IPCOP Configuration / Firewall
I am setting up an IPCOP firewall, but having a few issues.
My set up is green/red
I want Green to be on a 10.10.10.1/24 network & Red plugged in to a router (switch) on a 192.168.0.1/24 (external IP on router is static)
I have read that if the red is Static, i need to enter the Primary/Secondary DNS + gateway address of router (by doing this, i am not sure how the red knows about the 192.168.0.1/24 network or this is just the gateway to the internet)
Would it work ok if i set up red on DHCP?
Even if the Red is not working, i should at least be able to connect to the IPCOP box on the 10.10.10.0/24 Network, but even that is not working!
Can't even ping it
Has anybody successfully install IPCOP in this type of Network?
Cheers
My set up is green/red
I want Green to be on a 10.10.10.1/24 network & Red plugged in to a router (switch) on a 192.168.0.1/24 (external IP on router is static)
I have read that if the red is Static, i need to enter the Primary/Secondary DNS + gateway address of router (by doing this, i am not sure how the red knows about the 192.168.0.1/24 network or this is just the gateway to the internet)
Would it work ok if i set up red on DHCP?
Even if the Red is not working, i should at least be able to connect to the IPCOP box on the 10.10.10.0/24 Network, but even that is not working!
Can't even ping it
Has anybody successfully install IPCOP in this type of Network?
Cheers
ASKER
Not 100 % sure, how do you find out?
the BEST thing to do is got to your ifcfg-eth0 and ifcfg-eth1 files, edit them and bind the MAC address of each interface to a file.
This way you are guaranteed an interface no matter what.
If the version of IPCOP you are on is 2.0 or greater, you should in fact have this mac binding already. You just need to identify which of the NICs is which.
Also, that config is very common, there should be no issues with it.
You may not be able to ping it because afaik ping is not enabled by default.
Also check that you have enabled routing between the interfaces.
This way you are guaranteed an interface no matter what.
If the version of IPCOP you are on is 2.0 or greater, you should in fact have this mac binding already. You just need to identify which of the NICs is which.
Also, that config is very common, there should be no issues with it.
You may not be able to ping it because afaik ping is not enabled by default.
Also check that you have enabled routing between the interfaces.
ASKER
Would you recommend to use IPCOP version 2.0 or higher instead of 4.2.1?
the 1.4 range still uses a very outdated version of the linux kernel, 2.4.
The last changes logged for 1.4.21 were logged in July 2008.
Personally I wouldn't be using that at all.
I would rather build a CentOS server with no additional services and install smoothwall.
(if you have great linux skills, custom build a Gentoo linux server with smoothwall...)
From: http://www.ipcop.org/2.0.0/en/admin/html/whatsnew.html
1.3. What's New in v2.0?
IPCop v2.0 is a development of v1.4, but incorporates some significant improvements.
* Linux kernel 2.6.27
* New hardware support, including Cobalt, sparc and PPC platforms.
* New installer, which allows you to install to flash or hard drives, and to select interface cards and assign them to particular networks.
* Access to all web interface pages is now password protected.
The last changes logged for 1.4.21 were logged in July 2008.
Personally I wouldn't be using that at all.
I would rather build a CentOS server with no additional services and install smoothwall.
(if you have great linux skills, custom build a Gentoo linux server with smoothwall...)
From: http://www.ipcop.org/2.0.0/en/admin/html/whatsnew.html
1.3. What's New in v2.0?
IPCop v2.0 is a development of v1.4, but incorporates some significant improvements.
* Linux kernel 2.6.27
* New hardware support, including Cobalt, sparc and PPC platforms.
* New installer, which allows you to install to flash or hard drives, and to select interface cards and assign them to particular networks.
* Access to all web interface pages is now password protected.
ASKER
Dont have any Linux Skills at all!
Shall i go for IPCOP V2.0?
Shall i go for IPCOP V2.0?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have no linux skills then stick with it, just go edit your ifcfg-eth files and add mac addresses into them so you never have an accidental swap of interfaces.
from /etc/sysconfig/network-scr
# devicename
DEVICE=eth1
HWADDR=xx:xx:xx:xx:xx:xx
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=255.255.255.0
GATEWAY=XXX.XXX.XXX.XXX
HOSTNAME=node-name.name-of
DOMAIN=name-of-domain.com
The line you need to make sure is there is HWADDR=mac address, you can get the MAC address from the command ifconfig
from /etc/sysconfig/network-scr
# devicename
DEVICE=eth1
HWADDR=xx:xx:xx:xx:xx:xx
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=255.255.255.0
GATEWAY=XXX.XXX.XXX.XXX
HOSTNAME=node-name.name-of
DOMAIN=name-of-domain.com
The line you need to make sure is there is HWADDR=mac address, you can get the MAC address from the command ifconfig
The green interface is eth0, the red one is eth1. IPCop works even if red is down.
An easy way to see which interface is connected is to connect only one network interface and to look at the output of "ifconfig eth0" and "ifconfig eth1". You will see traffic on the connected interface because the number near to RX bytes and TX bytes is increasing in the output of ifconfig:
eth0 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx
inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1702900 errors:0 dropped:0 overruns:0 frame:0
TX packets:2418525 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:244771020 (233.4 MB) TX bytes:2818471625 (2687.9 MB)
Interrupt:5 Base address:0x1400
(I suppose the IP address of your green interface is 10.10.10.1)
If you don't understand what I mean with "run ifconfig", you can also surf to IPCop at the webpage through the green interface:
https://10.10.10.1:443/cgi-bin/netstatus.cgi
and you will see the output of ifconfig for each interface. If nothing happens, you probably are connected to the red interface. Connect to the green interface and you will be able to see that webpage.
An easy way to see which interface is connected is to connect only one network interface and to look at the output of "ifconfig eth0" and "ifconfig eth1". You will see traffic on the connected interface because the number near to RX bytes and TX bytes is increasing in the output of ifconfig:
eth0 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx
inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1702900 errors:0 dropped:0 overruns:0 frame:0
TX packets:2418525 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:244771020 (233.4 MB) TX bytes:2818471625 (2687.9 MB)
Interrupt:5 Base address:0x1400
(I suppose the IP address of your green interface is 10.10.10.1)
If you don't understand what I mean with "run ifconfig", you can also surf to IPCop at the webpage through the green interface:
https://10.10.10.1:443/cgi-bin/netstatus.cgi
and you will see the output of ifconfig for each interface. If nothing happens, you probably are connected to the red interface. Connect to the green interface and you will be able to see that webpage.
@defrey: Have you solved your problem? If your setup is correct, you can connect a laptop/desktop on the green interface, even if the red interface is down and receive an IP address. If you have doubts on which NIC is red and which is green, just try to connect your laptop/desktop at both: only one will give you an IP address through DHCP.
ASKER
none
Are you sure you know which one is green and red? I had that problem once.