Find the answer to your Linux question:
Results 1 to 2 of 2
I've got a ZyWall USG50. There are 2 ISPs that provide service, each with their own block of IP addresses. I'm trying to configure it so if one ISP fails ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! mikelbeck's Avatar
    Join Date
    Aug 2012
    Posts
    3

    ZyWall USG50, Multiple ISPs, Apache


    I've got a ZyWall USG50. There are 2 ISPs that provide service, each with their own block of IP addresses. I'm trying to configure it so if one ISP fails the other will take over immediately. I'm pretty sure I've got the ZyWall configured properly but I'm having an issue with Apache not responding properly on the 2nd ISP's IP.

    I have the ZyWall configured to NAT the public address to private addresses in the 192.168.1 address space. For ISP #1 I have 192.168.1.104 and 192.168.1.105 assigned to Apache and those work fine. For ISP #2 I assigned 192.168.1.175 but when I try to access a virtual site on that IP I get no response. On the server I see the connection in a SYN_RECV state.

    I'm able to get to other services on 192.168.1.175 (SSH, Virtualmin, FTP, etc) so I know that the IP, NAT and routing are all working properly. It's just Apache...

    If I do a traceroute back to my home IP it takes the right path - I can see ISP #2's IP addresses in the trace.

    I ran tcptrace on the 175 interface and got this result (changed my computer's IP to "my.home.i.addr"):

    Code:
    2012-08-16 21:52:32.073352 IP my.home.ip.addr.50026 > 192.168.1.175.80: Flags [S], seq 2162427785, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    2012-08-16 21:52:32.073398 IP 192.168.1.175.80 > my.home.ip.addr.50026: Flags [S.], seq 3572700126, ack 2162427786, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    2012-08-16 21:52:32.314776 IP my.home.ip.addr.50027 > 192.168.1.175.80: Flags [S], seq 996576112, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    2012-08-16 21:52:32.314824 IP 192.168.1.175.80 > my.home.ip.addr.50027: Flags [S.], seq 2101304031, ack 996576113, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    2012-08-16 21:52:35.069333 IP my.home.ip.addr.50026 > 192.168.1.175.80: Flags [S], seq 2162427785, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    2012-08-16 21:52:35.069357 IP 192.168.1.175.80 > my.home.ip.addr.50026: Flags [S.], seq 3572700126, ack 2162427786, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    2012-08-16 21:52:35.319660 IP my.home.ip.addr.50027 > 192.168.1.175.80: Flags [S], seq 996576112, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
    2012-08-16 21:52:35.319681 IP 192.168.1.175.80 > my.home.ip.addr.50027: Flags [S.], seq 2101304031, ack 996576113, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    2012-08-16 21:52:35.474936 IP 192.168.1.175.80 > my.home.ip.addr.50026: Flags [S.], seq 3572700126, ack 2162427786, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    2012-08-16 21:52:35.674919 IP 192.168.1.175.80 > my.home.ip.addr.50027: Flags [S.], seq 2101304031, ack 996576113, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
    I'm getting to the server but I don't see anything in the Apache logs about this connection.

    Apache's ports.conf looks like this:

    Code:
    Listen 80
    Listen 443
    I've got this at the end of apache2.conf:

    Code:
    NameVirtualHost 192.168.1.104:80
    NameVirtualHost 192.168.1.105:80
    NameVirtualHost 192.168.1.175:80
    And the config for the virtual server has this at the top:

    Code:
    <VirtualHost 192.168.1.175:80>
    What am I missing here?

  2. #2
    Just Joined! mikelbeck's Avatar
    Join Date
    Aug 2012
    Posts
    3
    Well it turned out that the 2nd ISP was blocking port 80. We gave them a call and had them remove the block and it started working. Who'da thunk it?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •