LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-02-2006, 08:00 AM   #1
waelaltaqi
Member
 
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454

Rep: Reputation: 31
IPCOP outside webadmin access


i have an ipcop box which i'm able to access using ssh over port 222. but for some reason I'm not able to access the webadmin page from outside. i opened the port 445 for external access for both TCP and UDP. the RED interface is taking a DHCP address from my cable modem and i configured a dynamic DNS record which i'm able to resolve from outside. i can get SSH with Putty just fine but i can't get my web browser to the admin page although i'm doing the same thing for both ports 222 and 445. take a look at this:

Code:
Using username "root".

root@ipcop:~ # netstat -tnap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.0.1:800         0.0.0.0:*               LISTEN      614/(squid)
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      3192/spamd -d -i 12
tcp        0      0 0.0.0.0:81              0.0.0.0:*               LISTEN      350/httpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      312/dnsmasq
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      350/httpd
tcp        0      0 0.0.0.0:222             0.0.0.0:*               LISTEN      363/sshd
tcp        0      0 72.51.161.35:222        65.14.57.73:1231        ESTABLISHED 10042/0
tcp        0      0 72.51.161.35:222        65.14.57.73:1184        ESTABLISHED 9833/sshd: root@not
root@ipcop:~ #
it looks for me that the ipcop box is listening for port 445 on the external interface ... any suggestions?
 
Old 11-02-2006, 10:52 AM   #2
bioalchemist
Member
 
Registered: Oct 2005
Distribution: mandriva
Posts: 106

Rep: Reputation: 15
So by "outside" do you mean from a computer at another IP address, not within your green (or blue) network? I have not tried that yet, but to do it from inside my green network (also works within blue, too), all I have to do is go to https://192.168.1.1:445 Make 192.168.1.1 whatever you assigned your IPCop box when you set it up. Now, I did have to change my port from 445 to something else whenever I setup print sharing between blue and green networks because I think UDP uses 445 for that, and you can't access the webadmin page if printer is being shared.
 
Old 11-02-2006, 12:43 PM   #3
waelaltaqi
Member
 
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454

Original Poster
Rep: Reputation: 31
i can access the web admin from green just fine. but i can't do web admin from outside. i found out the problem by the way. it looks like my ISP blocks 445 requests. now i have to change the port and everything should be fine. the problem is i don't know how to change the port to something else after installing ipcop. do you know how to change the port after installation?
 
Old 11-02-2006, 11:31 PM   #4
bioalchemist
Member
 
Registered: Oct 2005
Distribution: mandriva
Posts: 106

Rep: Reputation: 15
Quote:
Originally Posted by waelaltaqi
i can access the web admin from green just fine. but i can't do web admin from outside. i found out the problem by the way. it looks like my ISP blocks 445 requests. now i have to change the port and everything should be fine. the problem is i don't know how to change the port to something else after installing ipcop. do you know how to change the port after installation?
If you can ssh into it, you can do this:

Code:
/usr/local/bin/setreservedports 5445
and that should set your port to 5445. You can use any number between 445 and 65535.
 
Old 11-03-2006, 11:17 AM   #5
waelaltaqi
Member
 
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454

Original Poster
Rep: Reputation: 31
thanks man. i searched for a solution yesterday and i changed it to 5445 port and i'm able to get the admin page from outside. now i want to get the VPN part working. the VPN client for windows just sucks and i was trying to find a VPN client that works with IPCOP from WINDOWS XP. can you help me with that?
 
Old 11-03-2006, 12:14 PM   #6
bioalchemist
Member
 
Registered: Oct 2005
Distribution: mandriva
Posts: 106

Rep: Reputation: 15
hmm i've not done it, but I think my buddy uses this one: http://sourceforge.net/projects/lsipsectool/

download it and give it a try.
 
Old 11-03-2006, 04:18 PM   #7
waelaltaqi
Member
 
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454

Original Poster
Rep: Reputation: 31
i downloaded lsipsectools. this my first time configuring VPN and i think i need some help here. My ipcop is configured to do Tunneling with PSK authentication. here is my network diagram:

192.168.0.1 <<< Green - IPcop - RED >>>> 72.51.x.x

i configured ipsectools and it's coming back
with the following log:

Code:
16:16:31: Starting Tunnel

16:16:31: IKE Encryption: 3des
IKE Integrity: md5
Remote Gateway Address: 72.51.161.35
Remote Monitor Address: 192.168.0.1
Remote Network: 192.168.0.0/0.0.0.24
Local Address: 172.28.1.100
Local Network: 172.28.1.100/0.0.0.24
16:17:10: 15 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...
the ipcop box is configured to do default authentication and integrity encryption 3des for encryption and
md5 for integrity. any ideas?
 
Old 11-03-2006, 04:40 PM   #8
bioalchemist
Member
 
Registered: Oct 2005
Distribution: mandriva
Posts: 106

Rep: Reputation: 15
No, I'm afraid I can't help you there. I did try to do this once, but failed - I got the same thing you got. I never pursued it any further because I didn't really need it, I just wanted to see if I could do it. Hopefully there is another member of the linux community more knowledgable than I who can help you out!
 
Old 11-03-2006, 11:48 PM   #9
waelaltaqi
Member
 
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454

Original Poster
Rep: Reputation: 31
i'm pretty new to this VPN thing. but it looks for me that not evey VPN client works with every VPN firewall. it looks for me that IPCOP works best in net-to-net environment; with another IPCOP box or another IPSEC capable firewall. what firewall/client combination you're using (open source of course?), would you think that the host-to-net environment would work better with a Linux client on the other end? i know that my questions are very general but that's the way it is when you try to learn a new thing. thanks in advance.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCop access from outside Cps530 Linux - Security 11 11-03-2006 05:19 PM
Time out with external access to IPCOP digitalhen Linux - Security 0 12-06-2005 03:28 AM
access control in IPcop BillyB Linux - Networking 0 02-26-2005 09:06 AM
ipcop - can't access web interface esears Linux - Software 0 06-03-2004 06:14 AM
External access to Ipcop Cps530 Linux - Security 2 08-12-2002 09:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration