I have IPCop with green and red cards. In my green network I have a SSH server using port 22 (IP: 192.168.0.1). My red card is connected to internet with fix IP. I want access my SSH server from outside using port 22 (my ISP blocks other ports). I set external services to open port 22 and forward port 22 from red to my internal ip 192.168.0.1 port 22. I also enabled SSH in IP configuration web page. All seems right, my access from internal network to internet is OK. But external access to my SSH server is completely imposible!! What am I doing wrong? Does anyone have an idea? Thanks in advance.

Have you tried to build a connection from inside your network over your external IP ( red_zone) into your LAN ( green_zone)
or
really from outside ???

because ruleset may identify this as a spoofing attack and drop or reject any packet.

From really outside!!

What says tcpdump dst host *your firewallsys* ?

What about the handshake ? Connection tracking ?

My company blocks ssh connections goin` outside [ tunneling ...]

IPCOP uses port 222 instead of 22 for SSH

BTW, it uses 445, instead of 443 for webadmin

hth,

djel4468

i have a similar problem but not with SSH. i opened port 222 for external access and it's working fine from outside. My problem is with the web admin which works on port 445. i enabled external access and opened tcp and udp ports 445. but some reason it's not working. the ipcop box is at home and i'm trying from work now and it's not working. is there a possibility that my ISP is blocking that port? is there a way to change that port from the ipcop box?

Most IPS's block port 445, so you probably need to change the SSL port for working external access.

i think you're right. i did a NETSTAT from my XP laptop and it looks that 445 request is getting stuck on the ISP end. how can i change the port 445 to something else. what about changing it to normal 443?!

Opening the webadmin interface to the entire net isn't necessarily a good idea, but here's a topic in the IPCop Support Forums that covers what's necessary:

http://www.ipcops.com/index.php?name...125&highlight=

After running IPCop for years, I'm a pfSense convert now. It allows a great deal more specific control on what networks/addresses can access particular ports etc. Its VPN modules are a lot better, too.

Good luck!

thanks man. i searched for a solution yesterday and i changed it to 5445 port and i'm able to get the admin page from outside. the firewall if for training purposes only. i'm trying now i want to get the VPN part working but the VPN client for windows just sucks and i was trying to find a IPSEC VPN client that works with IPCOP from WINDOWS XP. any suggestions?

Have you looked at the OpenVPN client?

I think I've seen reports of success with that.

I've only done site-to-site VPN's, so I can't tell you what might work the best...

Good luck!

well, i downloaded something called lsipsectools from source forge. this my first time configuring VPN and i think i need some help here. My ipcop is configured to do Tunneling with PSK authentication. here is my network diagram:

192.168.0.1 <<< Green - IPcop - RED >>>> 72.51.x.x

i configured ipsectools and it's coming back
with the following log:



the ipcop box is configured to do default authentication and integrity encryption 3des for encryption and
md5 for integrity. any ideas?