Link to home
Create AccountLog in
Avatar of Tom-Vanderbilt
Tom-Vanderbilt

asked on

IPCop configuration help

Not sure if anyone can help me with trying to get my Internet connection up and running using IPCop 1.4.21.  I downloaded and installed IPCop with no problem.  I am doing a very basic network configuration with a static IP from my ISP on the red interface and my network on the green interface with no DHCP service needed for the internal network.  I put the static IP, DNS IP, and gateway IP addresses onto the red interface with no trouble.  I have my static IP that I am using on the green interface.  

I set my computers gateway address as the green interface address and use the same two DNS server addresses that was given to me by my ISP.  I cannot get any web pages to load up.  I try to ping something directly with an IP address and still nothing.  I am able to ping the gateway address that was provided to me by my ISP but I cannot ping the DNS servers provided.  I know that they are working because I can ping them from another location.  

I am stuck as to what to try.  I am pretty sure that everything is configured right in IPCop.  Below are some screenshots of my configuration.


network-status.JPG
services.JPG
Avatar of Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Flag of United Kingdom of Great Britain and Northern Ireland image

Have you allowed DNS rules from the Green to Red for DNS, and have you also granted ICMP Echo rules from the Green to Red also?
Avatar of Tom-Vanderbilt
Tom-Vanderbilt

ASKER

Are you talking about firewall rules?  The ports from green to red are all open by default.
@Tom-Vanderbilt: right, you don't need to add rules to the configuration by default.

The IP address of the DNS server you have to give to the computers of your GREEN network is the address of the GREEN interface of IPCop. It is better that IPCop resolves the IP addresses.

Check if you are not confusing the RED and the GREEN interface of IPCop.

I never tried to run IPcop with no proxy running. This could be a problem. I would like to know if there is any reason for your proxy server not to run.
@pfrancois:  Ok I did not put the address of the green interface as a DNS server onto the computer I was testing.  I will have to try that tomorrow and see what happens.  As far as the proxy is concerned, I did not set the proxy up because I was not sure if I actually needed it or not.  I only installed IPCop and tried to get things going.  I haven't tried to start any of the other services.
Ok I tried setting the DNS setting on my computer to point to the IPCop IP address on the green interface and still nothing.  I also tried using the proxy service but that did not do anything either.  Now here is a weird thing.  This is the second kind of routing device that I have tried using to get a connection to the internet.  The first device that I tried is a Juniper SSG5 and I currently have an open question with that one here.  I also tried for the hell of it a basic Linksys wired router that I had laying around.  With that I was able to get a connection but I cannot use that because I am trying to use the device with the firewall and VPN that both IPCop or Juniper has.  

At this point I really am lost as to what the problem could be.  The setup is not that difficult, especially with IPCop.  It seems to be a hell of a lot easier to setup than the Juniper device is.  I know the Juniper is working because I have it setup on my other Internet connection but using a dynamic IP address from the ISP.  Works just fine.
A common pitfall with IPCop is to connect the red interface to the LAN and the GREEN interface to the modem.

If you can configure your IPCop, I suppose you can login into IPCop with a SSH client. Try simple operations on IPCop itself like what you did with a computer from your LAN: ping the gateway address that was provided to you by your ISP and ping the DNS servers provided. If this doesn't work, the rest won't. And that would mean the problem is in the configuration of your DSL/cable modem.
I know that I do not have the interfaces switched (red on LAN and green on modem).  As far as pinging is concerned, I am able to ping the gateway address that was provided to me by my ISP but I cannot ping the DNS for some reason.  When I hook up the basic Linksys router, I am able to ping both the gateway and DNS servers.
I suppose your configuration is as follows:

host 10.0.110.27 ---- switch ---- 10.0.110.42 IPCop 108.58.54.66 ---- modem ---- 108.58.54.65 ISP
                                        (doesn't connect)                  |
                                                                           Linksys router (connects)

Open in new window


I hope the drawing above remain clear with other fonts having other spacing than mine.

From your screenshot network-status.jpg, it is clear that the ISP stopped the dialogue with IPCop after transmitting only 6 packets. This could mean that the ISP is refusing to connect with IPCop, possibly because it doesn't recognize the MAC address of the Linksys router they use to see. That should be a reason why either the Juniper cannot connect.

Now there is no problem to put the Linksys router between the modem and IPCop and still have VPN working. That could be a solution, but then you have to define a default LAN server in the settings of your Linksys router.
Ok the only thing I was doing with the Linksys router was to test to see if I could get a internet connection with it in place of the IPCop box.  So with the Linksys router I tried and the modem is the one provided by the ISP (in this case Cablevision) that has to stay in the setup:

1: host  10.0.110.27---switch---10.0.110.42 Linksys 108.58.54.66---108.58.54.65 modem --->Internet
                                                                 (connects to Internet fine)

The configuration for IPCop that I am trying to do is exactly the same as above except you replace the Linksys with the IPCop box.  So it would look like this:

2:  host 10.0.110.27 ---switch--- 10.0.110.42 IPCop 108.58.54.66 ---108.58.54.65 modem--->Internet
                                                               (No connection to Internet)

With the IPCop setup, I can ping 108.58.54.66 & 108.58.54.65 with no problem.  The DNS servers that were provided to me by the ISP (167.206.7.4 & 167.206.254.1) is where I have the problem pinging.  Those lay on the other side of the modem provided to me:

2:    Internal network <--- 108.58.54.65 modem ---> DNS Servers (167.206.7.4 & 167.206.254.1)

Hope this clears it up.
The only difference between the Linksys router and IPCop, as seen from the cable modem, is their MAC address. So is it possible that the cable modem refuses to connect any other device than the Linksys router according to its MAC address? Are there firewalling features into that cable modem? Can you surf to any webinterface (http/https) at 108.58.54.65?

Try to setup the RED interface of IPCop as DHCP and connect it then to the LAN side of the Linksys and let's see if that works.
I don't use the Linksys with the IPCop together.  Its either one or the other.  I only mentioned the Linksys because using that I can connect to the Internet with the host computer.  The Linksys is not even in the picture for what I am doing with the IPCop.  Where I labeled modem in my outline in the above message, that is not the Linksys, that is the cable modem that is issued by the ISP.

I just proposed you to connect the Internet with both devices for debugging purposes.

If you don't want to do this, then the only track left over is to see if the cable modem restricts the access for some MAC addresses.
As far as the cable modem restricting certain MAC addresses, it doesn't do that apparently.  I checked with the ISP.  I would not be able to hook the Linksys router in after the modem because the connection coming from the ISP is a coax connection into the modem.
Another track: if your IPCop cannot connect directly to the cable modem, try to put a switch (or a crossed cable) between IPCop and the modem.
@pfrancois:  I think it is connecting now.  I was going to take the IPCop box and try it at another location that has static IP.  I put the new address into the red interface and was going to take it there.  Something came up and I ended up putting the static IP address that I have at this location back in and for some reason it is now connecting.  Maybe it was something inside the settings that was screwing it up.  I don't even know but I will just keep this open till the end of the day to make sure that it stays up and running and will get back to you.  Thanks
Great: keep me informed.
@pfrancois  Everything is still working great.  Just have one other quick question if you happen to know offhand.  Do you know if there is any kind of addon for IPCop that will redirect Internet traffic to a Websense server.  I have that option now on a Juniper SSG5 and wasn't sure if there was something like that for IPCop.  I have seen other addons for IPCop like Copfilter and URLFilter.  But wasn't sure if there was a redirector to a Websense server that I already have in place.

Thanks for all the help.
ASKER CERTIFIED SOLUTION
Avatar of Pierre François
Pierre François
Flag of Belgium image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Its no big deal.  Just wanted to throw that out there.  Its not something critical to me at this point.  I am good with the way IPCop is working right now.  Thank you very much for the help.