Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: trouble configuring IPCOP

trouble configuring IPCOP 11 years 4 months ago #9456

  • starcycle
  • starcycle's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
forgive me in advance for not knowing what to provide, i am a n00b to linux and to networking. i am trying to set up IPCOP for a small home network and i am having trouble with the configuration.

i have a green + red setup, green is 192.168.1.1, red gets IP from dhcp.

the network goes: cable modem -> ipcop -> router -> computers, and right now i have the router assigning IPs to the computers.

when i boot the firewall, it hangs on "bringing network up," and i have to ctrl+c. sometimes i get some weird error after logging in that says: could not connect to www.ipcop.org:80, and some message about a bad hostname at /usr/local/bin/updatelists.pl line 38. why is my firewall trying to connect to ipcop.org??? the hostname is set to fw1.

i'm not sure what i'm supposed to have in /var/ipcop/ethernet/settings. i have 2 of the same network card, and IPCOP wouldn't let me configure them through the gui so i had to guess at some of the values. can anyone help?
The administrator has disabled public write access.

Re: trouble configuring IPCOP 11 years 4 months ago #9462

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
It appears your NICs have not been recognised by the IPCOP installation process. IPCOP has been known to have problems recognising some of the older ISA cards. I've found that 3COMs and any REALTEKs from 8139 onwards work ok for autodetection.

In your case You may need to enter the settings manually into /var/ipcop/ethernet/settings:

1. First of all you will need to determine the IO Address and IRQ settings for both your RED and GREEN NICs. You can use the diagnostic program that came the NICs.
2. Now enter these into /var/ipcop/ethernet/settings using the NE2000 driver as the driver.

Find the following lines in /var/ipcop/ethernet/settings and enter the correct settings for your cards in RED_DRIVER_OPTIONS and
GREEN_DRIVER_OPTIONS

RED_DRIVER=ne
RED_DRIVER_OPTIONS='io=0x300 irq=5'
RED_DISPLAYDRIVER=ne

GREEN_DRIVER=ne
GREEN_DRIVER_OPTIONS='io=0x340 irq=7'
GREEN_DISPLAYDRIVER=ne

Also, looking at your network configuration, you don't really need to have a router between your IPCOP and computers. You could simply use a switch and have the IPCOP giving out IP addresses and acting as a router.
The administrator has disabled public write access.

Re: trouble configuring IPCOP 11 years 4 months ago #9479

  • starcycle
  • starcycle's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
thanks, i think i got it. i had to set the green IP to 192.168.0.1, 192.168.1.1 won't work for some reason. (?) not sure why, but that's the way it is. the router was just there temporarily for a failsafe until i got everything configured.

i have to say that although most of ipcop seems cool so far, the firewall functionality is a little disappointing. can't you make chains, or block/drop access at the IP level, a la iptables? it seems that all you can do is either block everything, or block everything while opening certain services to everyone. maybe i'm missing something, as it seems very anemic. webmin on a full linux distro with iptables would be far superior in flexibility to what i am seeing in the ipcop http gui.

thx
The administrator has disabled public write access.

Re: trouble configuring IPCOP 11 years 4 months ago #9500

  • jhun
  • jhun's Avatar
  • Offline
  • Senior Member
  • Posts: 356
  • Karma: 0
hi,

as far as i know you can create settings in IPcop using iptables but not using the web interface but by using CLI on the machine itself..
The administrator has disabled public write access.

IPCop 11 years 4 months ago #9503

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
Dalight is the man for this one. I'm sure he'll jump in shortly and tell us how it's done
The administrator has disabled public write access.

Re: trouble configuring IPCOP 11 years 4 months ago #9519

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
IPCOP has full iptables functionality, but as jhun said you have to drop down to the CLI. If you're happy with that you can setup firewall rules as you could for any other distro. I agree that this functionality is missing from the GUI.

The file to set up your own custom rules in without breaking anything else is /etc/rc.d/rc.local. An example (with comments) based on my copy is as follows:

[code:1]
#!/bin/sh
#variables defined therein
. /var/ipcop/ethernet/settings

# Flush Custom Input Rules
/sbin/iptables -F CUSTOMINPUT
/sbin/iptables -F CUSTOMFORWARD

# shorthand helper
IPT="/sbin/iptables"

# echo-reply
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 0 -j DROP
# echo-request
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 8 -j DROP

# Now accept the three(3) good ones
# destination-unreachable
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 3 -j ACCEPT
# redirect
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 5 -j ACCEPT
# time exceeded
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp --icmp-type 11 -j ACCEPT

# Drop all other ICMP type data
$IPT -A CUSTOMINPUT -i $RED_DEV -p icmp -j DROP

# drop any tcp/udp packets to ports 135 - 137
$IPT -A CUSTOMINPUT -i $RED_DEV -p tcp --dport 135:137 -j DROP
$IPT -A CUSTOMINPUT -i $RED_DEV -p udp --dport 135:137 -j DROP


#restrict outgoing access

#allow full access for specific IPs
#PC1 - 192.168.111.1
$IPT -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.111.1 -o $RED_DEV -j ACCEPT
#PC2 - 192.168.111.2
$IPT -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.111.2 -o $RED_DEV -j ACCEPT

#allow limited access for specific IPs - in this case 192.168.111.3 tcp ports 20,21
#$IPT -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.111.3 -o $RED_DEV -p tcp --dport 21 -j ACCEPT
#$IPT -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.111.3 -o $RED_DEV -p tcp --dport 20 -j ACCEPT

#bar access for all other IPs
$IPT -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.111.0/8 -o $RED_DEV -j DROP[/code:1]
The administrator has disabled public write access.
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup