Using ZeroShell as a NetBalancer, QoS server & Captive Portal.

Similar documents
Trying To Uninstall Norton 360 Wont Let Me Connect

Usability Test Report: Requesting Library Material 1

MA 1128: Lecture 02 1/22/2018

2/29/2012. Part 1: Networking overview Part 2: Data transfer methods Part 3: Communication Channels

1) Introduction ) Network Overview ) Port Forwarding Notes... What is Port Forwarding?.. Port Forwarding through Two Routers...

A specific IP with specific Ports and Protocols uses a dedicated WAN (Load Balance Policy).

It s possible to get your inbox to zero and keep it there, even if you get hundreds of s a day.

Network Design Clinic

FW- 525B Quick Start Guide

Welcome to Moodle! How To Moodle

Spectroscopic Analysis: Peak Detector

Drake Hosted User Guide

How to open ports in the DSL router firmware version 2.xx and above

CS4450. Computer Networks: Architecture and Protocols. Lecture 13 THE Internet Protocol. Spring 2018 Rachit Agarwal

FileWave Server Install and Configuration

On following pages I explain the steps to be performed, for having this Web Filtering product installed.

How to Get Your Inbox to Zero Every Day

Multi-Homing Broadband Router. User Manual

A Letting agency s shop window is no longer a place on the high street, it is now online

(Refer Slide Time: 06:01)

Installing and Configuring the Voice UPB Bridge updated 22-Jan-2018

Week - 01 Lecture - 04 Downloading and installing Python

Control Centre Manual

Welcome Back! Without further delay, let s get started! First Things First. If you haven t done it already, download Turbo Lister from ebay.

P3e/c 4.1: Training Facility Requirements

Heuristic Evaluation of Team Betamax

Table of Contents [ClusterReplica SQL v2.1 User Manual]

Web Host. Choosing a. for Your WordPress Site. What is web hosting, and why do you need it?

IQ Center Manual. Installation & Administration

M0n0wall and IPSEC March 20, 2004 Version 1.1 Francisco Artes

FileWave 10 Webinar Q&A

Administrative Notes January 25, 2018

SecureAPlus User Guide. Version 3.4

UKNova s Getting Connectable Guide

Pension System/Windows. Installation Guide

Using WireShark to support the Application June 16, 2011

Marketing Alliance Pre Built Funnel SWIPES..

Reg s Practical Guide To Understanding Windows 7

Usability Test Report: get Interface 1

Web Hosting. Important features to consider

mygateway Portal Training for Staff

Networking and Health Information Exchange: ISO Open System Interconnection (OSI)

Installing and Configuring the Voice UPB Bridge updated 1-Jan-2019

Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0

Everyone will be working with a minimum of seven files on the network. All computers in the network must be able to connect to the laser printer.

Configuring and Managing WAAS Print Services

Contingency Planning and Disaster Recovery

Software Installation Requirements

DOWNLOAD PDF SQL SERVER 2012 STEP BY STEP

Nimsoft Cloud User Experience

TUCA COLLEGE OF OSTEOPATHIC MEDICINE TECHNOLOGY PRIMER

MikroTik lifehacking. Daniel Starnowski

How Was IT For You? First year student survey December 2013

Citrix Connectivity Help. Table of Contents

What s in This Book Part I: Basic Searches Part II: Specialized Searches

Table of Contents. Cisco How NAT Works

Media File Options. Deployment and Ongoing Management. This chapter covers the following topics:

Table of Contents. Keyspan:USB Server - User Manual

Installing and Configuring Citrix XenApp 6.5 (Part 1)

Foundations, Reasoning About Algorithms, and Design By Contract CMPSC 122

Broadband Router. User s Manual

Networking Notes. Common Internet Speeds. Online Speed Test myspeed.visualware.com

ASTE 2016 Ning Network access our Ning on a mobile device, browsers FREE should NOT To join the ASTE 2016 Ning

CNBK Communications and Networks Lab Book: Purpose of Hardware and Protocols Associated with Networking Computer Systems

Spam. Time: five years from now Place: England

The Problem, the Solution and the End FinalPart

Media File Options. Deployment and Ongoing Management CHAPTER

Click EDIT to CHANGE ALBUM SHAPE

GETTING STARTED GUIDE

EdgeXOS Platform QuickStart Guide

Insight Basic and Premium Mobile App and Cloud Portal User Manual

Register FAQ Calendar Today's Posts Search

Networking interview questions

Samples of Features and Feature Stories CSc 190

INTRODUCTION TO CLOUD STORAGE

For those who might be worried about the down time during Lync Mobility deployment, No there is no down time required

This guide is intended to help the un-experienced in PHP in particularly Phpvms to easily install and use this freeware software.

Deposit Wizard TellerScan Installation Guide

The Real Work Starts Now

DC-228. ADSL2+ Modem/Router. User Manual. -Annex A- Version: 1.0

Update Manual Ios 7.1 Iphone 4s Wont >>>CLICK HERE<<<

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

2013 EDITION. V-Camp Student. Guide. INTERACTIVE GUIDE Use the buttons shown below to navigate throughout this interactive PDF BACK

Web Evaluation Report Guidelines

Introduction! 2. Why You NEED This Guide 2. Step One: Research! 3. What Are Your Customers Searching For? 3. Step Two: Title Tag!

DASHING LIST FACTORY

1 GSW Bridging and Switching

Wzc ibss channel number

Technical Paper. Network Alternatives. Using the. ROTRONIC HW3 Software

Smart Bulk SMS & Voice SMS Marketing Script with 2-Way Messaging. Quick-Start Manual

Your . A setup guide. Last updated March 7, Kingsford Avenue, Glasgow G44 3EU

CSS worksheet. JMC 105 Drake University

Product Backlog Document Template and Example

There are two ways to get your chart of account, or trial balance data, into Quick Trial Balance Pro.

IMPORTANCE OF ALLOWING INCOMING CONNECTIONS TO SHAREAZA-LE:

Visual set-up guide. V17 Ed Durrant DD5LP 11th. Aug 2017

Latency of Remote Access

Welcome to Crowd Force PRO

METEOTEMPLATE N E W S L E T T E R LAST WEEK METEOTEMPLATE.COM WEBPAGE UNDERWENT A COMPLETE REDESIGN THAT

Avira Ultimate Protection Suite. Short guide

Transcription:

Using ZeroShell as a NetBalancer, QoS server & Captive Portal. (Among other things) By Jose Menendez orallo at gmail dot com

Acknowledgments: Let me start this document by thanking all the people that works or contributes to this magnificent piece of software, starting by Fulvio Ricciardi and extending those thanks to all the people that contributed documents or participates on the ZeroShell forums, particularly Atheling for all the help he gave me personally and his fix for the NetBalancer/QoS combo. My Scenario: I m by no means a network guru, I am a programmer by training and by trade. I work at a small/medium company where we have no network administrator so the IT department (two programmers) has been put in charge of anything and everything computer related. We have a LAN with about 60/70 computers. Off of those computers most do administrative tasks via a web interface, some do some FTP traffic and the most critical application on our office is that several times a week we broadcast a web conference to students. Our internet connection is based on two adsl lines one with 18MB download speed and 800kbps upload speed and the other line with 6MB download speed with 400kbps upload speed. When we started we had manually assigned IPs on each computer some on router 1 and some our router 2. Basically we left the broadcasting studio alone on router 2 to guarantee that nobody on the LAN would steal their bandwidth in the middle of a class. The Goals: We basically need to accomplish 3 things. First we need to provide internet service to all the users on the LAN consistently (regardless of the fact that one or the other DSL line might go down once in a while) Second we need to guarantee that the broadcasting studio has always enough bandwidth to broadcast the classes. And Lastly we need to implement some basic HTTP proxy with a blacklist of sites and a captive portal so all the users are aware that they are connected to the internet via a company computer.

The ZeroShell Solution: I m not going to go into much detail on the basic installation of ZeroShell, because it is simple enough and most important there is plenty of documentation about it. We installed ZS on a computer with two inexpensive 100Mb/s full duplex RTL 8139/8139C/8139C+ network cards one facing the LAN and the other one facing the WAN. The LAN is going to be on the 172.16.1.XXX segment and the routers each will stay with their current configuration, DSL1 will stay on 192.168.1.1 and DSL2 will stay on 192.168.2.1. Here is a basic diagram of our network layout Note 1 It has been pointed out that ZS should be physically placed between the routers and the switches to make sure no client changes his/her network configuration and bypasses the ZS setup. We partially agree with this notion, but right now it is not an option for us, the only place where we can place the ZS box is in our office. And our users do not have administrator rights so they can t really change their network settings. First we proceed to the NIC configuration by going to the System/Setup/Network tab on the web interface, and we Add IP 172.16.1.1/255.255.255.0 to ETH00 and we add IPs 192.168.1.254/255.255.255.0 and 192.168.2.254/255.255.255.0 to ETH01. ETH00 will face the LAN and ETH01 will face the internet routers.

The first goal is to provide Net Balancing on our two internet connections so if for some reason one of the DSL connections goes down, all the users on the LAN can still work so we go to the Network/NetBalancer/Manage tab enabled the checkmark to make the net balancing active and added our two routers. We clicked on Add, then we gave each router/gateway a name, entered the IP address of each router and clicked on Save. Then we disabled the default gateway that ZS adds by default. So now the NetBalancer looks like this:

Then we proceeded to enable the ICMP failover checking, to accomplish this, we added some IPs to the Failover IP Addresses list (we added, one of google s IPs, one of cnn.com s and one of yahoo s if I remember correctly). One side note to the NetBalancing, since we had put NB in place, some users experienced some problems using some sites that require authentication, in particular I had problems managing some websites using Plesk as the interface and one user had problems using a particular web forum based on some software package called mvnforum. The solution to this problem is going to the NetBalancing, balancing rules and creating a rule that sends those users always through the same gateway regardless. Apparently Plesk and mvnforum check the IP headers and if a user goes through one gateway one minute and the other gateway 5 minutes later they lose the authentication So first goal accomplished!!! On to the next goal, QoS. Reading through the ZS forums we found out that there was a glitch on ZS that makes that you can t use Net Balancing AND QoS at the same time. I had some contacts on the forum with Atheling, as he answered some of my posts. On one of his posts he said that he had created a patch to fix the QoS/NB conflict, so I asked him if I could get a copy. He was kind enough to send it to me, so I installed it and proceeded to test it, and it works like a charm! The patch that Atheling created can be found on the ZeroShell forums on the following thread: http://www.zeroshell.net/eng/forum/viewtopic.php?t=2125 Note 2 I installed the patch by first copying the patch to the kerbynet.cgi folder and issuing the following command:

patch p0 < Zeroshell.3.patch Then the system responded with: patching file scripts/fw_initrules patching file scripts/fw_makerule patching file scripts/fw_start patching file scripts/fw_viewchain patching file scripts/nb_fw patching file scripts/nb_setautomarking Then to make the changes permanent, since most of the system resides on RAM and its reloaded every time the system is rebooted, I made a copy of the patched files and placed them on a folder I created under /Database which is on the HDD and therefore does not disappear on reboot, and I put the following script on the preboot script on the cron tab. for file in /Database/custom/* do cp ${file} /root/kerbynet.cgi/scripts/ done So first we created some classes to group users by, we created seven groups based on the type of activities that each user does and the physical location within the building. We had segmented the LAN by location/ip so this came in handy. For example each classroom has its own consecutive IP range, the broadcast studio has another consecutive IP range, the reception area has its own consecutive IP range, etc, etc This is what our class manager looks like now: Note 3 The bandwidths are managed manually for now on the interface manager until we fine tune the numbers via trial and error so the numbers on the class manager are not representative.

Next we added the classifying rules on the classifier, by clicking add, entering the IP ranges for each range, and assigning them to a TARGET CLASS at the bottom of the configuration screen. Then we went back to the Interface Manager of the QoS and enabled the newly created classes with their rules. And voilá, we had QoS up and running. Setting up the Captive Portal: For our needs we don t need to create a user account for each user that logs into the system, management just want users to be aware that they are connected to the internet via a company computer in the hopes that they will feel monitored and they will be on their best behavior while on the internet at work. So we created a generic usuario account that all the users on the LAN share and use to connect to the internet via the captive portal.

Then we enable local authentication on the captive portal and added some items to the Free Authorized Services area at the bottom of the captive portal. We added one for the office printer opening port 9100 for it and some other ports that are used to connect to our mail servers. Later we went on to the Language tab and translated the portal to Spanish.

Finally we needed to setup a list of sites that are not to be accessed from our LAN. So we went to the HTTP Proxy area of ZS, enabled it and went to the Blacklist manager and entered the list of sites that management wants blocked. Then we added a general rule to capture the LAN traffic on ETH00 and some exceptions (not capture) for the people that are authorized to be off the proxy and get unrestricted web access and we are done with our third and last goal. Note 4 Since we were at it, we added ClamAV protection to our LAN by simply enabling the Virus Scanning via the drop list, selecting the number of updates per day and selecting the mirror for our country. Conclusions: In general ZeroShell was a breeze to install, we had some minor issues with the storage, but pretty much everything is documented on the ZeroShell site and/or the ZeroShell forums. Chances are that if you run into a problem while installing it, someone has had the problem before, fixed it and documented it. Configuring ZeroShell was also easy, we think that if we had a better background in network stuff we wouldn t have had most of the problems we had, and even so, it was just a matter of

reading a lot of documentation and posts of the forums to find out what each thing was supposed to do, and how it did it and then just translating that to ZeroShell. I hope this manual helps people with goals similar to the ones we had, and if anything needs to be clarified, corrected or removed from this document, do not hesitate to contact me at orallo at gmail dot com and will do so as soon as possible. Finally I would like to reiterate our thanks to Mr. Fulvio Ricciardi for this excellent piece of software and we look forward to future updates that will hopefully include even more and better features if that s even possible. Thank You.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback