Ipcop( Green-Orange-Red)
Hi
I opened a previous question , on regards of tihs issue, but had not get any soluton. but i got some progress in my work, so i am creating another question to see, if any one can help me in general .
I have mechine with ipcop software installed which has 3 nic card. which is asfollows:
Ip Address for Ipcop :
Green:194.132.235.1
Red: 192.168.1.1( Gateway-192.168.1.10 and dns 192.168.1.10)
Orange: 192.168.3.1
and Orange box : 192.168.3.2 ( Gateway -192.168.3.1, and Dns : 192.168.1.10)
This orange box is connected to ipcop orange nic card via Corss over cable
Now problem is: every pc can ping every one, green network and ipcop itself is getting internet connection
but Orange network( orange box) is unable to find any internet host, unable to ping .
how i will fix this problem ?? here orange will work a DMZ.
I opened a previous question , on regards of tihs issue, but had not get any soluton. but i got some progress in my work, so i am creating another question to see, if any one can help me in general .
I have mechine with ipcop software installed which has 3 nic card. which is asfollows:
Ip Address for Ipcop :
Green:194.132.235.1
Red: 192.168.1.1( Gateway-192.168.1.10 and dns 192.168.1.10)
Orange: 192.168.3.1
and Orange box : 192.168.3.2 ( Gateway -192.168.3.1, and Dns : 192.168.1.10)
This orange box is connected to ipcop orange nic card via Corss over cable
Now problem is: every pc can ping every one, green network and ipcop itself is getting internet connection
but Orange network( orange box) is unable to find any internet host, unable to ping .
how i will fix this problem ?? here orange will work a DMZ.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can you tell us what troubleshooting you've done from the orange machine?
can you ping it's gateway? can you ping and outside ip like 66.102.9.104 (www.google.com)?
if you can't ping outside, can you tracert and see where the error is happening?
my first assumption is that you've put no rules in place to allow traffic from you Orange network to your red network, you may need specific rules in place to allow DNS or any other traffic through.
Let me know if that helps, or if you have any further info.
can you ping it's gateway? can you ping and outside ip like 66.102.9.104 (www.google.com)?
if you can't ping outside, can you tracert and see where the error is happening?
my first assumption is that you've put no rules in place to allow traffic from you Orange network to your red network, you may need specific rules in place to allow DNS or any other traffic through.
Let me know if that helps, or if you have any further info.
Hi, fosiul01.
194.132.235.1 is bad address for internal network. Really this IP address belongs to internet network in Stockholm, not to you. So if you ever try to connect to any of the web site in this network, you will fail.
> problem is linux box(orange) is not getting any internet connection
i can assume, it could be dns i put 192.168.1.10
DNS should be the same as in internal network.
It doesn't make much sense to have separate DMZ on private network address space (192.168.3.x). Your IPCop is already behind a NAT (because it's external address is in private IP network 192.168.1.x). So your DMZ host would be behind 2 NATs and they can't be accessed from Internet directly. Usually DMZ hosts have real internet IP addresses and are not NATed. So it is possible that on IPCop NAT is not turned on on DMZ. For checking that you need to post 'iptables -L'
194.132.235.1 is bad address for internal network. Really this IP address belongs to internet network in Stockholm, not to you. So if you ever try to connect to any of the web site in this network, you will fail.
> problem is linux box(orange) is not getting any internet connection
i can assume, it could be dns i put 192.168.1.10
DNS should be the same as in internal network.
It doesn't make much sense to have separate DMZ on private network address space (192.168.3.x). Your IPCop is already behind a NAT (because it's external address is in private IP network 192.168.1.x). So your DMZ host would be behind 2 NATs and they can't be accessed from Internet directly. Usually DMZ hosts have real internet IP addresses and are not NATed. So it is possible that on IPCop NAT is not turned on on DMZ. For checking that you need to post 'iptables -L'
ASKER
HI, Thanks, I am was not at town to check any post.
The way i am trying to do, it worked at my office. the previous IT guy , he did the same setup with Same IP i got , in office its working fine, now when i am trying to implement to home, its not working. actually, i think its fine.
because to day, i checked at office network. DmZ cant ping any internal netowork aswell as out side address like ping gmail.com.
so in my case its almost same, i will set up web server with rule to check if my setup work or not, if its does not work, i will come back again.
The way i am trying to do, it worked at my office. the previous IT guy , he did the same setup with Same IP i got , in office its working fine, now when i am trying to implement to home, its not working. actually, i think its fine.
because to day, i checked at office network. DmZ cant ping any internal netowork aswell as out side address like ping gmail.com.
so in my case its almost same, i will set up web server with rule to check if my setup work or not, if its does not work, i will come back again.
ASKER
Hi, attached a picture, if you can have look of this picture, and if you can tell me.and this is workable network, Dmz is wokring here.
192.168.88.130/26
what would be subnet mask of this one ?
Diagram.JPG
192.168.88.130/26
what would be subnet mask of this one ?
Diagram.JPG
if this is a network diagram of your current network, it's quite kooky. Not what I would call a normal addressing scheme, but anyway.
a 26bit subnet mask will be 255.255.255.192. this divides the normal range into segments of 62 hosts per network, which means that in your diagram, the router and dmz are on seperate networks.
DMZ Host Range : 192.168.88.129 - 192.168.88.190 (Network address is 192.168.88.128)
router/firewall Range : 192.168.88.1 - 192.168.88.62
most likely your DMZ machine has a default gateway of 192.168.88.129
back to your original question.Have you configured DMZ pinholes in your firewall rules?
have a look at:
http://www.ipcop.org/1.4.0/en/admin/html/section-firewall.html
anything from your DMZ by default won't have access to your Green network, so you won't be able to ping or access anything on the green network.if you want to use your internal DNS server, you need to configure your firewall to allow port 53 (DNS) from the Orange to the Green.
a 26bit subnet mask will be 255.255.255.192. this divides the normal range into segments of 62 hosts per network, which means that in your diagram, the router and dmz are on seperate networks.
DMZ Host Range : 192.168.88.129 - 192.168.88.190 (Network address is 192.168.88.128)
router/firewall Range : 192.168.88.1 - 192.168.88.62
most likely your DMZ machine has a default gateway of 192.168.88.129
back to your original question.Have you configured DMZ pinholes in your firewall rules?
have a look at:
http://www.ipcop.org/1.4.0/en/admin/html/section-firewall.html
anything from your DMZ by default won't have access to your Green network, so you won't be able to ping or access anything on the green network.if you want to use your internal DNS server, you need to configure your firewall to allow port 53 (DNS) from the Orange to the Green.
ASKER
yes i know its kooky!! but i will not take this blame!!!, it previous IT manager!!!, i just following his road thats all!!!
yes,about pinholes , i know i will have to forward web request from dmz to green.
i will try today night or tomorrow, i think , the way i setup at home ( its same of this one, just IP is different)is correct, just need to try it now,
wish me luck with funny network address!! i will let you know tomorrow.
yes,about pinholes , i know i will have to forward web request from dmz to green.
i will try today night or tomorrow, i think , the way i setup at home ( its same of this one, just IP is different)is correct, just need to try it now,
wish me luck with funny network address!! i will let you know tomorrow.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok i will check
but i just posted another question, if you can have a look , and if you can help me.
https://www.experts-exchange.com/questions/23173997/How-to-forward-all-https-request-by-using-one-isp-line.html
but i just posted another question, if you can have a look , and if you can help me.
https://www.experts-exchange.com/questions/23173997/How-to-forward-all-https-request-by-using-one-isp-line.html
ASKER
let me explain you how , my network is setup:
i have router - isp line is connected to that router
which ip address is : 192.168.1.10
Router is connected to my ipcop box( which has 3 lan card)
one is for Green( ip is - 194.132.235.1 )- which is connected to my internal network
one is for Red ( 192.168.1.1 - which is connected to my router with Gateway of 192.168.1.10 and Dns of 192.168.1.10
Third one is ORange (dmz- ip address is -192.168.3.1)
now my linux box which is acting as DMZ , its ip (192.168.3.2, gateay 192.168.3.1, dns 192.168.1.10 and is connected to orange lan card of ipcop box with cross over cable)
now my internal network is fine ( which start from194.132.235.1 - XXXXX)
ipcop box is fine
problem is linux box(orange) is not getting any internet connection
i can assume, it could be dns i put 192.168.1.10
but i dont know what dns i will put in dmz box.
hope it makes sence ?