Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: trouble configuring IPCOP

trouble configuring IPCOP 13 years 5 months ago #9456

forgive me in advance for not knowing what to provide, i am a n00b to linux and to networking. i am trying to set up IPCOP for a small home network and i am having trouble with the configuration.

i have a green + red setup, green is, red gets IP from dhcp.

the network goes: cable modem -> ipcop -> router -> computers, and right now i have the router assigning IPs to the computers.

when i boot the firewall, it hangs on "bringing network up," and i have to ctrl+c. sometimes i get some weird error after logging in that says: could not connect to , and some message about a bad hostname at /usr/local/bin/ line 38. why is my firewall trying to connect to the hostname is set to fw1.

i'm not sure what i'm supposed to have in /var/ipcop/ethernet/settings. i have 2 of the same network card, and IPCOP wouldn't let me configure them through the gui so i had to guess at some of the values. can anyone help?

Re: trouble configuring IPCOP 13 years 5 months ago #9462

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
It appears your NICs have not been recognised by the IPCOP installation process. IPCOP has been known to have problems recognising some of the older ISA cards. I've found that 3COMs and any REALTEKs from 8139 onwards work ok for autodetection.

In your case You may need to enter the settings manually into /var/ipcop/ethernet/settings:

1. First of all you will need to determine the IO Address and IRQ settings for both your RED and GREEN NICs. You can use the diagnostic program that came the NICs.
2. Now enter these into /var/ipcop/ethernet/settings using the NE2000 driver as the driver.

Find the following lines in /var/ipcop/ethernet/settings and enter the correct settings for your cards in RED_DRIVER_OPTIONS and

RED_DRIVER_OPTIONS='io=0x300 irq=5'

GREEN_DRIVER_OPTIONS='io=0x340 irq=7'

Also, looking at your network configuration, you don't really need to have a router between your IPCOP and computers. You could simply use a switch and have the IPCOP giving out IP addresses and acting as a router.

Re: trouble configuring IPCOP 13 years 5 months ago #9479

thanks, i think i got it. i had to set the green IP to, won't work for some reason. (?) not sure why, but that's the way it is. the router was just there temporarily for a failsafe until i got everything configured.

i have to say that although most of ipcop seems cool so far, the firewall functionality is a little disappointing. can't you make chains, or block/drop access at the IP level, a la iptables? it seems that all you can do is either block everything, or block everything while opening certain services to everyone. maybe i'm missing something, as it seems very anemic. webmin on a full linux distro with iptables would be far superior in flexibility to what i am seeing in the ipcop http gui.


Re: trouble configuring IPCOP 13 years 5 months ago #9500

  • jhun
  • jhun's Avatar
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 356
  • Thank you received: 0

as far as i know you can create settings in IPcop using iptables but not using the web interface but by using CLI on the machine itself..

IPCop 13 years 5 months ago #9503

Dalight is the man for this one. I'm sure he'll jump in shortly and tell us how it's done

Re: trouble configuring IPCOP 13 years 5 months ago #9519

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
IPCOP has full iptables functionality, but as jhun said you have to drop down to the CLI. If you're happy with that you can setup firewall rules as you could for any other distro. I agree that this functionality is missing from the GUI.

The file to set up your own custom rules in without breaking anything else is /etc/rc.d/rc.local. An example (with comments) based on my copy is as follows:

#variables defined therein
. /var/ipcop/ethernet/settings

# Flush Custom Input Rules
/sbin/iptables -F CUSTOMINPUT
/sbin/iptables -F CUSTOMFORWARD

# shorthand helper

# echo-reply
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 0 -j DROP
# echo-request
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 8 -j DROP

# Now accept the three(3) good ones
# destination-unreachable
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 3 -j ACCEPT
# redirect
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 5 -j ACCEPT
# time exceeded
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 11 -j ACCEPT

# Drop all other ICMP type data

# drop any tcp/udp packets to ports 135 - 137
$IPT -A CUSTOMINPUT -i $RED_DEV -p tcp --dport 135:137 -j DROP
$IPT -A CUSTOMINPUT -i $RED_DEV -p udp --dport 135:137 -j DROP

#restrict outgoing access

#allow full access for specific IPs
#PC1 -
#PC2 -

#allow limited access for specific IPs - in this case tcp ports 20,21
#$IPT -A CUSTOMFORWARD -i $GREEN_DEV -s -o $RED_DEV -p tcp --dport 21 -j ACCEPT
#$IPT -A CUSTOMFORWARD -i $GREEN_DEV -s -o $RED_DEV -p tcp --dport 20 -j ACCEPT

#bar access for all other IPs
  • Page:
  • 1
Time to create page: 0.167 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup