Solved

How can I change default gateway for IPCop

Posted on 2011-02-11
10
7,183 Views
Last Modified: 2012-05-11
I have an IPCop Server that I need to change the default gateway for. We need to switch the IP address for getting to the internet from 71.113.x.x (DSL) to 75.111.x.x (Comcast Cable) and increase our bandwidth.

I did not install this server and know little to nothing about IPCop, but it looks like eth0 on the server, which I do have root access to, is the interface that everything is going out. Eth0's IP address is the 71.113.x.x when I do an ifconfig eth0 as root (which is the static IP address from Verizon). I recently added a Comcast connection coming into our network and is connected to a firewall which I've got a VLAN set up on so everything from the network with IPCop goes out to a private IP address of 192.168.1.254 (default gateway) on the Firewall and is sent to the 75.111.x.x Comcast cable internet, which has 8x the bandwidth as the DSL.

I've changed all the default gateways on each of the clients to 192.168.1.254 and when IPCop is turned off in Internet Explorer I go right out the correct interface on the firewall and it works correctly. Problem is, this is a school and I need to have a web filter running. When IPCop is turned on, on the client, IPCop sends everything through the 71.113.x.x DSL connection and its much slower.

Can I do this through the GUI Admin portion? I can't find where I can do it there.

So the problem is knowing how to change IPCop so it goes out the new internet connection so I can use the bandwidth until I get better web filtering solution. Any help would be appreciated. I can't turn off the DSL and stop paying for it until everything goes out the Comcast connection.
0
Comment
Question by:jim34
  • 5
  • 3
  • 2
10 Comments
 
LVL 12

Expert Comment

by:Fidelius
ID: 34874149
Please post output of route -n or netstat -rn from IPCop server. Also ifconfig output will be useful.
Thanks!
0
 
LVL 10

Accepted Solution

by:
pfrancois earned 250 total points
ID: 34879286
Regarding the network interfaces: eth0 (GREEN) is the LAN side, and eth1 (RED) is the WAN side of IPCop. See <https://ipcop.yourdomain.edu:445/cgi-bin/netstatus.cgi>.

You can't do your changes through the webinterface. You will have to login into a root shell on IPCop for getting a character oriented GUI.

So, for changing the gateway, you login into your IPCop:
ssh -p 222 -l root ipcop.yourdomain.edu

Open in new window


And you run the setup utility:
setup

Open in new window

Go to Networking > DNS and gateway settings > Default gateway.

That's it.
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 34886046
Did it work?
0
 

Author Comment

by:jim34
ID: 34887773
Thanks pfrancois and fidelios. I'll try to see if I can try this today. My problem with having this going fast is I'm actually a volunteer on the Technology Committee for my daughter's grade school (which is who this is for) and don't have physical access to any of this until I get off work and work it out with the grade school's tech coordinator to hook up and try these things. I do have an admin password, but don't have a key to get into the server room where all this is located.

I run a high school and we don't have IPCop which is why I need the help. We're actually trying to hunt down the volunteer parent who set this up, and finally got a name and an email address for him over the weekend.

The eth0 interface says 71.113.x.x (DSL). Shouldn't we change that to the new IP address of 75.111.x.x or does it even matter as long as the default gateway is set to 75.111.x.x and everything goes out there? Hopefully I can get over there to change the default gateway today and see if that works.

0
 
LVL 10

Expert Comment

by:pfrancois
ID: 34891824
You don't need to have physical access to the machine running IPCop: it is enough for you to login into that machine with any ssh-client.

Be aware you need to have 2 passwords: one for admin (web interface) and one for root (ssh command line interface), depending on what you want to do.

For understanding your third paragraph, I need more explanation: a small sketch of the wiring with IP addresses of the RED network, i.e. the modems and all the stuff between IPCop and the Internet, would be very useful.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 12

Assisted Solution

by:Fidelius
Fidelius earned 250 total points
ID: 34892182
Hello,

If I got it correctly, before Comcast cable, link from Verizon DSL router was directly connected to IPCop server, and IPCop GREEN interface was default gateway for all PC's, as the switch on wich all hosts are connected was directly connected to IPCop.

Now you added in between, Comcast cable modem and IPCop server, firewall. Also, I assume GREEN interface on IPCop server is from 192.168.1.x subnet, and the switch on which all PC hosts are connected is directly conected to firewall and to IPCop GREEN interface.

If all my assumptions are correct, what you need to do is as follows:
1. Change IP address between IPCop an firewall to for example 192.168.100.x, and give IPCop eth0 address from that range.
2. Disconnect host switch from firewall, and connect it to GREEN interface on IPCop server
3. Change default IP address on all hosts to IP of IPCop's GREEN interface

If I got something wrong, please provide network topology you had before, and one you are trying to achieve. Thanks!

Regards!
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 34894885
@Fidelius: you agree with me we need some clarification about the wiring scheme. I am not sure which gateway jim34 is speaking about: the gateway for IPCop itself to get on the Internet, or the gateway IPCop is giving to the computers of the LAN by the DHCP server to get connected to IPCop. I think there is a confusion amongst both. In the same way, from his explanation, I am not able to figure out if 192.168.1.x is the GREEN network or the RED network.

Anyway, the IP range you propose for the RED subnet (between IPCop and the router connected to the Internet) affects eth1, not eth0.

Best regards.
0
 
LVL 12

Expert Comment

by:Fidelius
ID: 34895235
@pfrancois: I agree we need more info, and complete picture.

My assumptions for IP address were based on info that eth0 has 71.113.x.x (DSL) from original post. So that must be RED interface.
Also, if jim34 put on all clients 192.168.1.254 as default gateway, all client must be on 192.168.1.0/24 network. I'm almost certan that GREEN interface has IP 192.168.1.1/24
@jim34: Jim please confirm that assumption.

So at the end, internal network should stay the same as it was with DSL line, he needs only to change RED interface parameters (IP address, mask, default gateway) to comply with new configuration.

To be on safe side, we definitely need more clarifications from jim34.

Regards!
0
 

Author Comment

by:jim34
ID: 34897261
Thanks for the time you've spent on this, but I went ahead and bypassed IPCop completely and took it out. The new comcast internet connection was put on a Fortinet 80c firewall. I went ahead and got a admin password from the people who installed it and set up a web filtering profile on the vlan with the grade school on it yesterday. I turned off the GPO setting the proxy in IE and restarted the machines. This took IPCop completely out of the picture and we're good to go.

I'd love to give you points for the time you put in, but I'm not sure if I can. Please let me know and any points I can award I'll split between Fidelious and pfrancois.
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 34901215
Since the answer of your initial question is here above (ssh login and run setup), I should give points... :D
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now