LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-27-2002, 09:44 AM   #1
Cps530
LQ Newbie
 
Registered: Jul 2002
Posts: 8

Rep: Reputation: 0
IPCop access from outside


I have IPCop with green and red cards. In my green network I have a SSH server using port 22 (IP: 192.168.0.1). My red card is connected to internet with fix IP. I want access my SSH server from outside using port 22 (my ISP blocks other ports). I set external services to open port 22 and forward port 22 from red to my internal ip 192.168.0.1 port 22. I also enabled SSH in IP configuration web page. All seems right, my access from internal network to internet is OK. But external access to my SSH server is completely imposible!! What am I doing wrong? Does anyone have an idea? Thanks in advance.
 
Old 07-27-2002, 06:00 PM   #2
demarque
LQ Newbie
 
Registered: Jul 2002
Posts: 10

Rep: Reputation: 0
Have you tried to build a connection from inside your network over your external IP ( red_zone) into your LAN ( green_zone)
or
really from outside ???

because ruleset may identify this as a spoofing attack and drop or reject any packet.
 
Old 07-27-2002, 07:29 PM   #3
Cps530
LQ Newbie
 
Registered: Jul 2002
Posts: 8

Original Poster
Rep: Reputation: 0
From really outside!!
 
Old 07-28-2002, 10:46 AM   #4
demarque
LQ Newbie
 
Registered: Jul 2002
Posts: 10

Rep: Reputation: 0
What says tcpdump dst host *your firewallsys* ?

What about the handshake ? Connection tracking ?

My company blocks ssh connections goin` outside [ tunneling ...]
 
Old 08-30-2002, 07:50 PM   #5
djel4468
LQ Newbie
 
Registered: Aug 2002
Posts: 1

Rep: Reputation: 0
Lightbulb IPCop access from outside

IPCOP uses port 222 instead of 22 for SSH

BTW, it uses 445, instead of 443 for webadmin

hth,

djel4468
 
Old 11-02-2006, 07:37 AM   #6
waelaltaqi
Member
 
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454

Rep: Reputation: 31
webadmin access

i have a similar problem but not with SSH. i opened port 222 for external access and it's working fine from outside. My problem is with the web admin which works on port 445. i enabled external access and opened tcp and udp ports 445. but some reason it's not working. the ipcop box is at home and i'm trying from work now and it's not working. is there a possibility that my ISP is blocking that port? is there a way to change that port from the ipcop box?
 
Old 11-02-2006, 11:56 AM   #7
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
Most IPS's block port 445, so you probably need to change the SSL port for working external access.
 
Old 11-02-2006, 12:38 PM   #8
waelaltaqi
Member
 
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454

Rep: Reputation: 31
i think you're right. i did a NETSTAT from my XP laptop and it looks that 445 request is getting stuck on the ISP end. how can i change the port 445 to something else. what about changing it to normal 443?!
 
Old 11-03-2006, 05:02 AM   #9
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
Opening the webadmin interface to the entire net isn't necessarily a good idea, but here's a topic in the IPCop Support Forums that covers what's necessary:

http://www.ipcops.com/index.php?name...125&highlight=

After running IPCop for years, I'm a pfSense convert now. It allows a great deal more specific control on what networks/addresses can access particular ports etc. Its VPN modules are a lot better, too.

Good luck!
 
Old 11-03-2006, 11:20 AM   #10
waelaltaqi
Member
 
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454

Rep: Reputation: 31
thanks man. i searched for a solution yesterday and i changed it to 5445 port and i'm able to get the admin page from outside. the firewall if for training purposes only. i'm trying now i want to get the VPN part working but the VPN client for windows just sucks and i was trying to find a IPSEC VPN client that works with IPCOP from WINDOWS XP. any suggestions?
 
Old 11-03-2006, 03:00 PM   #11
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
Have you looked at the OpenVPN client?

I think I've seen reports of success with that.

I've only done site-to-site VPN's, so I can't tell you what might work the best...

Good luck!
 
Old 11-03-2006, 05:19 PM   #12
waelaltaqi
Member
 
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454

Rep: Reputation: 31
well, i downloaded something called lsipsectools from source forge. this my first time configuring VPN and i think i need some help here. My ipcop is configured to do Tunneling with PSK authentication. here is my network diagram:

192.168.0.1 <<< Green - IPcop - RED >>>> 72.51.x.x

i configured ipsectools and it's coming back
with the following log:

Code:
16:16:31: Starting Tunnel 16:16:31: IKE Encryption: 3des IKE Integrity: md5 Remote Gateway Address: 72.51.161.35 Remote Monitor Address: 192.168.0.1 Remote Network: 192.168.0.0/0.0.0.24 Local Address: 172.28.1.100 Local Network: 172.28.1.100/0.0.0.24 16:17:10: 15 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...


the ipcop box is configured to do default authentication and integrity encryption 3des for encryption and
md5 for integrity. any ideas?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need IPCop to IpCop VPN assistance Freddde Linux - Networking 1 09-15-2005 02:28 PM
access control in IPcop BillyB Linux - Networking 0 02-26-2005 09:06 AM
ipcop - can't access web interface esears Linux - Software 0 06-03-2004 06:14 AM
IPCOP firewall,router=no client access busbarn Linux - Networking 1 05-07-2003 10:27 AM
External access to Ipcop Cps530 Linux - Security 2 08-12-2002 09:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration