say that you want your laptop to see Office network, there are 2 scenarios, your laptop may see only one computer or it can see all computers. If you want to see only 1 computer then NAT + DMZ might be an easy route. If you want to see all computers, you have scenarios with 2 gateways, for example:
    Laptop -> Office GW= ZH (
    Laptop -> Internet GW
    For this you might need to add a new route on fiber device. In this way a request for will be routed to ZH.
    You also can try to supply computers with ZH as gateway and then setup ZH gateway as and add a rute for 10.x.x.x
    I hope this helps.

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.