Hi,

I have sucessfully installed IPCop 1.9.10 and I have setup my network as follows:

RED - ppoe (isp provides)
GREEN - 192.168.1.1
BLUE - 192.168.2.1
ORANGE - 192.168.3.1

I am able to access the internet from the green interface or any machine on it. I have a fileserver (192.168.1.11) on the green interface (ubuntu server) and that can acces too (ping and updates).

However a pc on the BLUE interface and the ORANGE interface cannot ping out or even the interface on ipcop nor can I do any updates. I have a web server (192.168.3.3) in the DMZ (ORANGE) and I need it to access the internet to do updates. The BLUE interface is connected to a wirless router and it and the pc's accessing it cant connect to the internet either. Can someone please help me sort this out as I need users to test websites and ftp to the orange server and it must update its self (using apt).

Thank you

I'm not familiar with IPCop and its capabilities, but it sounds like one or more of the following:

1) the FORWARDING traffic chains you need for the BLUE and ORANGE subnets to see the internet, are missing. By default, different subnets won't talk to each other without forwarding. See number (2) for more on this.

2) In conjunction with (1) and assuming that the GREEN interface is connected to the default gateway, you need to be MASQUERADING to share the internet connection (also assuming a dynamic IP address).

3) IP_forwarding is not enabled via the /proc filesystem. Fix that with: echo 1 > /proc/sys/net/ipv4/ip_forward

So, if IPCop has settings for these items, double check them to see that this stuff is set up correctly. And, if this advice doesn't help in the least, or you don't understand it, do let us know. I or someone else (who perhaps knows IPCop better than me, which is not at all) will do our best to point you in the right direction.

Kind regards,
Sasha

UPDATE: I just quickly browsed through the online documentation of IPCop, and I must say it's pretty good. And, it looks like, based on my quick read, that surely there are settings in there which allow you to do exactly what you need-- it appears to be a well-made system; re-check the documentation carefully for the settings you need, and again, if you're still stuck, post back again and somebody who uses it regularly will likely stop in here and give more concise advice specifically tailored to IPCop.

Sasha

Thank you Sasha for your response...I was using IPCop 1.4.21 before this and all worked well...I haddent done an update in months and (dumbass) decided to do it.

The green interface is the internal trusted network, the blue is for wireless devices, the orange is for DMZ, the red is the internet side (untrusted). So I have 4 NIC's in this box. The firewall rule sets in IPCop are pretty straight forward. by default the green interface allows all traffic out.

Surely if you have a server in the DMZ the firewall should just allow all traffic out and selected traffic (by rule) in...I have checked over everything since last night and have double checked all connections. from the ipcop box I can ping the nics and the servers connected to them but the servers just dont seem to ping the nics on the ipcop box that they are DIRECTLY connected to...I have also gone through all the documentation and to no avail. completely lost for answers...gonna go make sum coffee and try again.

Ok, sounds good. I did note in the docs that they mention a number of changes in the recent release(s). Despite changes, if you did as you say have all this working with an older release, then it ought to definitely work with the newer release, albeit maybe with slightly differently-labeled settings in the GUIs.

I'm going for breakfast and coffee too so I'll check back in a little while and see what's up.

Sasha