Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have sucessfully installed IPCop 1.9.10 and I have setup my network as follows:
RED - ppoe (isp provides)
GREEN - 192.168.1.1
BLUE - 192.168.2.1
ORANGE - 192.168.3.1
I am able to access the internet from the green interface or any machine on it. I have a fileserver (192.168.1.11) on the green interface (ubuntu server) and that can acces too (ping and updates).
However a pc on the BLUE interface and the ORANGE interface cannot ping out or even the interface on ipcop nor can I do any updates. I have a web server (192.168.3.3) in the DMZ (ORANGE) and I need it to access the internet to do updates. The BLUE interface is connected to a wirless router and it and the pc's accessing it cant connect to the internet either. Can someone please help me sort this out as I need users to test websites and ftp to the orange server and it must update its self (using apt).
I'm not familiar with IPCop and its capabilities, but it sounds like one or more of the following:
1) the FORWARDING traffic chains you need for the BLUE and ORANGE subnets to see the internet, are missing. By default, different subnets won't talk to each other without forwarding. See number (2) for more on this.
2) In conjunction with (1) and assuming that the GREEN interface is connected to the default gateway, you need to be MASQUERADING to share the internet connection (also assuming a dynamic IP address).
3) IP_forwarding is not enabled via the /proc filesystem. Fix that with: echo 1 > /proc/sys/net/ipv4/ip_forward
So, if IPCop has settings for these items, double check them to see that this stuff is set up correctly. And, if this advice doesn't help in the least, or you don't understand it, do let us know. I or someone else (who perhaps knows IPCop better than me, which is not at all) will do our best to point you in the right direction.
UPDATE: I just quickly browsed through the online documentation of IPCop, and I must say it's pretty good. And, it looks like, based on my quick read, that surely there are settings in there which allow you to do exactly what you need-- it appears to be a well-made system; re-check the documentation carefully for the settings you need, and again, if you're still stuck, post back again and somebody who uses it regularly will likely stop in here and give more concise advice specifically tailored to IPCop.
Thank you Sasha for your response...I was using IPCop 1.4.21 before this and all worked well...I haddent done an update in months and (dumbass) decided to do it.
The green interface is the internal trusted network, the blue is for wireless devices, the orange is for DMZ, the red is the internet side (untrusted). So I have 4 NIC's in this box. The firewall rule sets in IPCop are pretty straight forward. by default the green interface allows all traffic out.
Surely if you have a server in the DMZ the firewall should just allow all traffic out and selected traffic (by rule) in...I have checked over everything since last night and have double checked all connections. from the ipcop box I can ping the nics and the servers connected to them but the servers just dont seem to ping the nics on the ipcop box that they are DIRECTLY connected to...I have also gone through all the documentation and to no avail. completely lost for answers...gonna go make sum coffee and try again.
Ok, sounds good. I did note in the docs that they mention a number of changes in the recent release(s). Despite changes, if you did as you say have all this working with an older release, then it ought to definitely work with the newer release, albeit maybe with slightly differently-labeled settings in the GUIs.
I'm going for breakfast and coffee too so I'll check back in a little while and see what's up.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.