Net Balancer

Forums Network Management Networking Net Balancer

  • This topic is empty.
Viewing 15 posts - 1 through 15 (of 20 total)
  • Author
  • #42430

    Hey Everyone,

    I am new to Zeroshell and apologize in advance if the answers to my questions have already been posted to the Forum.

    We have set up a workstation in my office with 3 NIC cards. We have 2 PCI and 1 onbourd NIC.We are currently using Release 1.0 Beta 12 . From what I have read on this forum , QOS and Net Balancing are glitchy and have made sure not to enable QOS.

    The issue we are running into is that the Failover is not working properly, I keep receiving Fauts everytime I switch between the interfaces.Below is my current setup.

    Default Gateway ETH02
    Cable Internet Connection ETH01
    DSL Internet Connection ETH02

    Thank You


    If you apply Atheling’s patch for mangling then you can use both QoS and Netbalancer. I don’t understand what do you mean exactly

    everytime I switch between the interfaces

    could you elaborate a bit? Failover sticks to the active connection and switches to the standby only when the active goes off.


    We are trying to setup load balancing between a DSL connection and a Cable connection. Whenever We have the failover monitor in place, the DSL connection fails. In the routing table, the default gateway shows that all traffic should be going out the connection for the DSL connection, but when I try to run a trace route or ping a public IP address it doesn’t work.

    Traffic is getting stopped at the WAN Port on the Zero Shell server for the DSL connection.

    If I were to ping a device that is past the WAN Port for the DSL connection, it is successful. I don’t know what the problem is. I can provide tracerts and IP addressing if you need.

    Thanks for your time.


    Post here the screen from the web interface of Netbalancer and the balancing rules, if you have any. Also post anything else you have, like traceroutes or pings, and maybe logs from the netbalancer.


    My company is an Internet service provider. We provide DSL and T1 lines to various customers. While we are troubleshooting this issue, we are using DSL service that we provide. So the connection from our Core router goes out through the connection to our DSL vendor and then in through a phone line into our office and into a3Com 3030 router. We then have the LAN-side of this 3Com 3030 router going into one of the WAN ports of the Zero Shell server.

    Here is a tracert when our DSL connection is the Default Gateway:

    C:Documents and Settingsstudent>tracert
    Tracing route to []
    over a maximum of 30 hops:
    1 <1 ms <1 ms <1 ms
    2 reports: Destination host unreachable.
    Trace complete.

    Here is the routing table on ZeroShell:

    Destination Netmask Type Metric Gateway Interface Flags State Source Net 0 none ETH00 U Up Auto Net 0 none ETH02 U Up Auto Net 0 none VPN99 U Up Auto Net 0 none ETH01 U Up Auto Net 1 ETH02 UG Up Static
    DEFAULT GATEWAY Net 0 none ETH02 U Up Auto

    You’ll see that the DEFAULT GATEWAY is pointing to ETH02. This is the connection to our DSL router.

    The static routes on the DSL router are:
    ip route-static preference 60
    ip route-static preference 80

    The DSL router is supposed to take the traffic from ZeroShell and send it out to the internet and then back, but according to the tracert above, ZeroShell isn’t sending the traffic to the DSL router. is the WAN IP address of the ZeroShell server that connects to the LAN-side of the DSL router.

    When I try to ping my core router and the 3Com 3030 router from a workstation on the LAN 10.150.1.x network, pings are successful, but whenever I try to access a website on the internet through the DSL connection it fails at the ZeroShell connection.

    I only have NAT turned on for the Cable connection. Our DSL connection has NAT performed on the firewall that is directly in front of the Core router.


    Your ZS routing table is wrong. In the Default Gateway line you should also have the gateway IP address ( I think). The way you have it is for p2p links, while you are on a routed network, so the router should know the IP to hit.


    Thanks for the assistance. I was unable to specify the output interface and the IP address of the default gateway (, but I was able to just put in the default gateway and that seemed to have fixed the routing issue we had.

    Now I am trying to figure out what is needed in regards to DNS.

    We currently have our DNS servers specified as the forwarders for our client’s DNS servers. In the event of a WAN link failure that we provide (DSL or T1), the clients will not be able to resolve websites to IP addresses.

    I am aware of the fact that we can set DNS forwarders on the ZS box and then have our clients use the IP address of the ZS box as their DNS forwarder. My question for this is, is there a way to provide failover for this DNS function? I’d like to make it so that when our WAN link is up (DSL or T1), ZS will forward DNS requests to our Primary and Secondary DNS servers, but when those WAN links are down, we would like ZS to forward DNS requests to a DNS server out on the internet (for example, OpenDNS).

    Is there a way to configure this?

    Also is there a way to perform policy-based routing on ZS?



    Although I guess that when your WAN links are down DNS will be the least problem of your clients, you can always add many DNS servers in the forwarders list, starting with your own and finally using OpenDNS.


    Is there any way to configure the http proxy to specify a different IP address and port number? I am trying to incorporate this ZeroShell router into a network with a filtering system that requires proxy settings on all the workstations. If ZeroShell can automatically redirect all HTTP web requests to the filtering system instead of having to put the proxy settings on the workstations, that would significantly help us deploy this across all of our clients. Thanks.


    Yes you can do it with PREROUTING rules in IPTABLES, more specifically DNAT action.


    I’m just not that familiar with this software to be able to do this on my own. How would I go about setting this up?

    What information do you need from me in order to assist me? Our proxy server on this network segment is with port number 8080. Our ZeroShell server has IP address on the LAN and it has two WAN ports, one of them has a static IP address that connects to a DSL line that my company provides ISP services to. The WAN IP address on the ZeroShell server for that connection is and the other WAN connection connects to a third-part Cable ISP provider and it receives an IP address through DHCP. Thanks.


    Your proxy server must support transparent mode.
    The command should be like that

    iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination

    You might want to add the same command for https

    iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination

    Hope this helps.


    Thanks for the info. I’m assuming I need to type this in the Shell Prompt, correct? (Command Menu, Option S for Shell prompt)

    How would I remove these commands if I needed to? I might be installing this server at a client’s location on Thursday and I would need to remove these settings and change the IP addresses of the interfaces since the client has a different IP range. Thanks.


    Yes you have to add them in the shell. You can see the installed rules with

    iptables -L -v

    and remove the rule you want with

    iptables -t nat -D PREROUTING X

    where X is the number of the line the command is in the specific chain.


    Thanks I’ll test that out today. Does ZeroShell support SNMP? If so, how would I go about configuring it? We use What’s Up Gold for monitoring purposes, and would love to be able to monitor the ZeroShell Server. Thanks.

Viewing 15 posts - 1 through 15 (of 20 total)
  • You must be logged in to reply to this topic.