Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-02-2006, 08:00 AM
|
#1
|
Member
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454
Rep:
|
IPCOP outside webadmin access
i have an ipcop box which i'm able to access using ssh over port 222. but for some reason I'm not able to access the webadmin page from outside. i opened the port 445 for external access for both TCP and UDP. the RED interface is taking a DHCP address from my cable modem and i configured a dynamic DNS record which i'm able to resolve from outside. i can get SSH with Putty just fine but i can't get my web browser to the admin page although i'm doing the same thing for both ports 222 and 445. take a look at this:
Code:
Using username "root".
root@ipcop:~ # netstat -tnap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.0.1:800 0.0.0.0:* LISTEN 614/(squid)
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 3192/spamd -d -i 12
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 350/httpd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 312/dnsmasq
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 350/httpd
tcp 0 0 0.0.0.0:222 0.0.0.0:* LISTEN 363/sshd
tcp 0 0 72.51.161.35:222 65.14.57.73:1231 ESTABLISHED 10042/0
tcp 0 0 72.51.161.35:222 65.14.57.73:1184 ESTABLISHED 9833/sshd: root@not
root@ipcop:~ #
it looks for me that the ipcop box is listening for port 445 on the external interface ... any suggestions?
|
|
|
11-02-2006, 10:52 AM
|
#2
|
Member
Registered: Oct 2005
Distribution: mandriva
Posts: 106
Rep:
|
So by "outside" do you mean from a computer at another IP address, not within your green (or blue) network? I have not tried that yet, but to do it from inside my green network (also works within blue, too), all I have to do is go to https://192.168.1.1:445 Make 192.168.1.1 whatever you assigned your IPCop box when you set it up. Now, I did have to change my port from 445 to something else whenever I setup print sharing between blue and green networks because I think UDP uses 445 for that, and you can't access the webadmin page if printer is being shared.
|
|
|
11-02-2006, 12:43 PM
|
#3
|
Member
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454
Original Poster
Rep:
|
i can access the web admin from green just fine. but i can't do web admin from outside. i found out the problem by the way. it looks like my ISP blocks 445 requests. now i have to change the port and everything should be fine. the problem is i don't know how to change the port to something else after installing ipcop. do you know how to change the port after installation?
|
|
|
11-02-2006, 11:31 PM
|
#4
|
Member
Registered: Oct 2005
Distribution: mandriva
Posts: 106
Rep:
|
Quote:
Originally Posted by waelaltaqi
i can access the web admin from green just fine. but i can't do web admin from outside. i found out the problem by the way. it looks like my ISP blocks 445 requests. now i have to change the port and everything should be fine. the problem is i don't know how to change the port to something else after installing ipcop. do you know how to change the port after installation?
|
If you can ssh into it, you can do this:
Code:
/usr/local/bin/setreservedports 5445
and that should set your port to 5445. You can use any number between 445 and 65535.
|
|
|
11-03-2006, 11:17 AM
|
#5
|
Member
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454
Original Poster
Rep:
|
thanks man. i searched for a solution yesterday and i changed it to 5445 port and i'm able to get the admin page from outside. now i want to get the VPN part working. the VPN client for windows just sucks and i was trying to find a VPN client that works with IPCOP from WINDOWS XP. can you help me with that?
|
|
|
11-03-2006, 04:18 PM
|
#7
|
Member
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454
Original Poster
Rep:
|
i downloaded lsipsectools. this my first time configuring VPN and i think i need some help here. My ipcop is configured to do Tunneling with PSK authentication. here is my network diagram:
192.168.0.1 <<< Green - IPcop - RED >>>> 72.51.x.x
i configured ipsectools and it's coming back
with the following log:
Code:
16:16:31: Starting Tunnel
16:16:31: IKE Encryption: 3des
IKE Integrity: md5
Remote Gateway Address: 72.51.161.35
Remote Monitor Address: 192.168.0.1
Remote Network: 192.168.0.0/0.0.0.24
Local Address: 172.28.1.100
Local Network: 172.28.1.100/0.0.0.24
16:17:10: 15 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...
the ipcop box is configured to do default authentication and integrity encryption 3des for encryption and
md5 for integrity. any ideas?
|
|
|
11-03-2006, 04:40 PM
|
#8
|
Member
Registered: Oct 2005
Distribution: mandriva
Posts: 106
Rep:
|
No, I'm afraid I can't help you there. I did try to do this once, but failed - I got the same thing you got. I never pursued it any further because I didn't really need it, I just wanted to see if I could do it. Hopefully there is another member of the linux community more knowledgable than I who can help you out!
|
|
|
11-03-2006, 11:48 PM
|
#9
|
Member
Registered: Sep 2005
Location: USA, TN
Distribution: CentOS & Ubuntu for Desktop
Posts: 454
Original Poster
Rep:
|
i'm pretty new to this VPN thing. but it looks for me that not evey VPN client works with every VPN firewall. it looks for me that IPCOP works best in net-to-net environment; with another IPCOP box or another IPSEC capable firewall. what firewall/client combination you're using (open source of course?), would you think that the host-to-net environment would work better with a Linux client on the other end? i know that my questions are very general but that's the way it is when you try to learn a new thing. thanks in advance.
|
|
|
All times are GMT -5. The time now is 01:49 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|