How can I change default gateway for IPCop

Posted on 2011-02-11
Last Modified: 2012-05-11
I have an IPCop Server that I need to change the default gateway for. We need to switch the IP address for getting to the internet from 71.113.x.x (DSL) to 75.111.x.x (Comcast Cable) and increase our bandwidth.

I did not install this server and know little to nothing about IPCop, but it looks like eth0 on the server, which I do have root access to, is the interface that everything is going out. Eth0's IP address is the 71.113.x.x when I do an ifconfig eth0 as root (which is the static IP address from Verizon). I recently added a Comcast connection coming into our network and is connected to a firewall which I've got a VLAN set up on so everything from the network with IPCop goes out to a private IP address of (default gateway) on the Firewall and is sent to the 75.111.x.x Comcast cable internet, which has 8x the bandwidth as the DSL.

I've changed all the default gateways on each of the clients to and when IPCop is turned off in Internet Explorer I go right out the correct interface on the firewall and it works correctly. Problem is, this is a school and I need to have a web filter running. When IPCop is turned on, on the client, IPCop sends everything through the 71.113.x.x DSL connection and its much slower.

Can I do this through the GUI Admin portion? I can't find where I can do it there.

So the problem is knowing how to change IPCop so it goes out the new internet connection so I can use the bandwidth until I get better web filtering solution. Any help would be appreciated. I can't turn off the DSL and stop paying for it until everything goes out the Comcast connection.
Question by:jim34
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
LVL 12

Expert Comment

ID: 34874149
Please post output of route -n or netstat -rn from IPCop server. Also ifconfig output will be useful.
LVL 10

Accepted Solution

pfrancois earned 250 total points
ID: 34879286
Regarding the network interfaces: eth0 (GREEN) is the LAN side, and eth1 (RED) is the WAN side of IPCop. See <>.

You can't do your changes through the webinterface. You will have to login into a root shell on IPCop for getting a character oriented GUI.

So, for changing the gateway, you login into your IPCop:
ssh -p 222 -l root

Open in new window

And you run the setup utility:

Open in new window

Go to Networking > DNS and gateway settings > Default gateway.

That's it.
LVL 10

Expert Comment

ID: 34886046
Did it work?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.


Author Comment

ID: 34887773
Thanks pfrancois and fidelios. I'll try to see if I can try this today. My problem with having this going fast is I'm actually a volunteer on the Technology Committee for my daughter's grade school (which is who this is for) and don't have physical access to any of this until I get off work and work it out with the grade school's tech coordinator to hook up and try these things. I do have an admin password, but don't have a key to get into the server room where all this is located.

I run a high school and we don't have IPCop which is why I need the help. We're actually trying to hunt down the volunteer parent who set this up, and finally got a name and an email address for him over the weekend.

The eth0 interface says 71.113.x.x (DSL). Shouldn't we change that to the new IP address of 75.111.x.x or does it even matter as long as the default gateway is set to 75.111.x.x and everything goes out there? Hopefully I can get over there to change the default gateway today and see if that works.

LVL 10

Expert Comment

ID: 34891824
You don't need to have physical access to the machine running IPCop: it is enough for you to login into that machine with any ssh-client.

Be aware you need to have 2 passwords: one for admin (web interface) and one for root (ssh command line interface), depending on what you want to do.

For understanding your third paragraph, I need more explanation: a small sketch of the wiring with IP addresses of the RED network, i.e. the modems and all the stuff between IPCop and the Internet, would be very useful.
LVL 12

Assisted Solution

Fidelius earned 250 total points
ID: 34892182

If I got it correctly, before Comcast cable, link from Verizon DSL router was directly connected to IPCop server, and IPCop GREEN interface was default gateway for all PC's, as the switch on wich all hosts are connected was directly connected to IPCop.

Now you added in between, Comcast cable modem and IPCop server, firewall. Also, I assume GREEN interface on IPCop server is from 192.168.1.x subnet, and the switch on which all PC hosts are connected is directly conected to firewall and to IPCop GREEN interface.

If all my assumptions are correct, what you need to do is as follows:
1. Change IP address between IPCop an firewall to for example 192.168.100.x, and give IPCop eth0 address from that range.
2. Disconnect host switch from firewall, and connect it to GREEN interface on IPCop server
3. Change default IP address on all hosts to IP of IPCop's GREEN interface

If I got something wrong, please provide network topology you had before, and one you are trying to achieve. Thanks!

LVL 10

Expert Comment

ID: 34894885
@Fidelius: you agree with me we need some clarification about the wiring scheme. I am not sure which gateway jim34 is speaking about: the gateway for IPCop itself to get on the Internet, or the gateway IPCop is giving to the computers of the LAN by the DHCP server to get connected to IPCop. I think there is a confusion amongst both. In the same way, from his explanation, I am not able to figure out if 192.168.1.x is the GREEN network or the RED network.

Anyway, the IP range you propose for the RED subnet (between IPCop and the router connected to the Internet) affects eth1, not eth0.

Best regards.
LVL 12

Expert Comment

ID: 34895235
@pfrancois: I agree we need more info, and complete picture.

My assumptions for IP address were based on info that eth0 has 71.113.x.x (DSL) from original post. So that must be RED interface.
Also, if jim34 put on all clients as default gateway, all client must be on network. I'm almost certan that GREEN interface has IP
@jim34: Jim please confirm that assumption.

So at the end, internal network should stay the same as it was with DSL line, he needs only to change RED interface parameters (IP address, mask, default gateway) to comply with new configuration.

To be on safe side, we definitely need more clarifications from jim34.


Author Comment

ID: 34897261
Thanks for the time you've spent on this, but I went ahead and bypassed IPCop completely and took it out. The new comcast internet connection was put on a Fortinet 80c firewall. I went ahead and got a admin password from the people who installed it and set up a web filtering profile on the vlan with the grade school on it yesterday. I turned off the GPO setting the proxy in IE and restarted the machines. This took IPCop completely out of the picture and we're good to go.

I'd love to give you points for the time you put in, but I'm not sure if I can. Please let me know and any points I can award I'll split between Fidelious and pfrancois.
LVL 10

Expert Comment

ID: 34901215
Since the answer of your initial question is here above (ssh login and run setup), I should give points... :D

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question