Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th November 2005, 15:13
vince vince is offline
Junior Member
 
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default IPCop multiple green networks... PLEASE HELP

Hi,

I've got a working ipcop machine with just red and green interfaces. However internally I've got a few VLANs and I would like machines on all of them to use this ipcop server as an Internet gateway / firewall.

I've managed to get the web proxy, etc. working for them by adding static routes back to the VLANS but I cannot get ipcop to work as a gateway for multiple internal networks.

I've searched the forums but haven't found a solution yet. One suggestion was to add rules like:

/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.20.0/24 -o $RED_DEV -j ACCEPT

to the rc.local file but this doesn't cut it.

anybody know how to do this?
Reply With Quote
Sponsored Links
  #2  
Old 27th November 2005, 15:14
vince vince is offline
Junior Member
 
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have a very similar problem. Please help. I have a CISCO VPN concentrator that lets our employees access the network from home. The internal network ip and subnet are different from given to users who come through the VPN concentrator from home. The VPN concentrator is directly connected to the internal switch of our green network.

Green Network = 192.168.1.0/24
VPN concentrator users = 192.168.2.0/24

The VPN users can see the entire internal network/access email/RDP to their computers with the old Firewall/Gateway. But as soon as I replaced it with the replaced IPCOP firewall VPN users could only ping the the gateway and the mailhost. They could not access any shared drives or remote control their computers. I have duplicated the persistant routes that were on the original Firewall/Gateway in the rc.local file but it still doesn't work. The entire network is working flawlessly except for VPN access, PLEASE HELP. IPCOP is somehow blocking the VPN users with IPs of 192.168.2.0/24 from accessing the GREEN network (192.168.1.0/24) and vice cersa. I really love IPCOP. Their must by a way to allow complete access to the green network from an IP address other then that set for the GREEN Network.

192.168.1.0/24 green interface and green network
192.168.2.0/24 also green interface but VPN network
Both subnet are plugged into the same switch but they cannot talk to each other. PLEASE HELP, thank you very much for any help you can offer.
Reply With Quote
  #3  
Old 27th November 2005, 15:15
vince vince is offline
Junior Member
 
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

www
|
|
|
|RED = xxx.xxx.xxx.xxx
IPCOP
|GREEN = 192.168.1.1
|
|
|
SWITCH----VPN Concentrator = 192.168.2.0/24
|
|
|
|
INTERNAL LAN
192.168.1.0/24


The Internal LAN works perfectly exactly as it should. But the VPN users cannot access the internal LAN. The 192,168.2.0/24 LAN must works just as the GREEN Network. They must be able to access each other completely. Thank you for any help
Reply With Quote
  #4  
Old 27th November 2005, 15:16
vince vince is offline
Junior Member
 
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

There must be a way to make this happen by adding rules to the firewall file. Please help. Anyone who has experience altering the firewall rules of ipcop please help.

Ipcop also alows you to add your own iptables rules, the problem is that I don't know what I have to add to make this work. Any help is much appreciated. I have told my boss that IPCOP is the way to go and now I cannot continue because of this very small speed bump. Thank you.

P.S. I cannot use the orange or blue network as a substitute for a second green network because I will aso need those networks.
Reply With Quote
  #5  
Old 27th November 2005, 22:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Please have a look here: http://www.howtoforge.com/perfect_xe...bian_ubuntu_p6

At the end of that page there are some firewall rules that could do what you want.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 28th November 2005, 02:31
vince vince is offline
Junior Member
 
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thank you so much for responding so quickly.
Can you please explain further... If possible.
Reply With Quote
  #7  
Old 28th November 2005, 09:55
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

On your IPCop system you could use

Code:
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE
I think your 192.168.2.0 network should then have internet access.

If you use something like
Code:
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 192.168.2.2:80
you can forward requests to certain ports (here: 80) to certain other ports on a destination machine (here: port 80 on 192.168.2.2). So people can access certain ports on certain machines from the outside. It's the same as port forwarding on a normal router.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 28th November 2005, 14:01
vince vince is offline
Junior Member
 
Join Date: Nov 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Thank you very much falko... I will give that a try.
I do not care if the VPN users have internet access through IPCop all I care about is to make sure that the VPN users from the Cisco VPN concentrator can completely access the green network.
Thank you so much for taking the time to help me, I will give it a try and let you know what happens.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCop falko Technical 24 28th April 2010 01:21


All times are GMT +2. The time now is 04:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.