Two NICs and routing

bks · 02-16-2007, 07:53 AM

i'm just trying to set up a firewall for our internet connection by using IPCOP;

our internet connection is throu a router and it's frame relay type(leased line)

so i wanted to connect the router directly to the IPCOP box (firewall)

i selected networking as as GREEN & RED

our internal network series 192.168.168.0 netmask 255.255.255.0

i gave the green card an ip 192.168.168.7 which connect to the internal network (Gateway)

the other card (eth1) is given 10.0.1.2 netmask 255.255.255.252
the router ip is 10.0.1.1 netmask 255.255.255.252

my problem is i can't ping the router from my internal network

i cannot ping the router from IPCOP box as well

how can i go about it? how cn i route this ip!
help appreciated

wildar · 02-17-2007, 02:02 AM

Might help if you could post results of these command 'route' and 'iptables -L'

bks · 02-19-2007, 01:14 PM

route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.1.0 * 255.255.255.252 U 0 0 0 eth1
192.168.168.0 * 255.255.255.0 U 0 0 0 eth0
default 10.0.1.1 0.0.0.0 UG 0 0 0 eth1

iptables -L
Chain BADTCP (2 references)
target prot opt source destination
PSCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
PSCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
PSCAN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
PSCAN tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
PSCAN tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
NEWNOTSYN tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW

Chain CUSTOMFORWARD (1 references)
target prot opt source destination

Chain CUSTOMINPUT (1 references)
target prot opt source destination

Chain CUSTOMOUTPUT (1 references)
target prot opt source destination

Chain DHCPBLUEINPUT (1 references)
target prot opt source destination

Chain DMZHOLES (0 references)
target prot opt source destination

Chain GUIINPUT (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request

Chain INPUT (policy DROP)
target prot opt source destination
ipac~o all -- anywhere anywhere
BADTCP all -- anywhere anywhere
CUSTOMINPUT all -- anywhere anywhere
GUIINPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
DROP all -- 127.0.0.0/8 anywhere state NEW
DROP all -- anywhere 127.0.0.0/8 state NEW
ACCEPT !icmp -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere
DHCPBLUEINPUT all -- anywhere anywhere
IPSECRED all -- anywhere anywhere
IPSECBLUE all -- anywhere anywhere
WIRELESSINPUT all -- anywhere anywhere state NEW
REDINPUT all -- anywhere anywhere
XTACCESS all -- anywhere anywhere state NEW
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `INPUT '

Chain FORWARD (policy DROP)
target prot opt source destination
ipac~fi all -- anywhere anywhere
ipac~fo all -- anywhere anywhere
BADTCP all -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
CUSTOMFORWARD all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
DROP all -- 127.0.0.0/8 anywhere state NEW
DROP all -- anywhere 127.0.0.0/8 state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere
WIRELESSFORWARD all -- anywhere anywhere state NEW
REDFORWARD all -- anywhere anywhere
PORTFWACCESS all -- anywhere anywhere state NEW
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `OUTPUT '

Chain IPSECBLUE (1 references)
target prot opt source destination

Chain IPSECRED (1 references)
target prot opt source destination

Chain LOG_DROP (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning
DROP all -- anywhere anywhere

Chain LOG_REJECT (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain NEWNOTSYN (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `NEW not SYN? '
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ipac~i all -- anywhere anywhere
CUSTOMOUTPUT all -- anywhere anywhere

Chain PORTFWACCESS (1 references)
target prot opt source destination

Chain PSCAN (5 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `TCP Scan? '
LOG udp -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `UDP Scan? '
LOG icmp -- anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `ICMP Scan? '
LOG all -f anywhere anywhere limit: avg 10/min burst 5 LOG level warning prefix `FRAG Scan? '
DROP all -- anywhere anywhere

Chain REDFORWARD (1 references)
target prot opt source destination

Chain REDINPUT (1 references)
target prot opt source destination

Chain WIRELESSFORWARD (1 references)
target prot opt source destination

Chain WIRELESSINPUT (1 references)
target prot opt source destination

Chain XTACCESS (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 10.0.1.2 tcp dpt:ident

Chain ipac~fi (1 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere

Chain ipac~fo (1 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere

Chain ipac~i (1 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere

Chain ipac~o (1 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere

the above are the results from IpCOP 4.13; i want connect back to back the router to IPCOP box; help appreciated