Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: IPcop filtering incoming traffic

IPcop filtering incoming traffic 7 years 5 months ago #30886

  • ricka
  • ricka's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
i am trying to setup incoming filters through rc.local file on ipcop
but can not block the ip traffic for a given network
below is my rc.local config#!/bin/sh
#variables defined therein
. /var/ipcop/ethernet/settings

# Flush Custom Input Rules
/sbin/iptables -F CUSTOMINPUT
/sbin/iptables -F CUSTOMFORWARD

# shorthand helper
IPT="/sbin/iptables"

$IPT -A CUSTOMINPUT -i ppp0 -p ip -m iprange --src-range x.x.x.x-y.y.y.y -j DROP

I'm using a DSL line and configured ipcop for a single green interface connection
can somebody verify my rc.local file if I am missing anything
thank u for your time
The administrator has disabled public write access.

Re: IPcop filtering incoming traffic 7 years 4 months ago #30895

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
Dalight is the IPCop king. I'll give him a prod to take a look at your question
The administrator has disabled public write access.

Re: IPcop filtering incoming traffic 7 years 4 months ago #30905

  • ricka
  • ricka's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
I actually got IPCOP to work by reconfiguring the network connections from a single green to a red and green setup
IPCOP is now blocking the incoming traffic to my trusted machines
my problem now is opening up specific TCP ports from outside
accessing my trusted machines
used the port forwarding feature by specifying the internal ip
address of the destination machine and left source as default all
specified tcp 5900 for VNC but no go, do you need to use the
file rc.firewall.local for this type of filters
your assistance is greatly appreciated
The administrator has disabled public write access.

Re: IPcop filtering incoming traffic 7 years 4 months ago #30911

  • sys-halt
  • sys-halt's Avatar
  • Offline
  • Frequent Member
  • Posts: 68
  • Karma: 0
hello ricka, I have no knowledge in writing a proper syntax in IPTables. But I have used the GUI. Portforwarding feature should do the job for you.

I would double check the portforwarding you made through the GUI like does VNC uses TCP or UDP? I think it uses TCP but please refer to your specific VNC program documentation and double check that.

Please note that some VNC like programs can use multiple ports also check that and create multiple portforwarding rule for each required port.

you could check your firewall logs and see if it is listing any drop packets coming from red network to green network and on what port. this will help you in troubleshooting.

do you have BOT installed? BOT will take over the basic IPCop firewall rules and will drop all connections unless you make a new rule specifying source, destination and port required.

if you have BOT installed then just make a new rule and open the required port.

and finally check your PC firewall! maybe be your problem lies there and not on your IPCop.

good luck
The administrator has disabled public write access.

Re: IPcop filtering incoming traffic 7 years 4 months ago #30929

  • ricka
  • ricka's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
Syshalt, many thanks for your time and info, I have confirmed that
VNC only requires TCP port 5900 to work, I currently do not have BOT installed but will probably do it some time, as for the Firewall
logs I do not see any events stating that the incoming port tcp 5900 is even being blocked. My local machine does have FW feature
disabled so I guess I am left with trying BOT
The administrator has disabled public write access.

Re: IPcop filtering incoming traffic 7 years 4 months ago #30930

  • ricka
  • ricka's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
update the BOT only filters outbound traffic, tried the rc.firewall.local files under /etc/rc.d but still no go
hope someone out there will have an answer
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.085 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup