Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: IPCop multiple green networks... PLEASE HELP

IPCop multiple green networks... PLEASE HELP 11 years 1 week ago #11744

  • vince
  • vince's Avatar
  • Offline
  • New Member
  • Posts: 6
  • Karma: 0
Hi,

I've got a working ipcop machine with just red and green interfaces. However internally I've got a few VLANs and I would like machines on all of them to use this ipcop server as an Internet gateway / firewall.

I've managed to get the web proxy, etc. working for them by adding static routes back to the VLANS but I cannot get ipcop to work as a gateway for multiple internal networks.

I've searched the forums but haven't found a solution yet. One suggestion was to add rules like:

/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.20.0/24 -o $RED_DEV -j ACCEPT

to the rc.local file but this doesn't cut it.

anybody know how to do this?
The administrator has disabled public write access.

Re: IPCop multiple green networks... PLEASE HELP 11 years 1 week ago #11745

  • vince
  • vince's Avatar
  • Offline
  • New Member
  • Posts: 6
  • Karma: 0
I have a very similar problem. Please help. I have a CISCO VPN concentrator that lets our employees access the network from home. The internal network ip and subnet are different from given to users who come through the VPN concentrator from home. The VPN concentrator is directly connected to the internal switch of our green network.

Green Network = 192.168.1.0/24
VPN concentrator users = 192.168.2.0/24

The VPN users can see the entire internal network/access email/RDP to their computers with the old Firewall/Gateway. But as soon as I replaced it with the replaced IPCOP firewall VPN users could only ping the the gateway and the mailhost. They could not access any shared drives or remote control their computers. I have duplicated the persistant routes that were on the original Firewall/Gateway in the rc.local file but it still doesn't work. The entire network is working flawlessly except for VPN access, PLEASE HELP. IPCOP is somehow blocking the VPN users with IPs of 192.168.2.0/24 from accessing the GREEN network (192.168.1.0/24) and vice cersa. I really love IPCOP. Their must by a way to allow complete access to the green network from an IP address other then that set for the GREEN Network.

192.168.1.0/24 green interface and green network
192.168.2.0/24 also green interface but VPN network
Both subnet are plugged into the same switch but they cannot talk to each other. PLEASE HELP, thank you very much for any help you can offer.
The administrator has disabled public write access.

Re: IPCop multiple green networks... PLEASE HELP 11 years 1 week ago #11746

  • vince
  • vince's Avatar
  • Offline
  • New Member
  • Posts: 6
  • Karma: 0
www
|
|
|
|RED = xxx.xxx.xxx.xxx
IPCOP
|GREEN = 192.168.1.1
|
|
|
SWITCH----VPN Concentrator = 192.168.2.0/24
|
|
|
|
INTERNAL LAN
192.168.1.0/24


The Internal LAN works perfectly exactly as it should. But the VPN users cannot access the internal LAN. The 192,168.2.0/24 LAN must works just as the GREEN Network. They must be able to access each other completely. Thank you for any help.
The administrator has disabled public write access.

Re: IPCop multiple green networks... PLEASE HELP 11 years 1 week ago #11747

  • vince
  • vince's Avatar
  • Offline
  • New Member
  • Posts: 6
  • Karma: 0
There must be a way to make this happen by adding rules to the firewall file. Please help. Anyone who has experience altering the firewall rules of ipcop please help.

Ipcop also alows you to add your own iptables rules, the problem is that I don't know what I have to add to make this work. Any help is much appreciated. I have told my boss that IPCOP is the way to go and now I cannot continue because of this very small speed bump. Thank you.

P.S. I cannot use the orange or blue network as a substitute for a second green network because I will aso need those networks.
The administrator has disabled public write access.

Re: IPCop multiple green networks... PLEASE HELP 11 years 1 week ago #11750

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Vince, welcome to firewall.cx. Your problems are not being caused by iptables rules, but because you have not set up a method of routing between the 192.168.1.0/24 and 192.168.2.0/24 subnets. Your old firewall/gateway must have allowed IP routing between the subnets. One downside of IPCOP is that it does not allow multiple subnets on GREEN straight out of the box, and especially when the IPCOP GREEN NIC is expected to host the interfaces between the subnets. You're best off replacing your switch with a layer 3 switch and get that to do the routing between the subnets. Then all you need to do is to create a VLAN for the IPCOP and get that to route to the other VLANs on the switch.

If your switch is already Layer 3 then great!!
The administrator has disabled public write access.

Re: IPCop multiple green networks... PLEASE HELP 11 years 1 week ago #11753

  • vince
  • vince's Avatar
  • Offline
  • New Member
  • Posts: 6
  • Karma: 0
Thank you so much for responding so quickly...
I do not have a layer3 switch.
Please let me know if I can do this with IPCop.
I need to know what permanent routes to add and what iptables rules I need. I believe IPCop enables everything by default but also denies everything by default. Therefore I need to know exactly what iptable rules I need to open communication between these 2 networks.
My old firewall was a very simple redhat 7.2 running iptables. This firewall had no problem allowing these 2 networks to communicate because the default rules were not to deny everything.
Please help, and thank you so much for taking the time to read this.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup