I wrote about Zeroshell, and how I thought it was pretty great. I still do, but it hasn’t taken centre-stage in my network configuration like I thought it would. I’ve had to tone down my raves about some of its integrated features as well.
The fact that it hasn’t taken centre-stage is possibly as much to do with VMware’s bogus clock-drift problems as anything, as I haven’t dedicated hardware to my Zeroshell instance yet (I could keep it running virtual, but some of the things I want to do with it will make more sense if it’s a separate machine). VMware Server takes another barb for its handling of VLAN tagging (but to be fair that might be the Linux 8021q module works). It seems that if you have any VLAN definitions on a network card, VMware won’t get to see any VLAN tags on that NIC. You can get a guest attached to a bridged interface to see the real VLAN tags, but only if Linux has not got any VLAN awareness over that NIC.
Alright, so enough ragging on VMware. I have Zeroshell attached to the networks it needs and all is fine. Except that I can’t actually change anything! The web interface that I spoke so highly of originally is actually very restricted in some areas. One of these is in the RADIUS server, and it bit me badly when I decided I’d use Zeroshell’s RADIUS server to authenticate access to the Web interface of my Linksys switch. Turns out that the Linksys firmware expects a particular attribute to appear in the response from the RADIUS server.
The fact that Linksys don’t document this anywhere is not Zeroshell’s fault, but that there is no interface allowing me to do updates to the records above what Zeroshell uses for its own applications is a bit of an issue. It means that instead of a Zeroshell box potentially becoming the hub of administration functions, it is in danger of becoming just another little vertical application server that doesn’t integrate.
Having said that, the backend for most (all?) authentication data is LDAP so a tool like PHPLDAPAdmin might be usable to extend the base records. But, arguably, I shouldn’t have to do that! It is still beta software though, so improvements and enhancements will be made.
The other area that it’s a bit lacking in is monitoring/graphing. Okay sure, I’d probably integrate Zeroshell into the rest of my Cacti setup, but it would be nice if Zeroshell did like other router distos and had a pre-built statistics/graphing page.
Zeroshell is still my pick (I revisited pfSense and fixed the problem updating, but to me it doesn’t have enough function to justify running its own hardware), but it’s just not quite the bees-knees it was when I first saw it.
Crossed Wires 
you shoudl try kvm virtualisation, instead of vmware.there is alot more control, and i expect it will see the lvan tags on the nics at the host level.I am setting up a virt server to act as a router and video on demand system. Gerard
LikeLike
Hi Gerard,Actually I am switching to using KVM! I haven't yet posted about my progress. I am concerned whether the Linux bridge support would pass the VLAN tags over to the KVM vnet devices — I'm thinking that I'd need to use a separate bridge for each VLAN and make the VMs VLAN-unaware. This is one of the things I'm yet to test, however… stay tuned for a post on this soon!
LikeLike
Hey Disqus,It will also allow to run a network config, and then try out adifferent one using snapshotting.Can you let me know your email so i can send my status to you with deign doc.I would like to compare each of our projectsi am getting the server next week, and will begin testing.Dell Vostro 430 mini tower.Also need to get a switch that is vlan capable.NETGEAR ProSafe GS108TThis is 100 GBP, 8 ports and does vlans, QOS and rate limiting.Is well recommended too.NETGEAR GS716Tv2THis is 200 GBP, 16 ports and does vlans. I think it will do serverport forwarding etc too.Is well recommended too.
LikeLike
Found nice Zeroshell installation instructions and thought I would share with the rest. See http://www.computing-tips.net/Solution_Howto_install_Zeroshell_Hard_drive_WinXP/
LikeLike