Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: IPcop filtering incoming traffic

IPcop filtering incoming traffic 9 years 2 months ago #30886

  • ricka
  • ricka's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 7
  • Thank you received: 0
i am trying to setup incoming filters through rc.local file on ipcop
but can not block the ip traffic for a given network
below is my rc.local config#!/bin/sh
#variables defined therein
. /var/ipcop/ethernet/settings

# Flush Custom Input Rules
/sbin/iptables -F CUSTOMINPUT
/sbin/iptables -F CUSTOMFORWARD

# shorthand helper
IPT="/sbin/iptables"

$IPT -A CUSTOMINPUT -i ppp0 -p ip -m iprange --src-range x.x.x.x-y.y.y.y -j DROP

I'm using a DSL line and configured ipcop for a single green interface connection
can somebody verify my rc.local file if I am missing anything
thank u for your time

Re: IPcop filtering incoming traffic 9 years 2 months ago #30895

Dalight is the IPCop king. I'll give him a prod to take a look at your question

Re: IPcop filtering incoming traffic 9 years 2 months ago #30905

  • ricka
  • ricka's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 7
  • Thank you received: 0
I actually got IPCOP to work by reconfiguring the network connections from a single green to a red and green setup
IPCOP is now blocking the incoming traffic to my trusted machines
my problem now is opening up specific TCP ports from outside
accessing my trusted machines
used the port forwarding feature by specifying the internal ip
address of the destination machine and left source as default all
specified tcp 5900 for VNC but no go, do you need to use the
file rc.firewall.local for this type of filters
your assistance is greatly appreciated

Re: IPcop filtering incoming traffic 9 years 2 months ago #30911

hello ricka, I have no knowledge in writing a proper syntax in IPTables. But I have used the GUI. Portforwarding feature should do the job for you.

I would double check the portforwarding you made through the GUI like does VNC uses TCP or UDP? I think it uses TCP but please refer to your specific VNC program documentation and double check that.

Please note that some VNC like programs can use multiple ports also check that and create multiple portforwarding rule for each required port.

you could check your firewall logs and see if it is listing any drop packets coming from red network to green network and on what port. this will help you in troubleshooting.

do you have BOT installed? BOT will take over the basic IPCop firewall rules and will drop all connections unless you make a new rule specifying source, destination and port required.

if you have BOT installed then just make a new rule and open the required port.

and finally check your PC firewall! maybe be your problem lies there and not on your IPCop.

good luck

Re: IPcop filtering incoming traffic 9 years 2 months ago #30929

  • ricka
  • ricka's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 7
  • Thank you received: 0
Syshalt, many thanks for your time and info, I have confirmed that
VNC only requires TCP port 5900 to work, I currently do not have BOT installed but will probably do it some time, as for the Firewall
logs I do not see any events stating that the incoming port tcp 5900 is even being blocked. My local machine does have FW feature
disabled so I guess I am left with trying BOT

Re: IPcop filtering incoming traffic 9 years 2 months ago #30930

  • ricka
  • ricka's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 7
  • Thank you received: 0
update the BOT only filters outbound traffic, tried the rc.firewall.local files under /etc/rc.d but still no go
hope someone out there will have an answer
  • Page:
  • 1
  • 2
Time to create page: 0.141 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup